Home | History | Annotate | only in /external/wycheproof
Up to higher level directory
NameDateSize
.gitignore06-Dec-20178
Android.mk06-Dec-20171.1K
BUILD06-Dec-20174.7K
build_defs.bzl06-Dec-20173.6K
CONTRIBUTING.md06-Dec-20172.1K
doc/06-Dec-2017
java/06-Dec-2017
LICENSE06-Dec-201711.1K
local_repository_defs.bzl06-Dec-2017817
README.md06-Dec-20177.2K
README.version06-Dec-2017116
WORKSPACE06-Dec-20172.2K

README.md

      1 # Project Wycheproof
      2 https://github.com/google/wycheproof
      3 
      4 *Project Wycheproof is named after
      5 [Mount Wycheproof](https://en.wikipedia.org/wiki/Mount_Wycheproof), the smallest
      6 mountain in the world. The main motivation for the project is to have a goal
      7 that is achievable. The smaller the mountain the more likely it is to be able to
      8 climb it.*
      9 
     10 [TOC]
     11 
     12 ## Introduction
     13 
     14 Project Wycheproof tests crypto libraries against known attacks. It is developed
     15 and maintained by members of Google Security Team, but it is not an official
     16 Google product.
     17 
     18 At Google, we rely on many third party cryptographic software libraries.
     19 Unfortunately, in cryptography, subtle mistakes can have catastrophic
     20 consequences, and we found that libraries fall into such implementation
     21 pitfalls much too often and for much too long. Good implementation guidelines,
     22 however, are hard to come by: understanding how to implement cryptography
     23 securely requires digesting decades' worth of academic literature. We recognize
     24 that software engineers fix and prevent bugs with unit testing, and we found
     25 that cryptographic loopholes can be resolved by the same means.
     26 
     27 These observations have prompted us to develop Project Wycheproof, a collection
     28 of unit tests that detect known weaknesses or check for expected behaviors of
     29 some cryptographic algorithm. Project Wycheproof provides tests for most
     30 cryptographic algorithms, including RSA, elliptic curve crypto and
     31 authenticated encryption. Our cryptographers have systematically surveyed the
     32 literature and implemented most known attacks. We have over 80 test cases which
     33 have uncovered more than [40 bugs](doc/bugs.md). For
     34 example, we found that we could recover the private key of widely-used DSA and
     35 ECDHC implementations.
     36 
     37 While we are committed to develop as many attacks as possible, Project
     38 Wycheproof is by no means complete. Passing the tests does not imply that the
     39 library is secure, it just means that it is not vulnerable to the attacks that
     40 Project Wycheproof tests for. Cryptographers are also constantly discovering
     41 new attacks. Nevertheless, with Project Wycheproof developers and users now can
     42 check their libraries against a large number of known attacks, without having
     43 to spend years reading academic papers or become cryptographers themselves.
     44 
     45 For more information on the goals and strategies of Project Wycheproof, please
     46 check out our [doc](doc/).
     47 
     48 ### Coverage
     49 
     50 Project Wycheproof has tests for the most popular crypto algorithms, including
     51 
     52 - AES-EAX
     53 - AES-GCM
     54 - [DH](doc/dh.md)
     55 - DHIES
     56 - [DSA](doc/dsa.md)
     57 - [ECDH](doc/ecdh.md)
     58 - ECDSA
     59 - ECIES
     60 - [RSA](doc/rsa.md)
     61 
     62 The tests detect whether a library is vulnerable to many attacks, including
     63 
     64 - Invalid curve attacks
     65 - Biased nonces in digital signature schemes
     66 - Of course, all Bleichenbachers attacks
     67 - And many more -- we have over 80 test cases
     68 
     69 Our first set of tests are written in Java, because Java has a common
     70 cryptographic interface. This allowed us to test multiple providers with a
     71 single test suite. While this interface is somewhat low level, and should not
     72 be used directly, we still apply a "defense in depth" argument and expect that
     73 the implementations are as robust as possible. For example, we consider weak
     74 default values to be a significant security flaw. We are converting as many
     75 tests into sets of test vectors to simplify porting the tests to other
     76 languages. We provide ready-to-use test runners for Java Cryptography
     77 Architecture providers such as [Bouncy Castle](http://bouncycastle.org),
     78 [Spongy Castle](https://rtyley.github.io/spongycastle/), and the default
     79 providers in [OpenJDK](http://openjdk.java.net/).
     80 
     81 ### Usage
     82 
     83 -   Install [Bazel](https://bazel.build/).
