test: Add Wycheproof-based AES-GCM tests #336
Conversation
testingapisname
force-pushed
the
add-wycheproof-tests
branch
from
4645dd5 to
18ad9f0
Compare
Jakuje
left a comment
Jakuje
left a comment
There was a problem hiding this comment.
thank you for your contribution! Just two thoughts regarding the PKCS#11 3.* API
cryptoki/tests/wycheproof.rs
Outdated
| // Skip tests with nonce sizes that exceed PKCS#11 limits (max 256 bytes) | ||
| if test.nonce.len() > 256 { |
There was a problem hiding this comment.
While the PKCS#11 2.40 has this limitation [1], the higher limit is defined in the current specification 3.2:
The length of the initialization vector can be any number between 1 and (2^32) - 1.
In the tests, you can detect the pkcs11 version and I think we can use the larger ones for the new modules.
Updating the documentation would be good too
[1] https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850509
[2] https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.2/pkcs11-spec-v3.2.html#_Toc195693377
- Implement PKCS#11 version detection to apply appropriate nonce size limits * PKCS#11 2.40: 256 bytes (ulIvBits in bits, per spec section 5.16.3) * PKCS#11 3.x: 2^32-1 bytes (ulIvLen in bytes, per spec section 5.15.3) - Add aes_gcm_message_wycheproof() test for PKCS#11 3.0+ message API * Uses message_encrypt_init/encrypt_message/message_encrypt_final * Gracefully skips if provider doesn't support message-based encryption * Properly handles edge cases (zero-length plaintext, unusual nonce sizes) * Includes cleanup logic to prevent session state issues - All 316 Wycheproof tests pass with both SoftHSM 2.40 and Kryoptic 3.0+ Addresses reviewer feedback from PR parallaxsecond#336
Implements comprehensive AES-GCM testing using official Wycheproof test vectors from Google. Tests 313 valid cryptographic operations across multiple key sizes (128/192/256-bit), nonce lengths, tag sizes, and AAD configurations. Fixes parallaxsecond#187 Signed-off-by: James Eilers <eilersjames15@gmail.com>
- Implement PKCS#11 version detection to apply appropriate nonce size limits * PKCS#11 2.40: 256 bytes (ulIvBits in bits, per spec section 5.16.3) * PKCS#11 3.x: 2^32-1 bytes (ulIvLen in bytes, per spec section 5.15.3) - Add aes_gcm_message_wycheproof() test for PKCS#11 3.0+ message API * Uses message_encrypt_init/encrypt_message/message_encrypt_final * Gracefully skips if provider doesn't support message-based encryption * Properly handles edge cases (zero-length plaintext, unusual nonce sizes) * Includes cleanup logic to prevent session state issues - All 316 Wycheproof tests pass with both SoftHSM 2.40 and Kryoptic 3.0+ Addresses reviewer feedback from PR parallaxsecond#336 Signed-off-by: James Eilers <eilersjames15@gmail.com>
- Add provider limitation handling for nonces > 256 bytes - Fix second test to handle already-initialized PKCS#11 context - Restore detailed println output for all individual test results Signed-off-by: James Eilers <eilersjames15@gmail.com>
testingapisname
force-pushed
the
add-wycheproof-tests
branch
from
b8ec82d to
59234d1
Compare
Signed-off-by: James Eilers <eilersjames15@gmail.com>
Thank you!
Sorry, I meant this part of the doc text, which is having the maximum IV length: https://github.com/parallaxsecond/rust-cryptoki/blob/main/cryptoki/src/mechanism/aead.rs#L26 |
| let max_nonce_bytes = if cryptoki_version.major() >= 3 { | ||
| u32::MAX as usize | ||
| } else { | ||
| 256 | ||
| }; |
There was a problem hiding this comment.
The function MessageEncryptInit is available only in the PKCS#11 3 API so I think this check is not needed.
| @@ -0,0 +1,502 @@ | |||
| // Copyright 2024 Contributors to the Parsec project. | |||
There was a problem hiding this comment.
nit:
| // Copyright 2024 Contributors to the Parsec project. | |
| // Copyright 2025 Contributors to the Parsec project. |
2 participants
Implements comprehensive AES-GCM testing using official Wycheproof test vectors from Google. Tests 313 valid cryptographic operations across multiple key sizes (128/192/256-bit), nonce lengths, tag sizes, and AAD configurations.
Fixes #187