Skip to content

test: Add Wycheproof-based AES-GCM tests #336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
testingapisname wants to merge 4 commits into
base: main
Choose a base branch
from
Open

test: Add Wycheproof-based AES-GCM tests #336

testingapisname wants to merge 4 commits into from
+547 −0

Conversation

@testingapisname
Copy link
Contributor

@testingapisname testingapisname commented Dec 16, 2025

Implements comprehensive AES-GCM testing using official Wycheproof test vectors from Google. Tests 313 valid cryptographic operations across multiple key sizes (128/192/256-bit), nonce lengths, tag sizes, and AAD configurations.

Fixes #187

Jakuje
Jakuje reviewed Dec 17, 2025
View reviewed changes
Copy link
Collaborator

@Jakuje Jakuje left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for your contribution! Just two thoughts regarding the PKCS#11 3.* API

cryptoki/tests/wycheproof.rs Outdated
Comment on lines 43 to 44
// Skip tests with nonce sizes that exceed PKCS#11 limits (max 256 bytes)
if test.nonce.len() > 256 {
Copy link
Collaborator

@Jakuje Jakuje Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While the PKCS#11 2.40 has this limitation [1], the higher limit is defined in the current specification 3.2:

The length of the initialization vector can be any number between 1 and (2^32) - 1.

In the tests, you can detect the pkcs11 version and I think we can use the larger ones for the new modules.

Updating the documentation would be good too

[1] https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850509
[2] https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.2/pkcs11-spec-v3.2.html#_Toc195693377

cryptoki/tests/wycheproof.rs
};

// Test encryption
let encrypt_result = session.encrypt(&Mechanism::AesGcm(gcm_params), key, &test.pt);
Copy link
Collaborator

@Jakuje Jakuje Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we test also the PKCS#11 3 API with message-based encryption?

rust-cryptoki/cryptoki/tests/basic.rs

Line 2587 in 36fb3c3

fn encrypt_decrypt_gcm_message_with_aad() -> TestResult {

testingapisname added a commit to testingapisname/rust-cryptoki that referenced this pull request Dec 19, 2025
@testingapisname
Add PKCS#11 version detection and message-based encryption tests
b8ec82d 
- Implement PKCS#11 version detection to apply appropriate nonce size limits
  * PKCS#11 2.40: 256 bytes (ulIvBits in bits, per spec section 5.16.3)
  * PKCS#11 3.x: 2^32-1 bytes (ulIvLen in bytes, per spec section 5.15.3)
- Add aes_gcm_message_wycheproof() test for PKCS#11 3.0+ message API
  * Uses message_encrypt_init/encrypt_message/message_encrypt_final
  * Gracefully skips if provider doesn't support message-based encryption
  * Properly handles edge cases (zero-length plaintext, unusual nonce sizes)
  * Includes cleanup logic to prevent session state issues
- All 316 Wycheproof tests pass with both SoftHSM 2.40 and Kryoptic 3.0+

Addresses reviewer feedback from PR parallaxsecond#336
@testingapisname
Copy link
Contributor Author

testingapisname commented Dec 19, 2025

@Jakuje I think I addressed your comments in this b8ec82d commit. I tested with softhsm and kyroptic. I am not sure what you mean by update the documentation. Can you please review?

@testingapisname
test: Add Wycheproof-based AES-GCM tests
1d1311d 
Implements comprehensive AES-GCM testing using official Wycheproof
test vectors from Google. Tests 313 valid cryptographic operations
across multiple key sizes (128/192/256-bit), nonce lengths, tag sizes,
and AAD configurations.

Fixes parallaxsecond#187

Signed-off-by: James Eilers <eilersjames15@gmail.com>
@testingapisname
Add PKCS#11 version detection and message-based encryption tests
95e6e9e 
- Implement PKCS#11 version detection to apply appropriate nonce size limits
  * PKCS#11 2.40: 256 bytes (ulIvBits in bits, per spec section 5.16.3)
  * PKCS#11 3.x: 2^32-1 bytes (ulIvLen in bytes, per spec section 5.15.3)
- Add aes_gcm_message_wycheproof() test for PKCS#11 3.0+ message API
  * Uses message_encrypt_init/encrypt_message/message_encrypt_final
  * Gracefully skips if provider doesn't support message-based encryption
  * Properly handles edge cases (zero-length plaintext, unusual nonce sizes)
  * Includes cleanup logic to prevent session state issues
- All 316 Wycheproof tests pass with both SoftHSM 2.40 and Kryoptic 3.0+

Addresses reviewer feedback from PR parallaxsecond#336

Signed-off-by: James Eilers <eilersjames15@gmail.com>
@testingapisname
Fix CI failures: handle large nonces and already-initialized PKCS#11
59234d1 
- Add provider limitation handling for nonces > 256 bytes
- Fix second test to handle already-initialized PKCS#11 context
- Restore detailed println output for all individual test results

Signed-off-by: James Eilers <eilersjames15@gmail.com>
@testingapisname
Fix formatting (cargo fmt)
a8a51b0 
Signed-off-by: James Eilers <eilersjames15@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Jakuje Jakuje Jakuje left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Wycheproof-based tests

2 participants

@testingapisname @Jakuje