     84 
     85 -   Install [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction
     86     Policy
     87     Files](http://stackoverflow.com/questions/6481627/java-security-illegal-key-size-or-default-parameters):
     88     this enables tests with large key sizes. Otherwise you'll see a lot of
     89     "illegal key size" exceptions.
     90 
     91 -   Check out the tests
     92 
     93 ```
     94 git clone https://github.com/google/wycheproof.git
     95 ```
     96 
     97 - To test latest stable version of Bouncy Castle:
     98 
     99 ```
    100 bazel test BouncyCastleAllTests
    101 ```
    102 
    103 - To test other versions, e.g., v1.52:
    104 
    105 ```
    106 bazel test BouncyCastleAllTests_1_52
    107 ```
    108 
    109 - To test all known versions (warning, will take a long time):
    110 
    111 ```
    112 bazel test BouncyCastleAllTests_*
    113 ```
    114 
    115 -   To test a local jar, set the `WYCHEPROOF_BOUNCYCASTLE_JAR` environment
    116     variable:
    117 
    118 ```shell
    119 $ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/bouncycastle
    120 $ bazel test BouncyCastleTestLocal
    121 $ bazel test BouncyCastleAllTestsLocal
    122 ```
    123 
    124 Note: bazel does not currently invalidate the build on environment changes. If
    125 you change the `WYCHEPROOF_BOUNCYCASTLE_JAR` environment variable, run `bazel
    126 clean` to force a rebuild:
    127 
    128 ```shell
    129 $ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/bouncycastle
    130 $ bazel test BouncyCastleTestLocal
    131 $ WYCHEPROOF_BOUNCYCASTLE_JAR=/path/to/other/jar
    132 $ bazel clean
    133 $ bazel test BouncyCastleTestLocal
    134 ```
    135 
    136 - To test [Spongy Castle](https://rtyley.github.io/spongycastle/), replace
    137 BouncyCastle with SpongyCastle in your commands, for example
    138 
    139 ```
    140 bazel test SpongyCastleAllTests
    141 ```
    142 
    143 - To test your current installation of
    144 [OpenJDK](http://openjdk.java.net/):
    145 
    146 ```
    147 bazel test OpenJDKAllTests
    148 ```
    149 
    150 Note that OpenJDKAllTests expects that OpenJDK is your default JDK, so it might
    151 refuse to run or its results might be incorrect if you are using some other JDK.
    152 If you downloaded your JDK from Oracle or https://java.com, you're probably
    153 using Oracle JDK, which should be compatible with OpenJDK, thus the tests should
    154 run correctly.
    155 
    156 Some tests take a very long time to finish. If you want to exclude them, use
    157 BouncyCastleTest, SpongyCastleTest or OpenJDKTest -- these targets exclude all
    158 slow tests (which are annotated with @SlowTest).
    159 
    160 Most test targets are failing, and each failure might be a security issue. To
    161 learn more about what a failed test means, you might want to check out [our
    162 documentation](doc/bugs.md) or the comments on top of the corresponding test
    163 function and test class.
    164 
    165 ### Hall of Bugs
    166 
    167 Here are some of the notable vulnerabilities that are uncovered by
    168 Project Wycheproof:
    169 
    170 - OpenJDK's SHA1withDSA leaks private keys > 1024 bits
    171   - Test: testBiasSha1WithDSA in
    172 [DsaTest](https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/DsaTest.java).
    173   - This bug is the same as
    174 [CVE-2003-0971 - GnuPG generated ElGamal signatures that leaked the private key]
    175 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0971).
    176 
    177 - Bouncy Castle's ECDHC leaks private keys
    178   - Test: testModifiedPublic and testWrongOrderEcdhc in
    179 [EcdhTest](https://github.com/google/wycheproof/blob/master/java/com/google/security/wycheproof/testcases/EcdhTest.java).
    180 
    181 ### Maintainers
    182 
    183 Project Wycheproof is maintained by:
    184 
    185 - Daniel Bleichenbacher
    186 - Thai Duong
    187 - Emilia Kasper
    188 - Quan Nguyen
    189 
    190 ### Contact and mailing list
    191 
    192 If you want to contribute, please read [CONTRIBUTING](CONTRIBUTING.md) and send
    193 us pull requests. You can also report bugs or request new tests.
    194 
    195 If you'd like to talk to our developers or get notified about major new
    196 tests, you may want to subscribe to our
    197 [mailing list](https://groups.google.com/forum/#!forum/wycheproof-users). To
    198 join, simply send an empty mail to wycheproof-users+subscribe (a] googlegroups.com.
    199 

README.version

      1 URL: https://github.com/google/wycheproof
      2 Version: c89a32e
      3 BugComponent: 24949
      4 Owners: flooey, android-libcore-team
      5