test: Add Wycheproof-based AES-GCM tests #336
Conversation
Implements comprehensive AES-GCM testing using official Wycheproof test vectors from Google. Tests 313 valid cryptographic operations across multiple key sizes (128/192/256-bit), nonce lengths, tag sizes, and AAD configurations. Fixes parallaxsecond#187 Signed-off-by: James Eilers <eilersjames15@gmail.com>
testingapisname
force-pushed
the
add-wycheproof-tests
branch
from
4645dd5 to
18ad9f0
Compare
Jakuje
left a comment
Jakuje
left a comment
There was a problem hiding this comment.
thank you for your contribution! Just two thoughts regarding the PKCS#11 3.* API
| // Skip tests with nonce sizes that exceed PKCS#11 limits (max 256 bytes) | ||
| if test.nonce.len() > 256 { |
There was a problem hiding this comment.
While the PKCS#11 2.40 has this limitation [1], the higher limit is defined in the current specification 3.2:
The length of the initialization vector can be any number between 1 and (2^32) - 1.
In the tests, you can detect the pkcs11 version and I think we can use the larger ones for the new modules.
Updating the documentation would be good too
[1] https://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850509
[2] https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.2/pkcs11-spec-v3.2.html#_Toc195693377
| }; | ||
|
|
||
| // Test encryption | ||
| let encrypt_result = session.encrypt(&Mechanism::AesGcm(gcm_params), key, &test.pt); |
There was a problem hiding this comment.
Could we test also the PKCS#11 3 API with message-based encryption?
rust-cryptoki/cryptoki/tests/basic.rs
Line 2587 in 36fb3c3
2 participants
Implements comprehensive AES-GCM testing using official Wycheproof test vectors from Google. Tests 313 valid cryptographic operations across multiple key sizes (128/192/256-bit), nonce lengths, tag sizes, and AAD configurations.
Fixes #187