wycheproof

Solid

Wycheproof provides test vectors for validating cryptographic implementations. Use when testing crypto code for known attacks and edge cases.

Testing & QA 5,501 stars 484 forks Updated 4 days ago CC-BY-SA-4.0

Install

View on GitHub

Quality Score: 93/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Wycheproof Wycheproof is an extensive collection of test vectors designed to verify the correctness of cryptographic implementations and test against known attacks. Originally developed by Google, it is now a community-managed project where contributors can add test vectors for specific cryptographic constructions. ## Background ### Key Concepts | Concept | Description | |---------|-------------| | Test vector | Input/output pair for validating crypto implementation correctness | | Test group | Collection of test vectors sharing attributes (key size, IV size, curve) | | Result flag | Indicates if test should pass (valid), fail (invalid), or is acceptable | | Edge case testing | Testing for known vulnerabilities and attack patterns | ### Why This Matters Cryptographic implementations are notoriously difficult to get right. Even small bugs can: - Expose private keys - Allow signature forgery - Enable message decryption - Create consensus problems when different implementations accept/reject the same inputs Wycheproof has found vulnerabilities in major libraries including OpenJDK's SHA1withDSA, Bouncy Castle's ECDHC, and the elliptic npm package. ## When to Use **Apply Wycheproof when:** - Testing cryptographic implementations (AES-GCM, ECDSA, ECDH, RSA, etc.) - Validating that crypto code handles edge cases correctly - Verifying implementations against known attack vectors - Setting up CI/CD for cryptographic libraries - Auditing third-party crypto code for correctne...

Details

Author
trailofbits
Repository
trailofbits/skills
Created
4 months ago
Last Updated
4 days ago
Language
Python
License
CC-BY-SA-4.0

Integrates with

npm · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

vector-forge

Mutation-driven test vector generation. Finds implementations of a cryptographic algorithm or protocol, runs mutation testing to identify escaped mutants, then generates new test vectors that deliberately exercise the uncovered code paths. Compares before/after mutation kill rates to prove vector effectiveness. Use when generating cryptographic test vectors, measuring Wycheproof coverage gaps, finding escaped mutants via mutation testing, creating cross-implementation test suites, or improving test vector coverage for crypto primitives.

5,501 Updated 4 days ago
trailofbits
Testing & QA Solid

constant-time-testing

Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.

5,501 Updated 4 days ago
trailofbits
Testing & QA Listed

constant-time-testing

Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.

1 Updated 4 days ago
kevinvwong
AI & Automation Solid

ctf-crypto

Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.

2,250 Updated 1 months ago
ljagiello
AI & Automation Featured

performing-cryptographic-audit-of-application

A cryptographic audit systematically reviews an application's use of cryptographic primitives, protocols, and key management to identify vulnerabilities such as weak algorithms, insecure modes, hardco

13,115 Updated today
mukul975