Question about OpenSSL support.

[bigtreesa...@gmail.com]

Hello everyone

I am investigating how to use Wycheproof.
Is it possible to use the OpenSSL test now?

[Daniel Bleichenbacher]

At this point, Wycheproof can only be used to test Java providers.

We started with Java because there is a common inteface (JCA), which

allows to test multiple providers with the same set of unit tests.

For C/C++ I'm not aware of such an interface and it is not clear to me what

a good interface would be. To given an example, how things could go wrong:

Assume that the tests for RSA-OAEP are done through an interface

class RsaPrivateKey {

  ...

  bool RsaDecrypt(const vector<unsigned char> &ciphertext, vector<unsigned char> plaintext);

}

then this interface would force a tester to throw away detailed error messages

an hence eliminate Manger's attack against RSA-OAEP. But this would only eliminate potential bugs

during tests and not necessarily remove them from the library itself. 

On the other hand, requiring error messages from each library would mean to propagate potentially

insecure interfaces. I don't like to add potentially insecure interfaces just for the purpose of testing.

In Java, the tests can simply use the existing interface. The tests do assume that primitives

are implemented as robust as possible, e.g. that RSA-OAEP decryption does not throw

exceptions with information what part of the OAEP padding is wrong.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/b0096f5e-6cdb-42fe-868f-4b16e2c6053e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Rubin, Greg]

It might be worth looking into PKCS#11. That will open up many hardware implementations and some software libraries as well.

 

Greg

--

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/b0096f5e-6cdb-42fe-868f-4b16e2c6053e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

 

--

You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/CAPqF7e1DH4bq2LWFH%2ByDQWpu1WkuODOjo%3DbOFghXEr%2Bu_5Jy3w%40mail.gmail.com.

[Daniel Bleichenbacher]

PKCS #11 might a possibility. However, I haven't use this interface so far.

--

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/b0096f5e-6cdb-42fe-868f-4b16e2c6053e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/CAPqF7e1DH4bq2LWFH%2ByDQWpu1WkuODOjo%3DbOFghXEr%2Bu_5Jy3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-users+unsubscribe@googlegroups.com.
To post to this group, send email to wycheproof-users@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/49a68d4f09684399b48631be4277cee5%40EX13D06UWC002.ant.amazon.com.

[Rubin, Greg]

I have, though primarily through (shudder) Java. It’s a terrifying interface with tons of weird edge-cases and required behaviors. It’s almost impossible to get truly right and even harder to get secure. (Several different parts of the specification combine to create insecure modes.)  However, it is still a relatively standard interface, especially for hardware devices, and may be worth investigating at some point.

 

Greg

 

From: Daniel Bleichenbacher [mailto:blei...@google.com]
Sent: Tuesday, January 24, 2017 8:13 AM
To: Rubin, Greg <ru...@amazon.com>
Cc: wycheproof-users <wychepro...@googlegroups.com>
Subject: Re: Question about OpenSSL support.

 

PKCS #11 might a possibility. However, I haven't use this interface so far.

 

--

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/b0096f5e-6cdb-42fe-868f-4b16e2c6053e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/CAPqF7e1DH4bq2LWFH%2ByDQWpu1WkuODOjo%3DbOFghXEr%2Bu_5Jy3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.
To post to this group, send email to wychepro...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/49a68d4f09684399b48631be4277cee5%40EX13D06UWC002.ant.amazon.com.

[bigtreesa...@gmail.com]

Sorry for the late reply.
Thank you for much information

2017年1月25日水曜日 2時31分26秒 UTC+9 Rubin, Greg:

--

To post to this group, send email to wychepr...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/b0096f5e-6cdb-42fe-868f-4b16e2c6053e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.

To post to this group, send email to wychepr...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/CAPqF7e1DH4bq2LWFH%2ByDQWpu1WkuODOjo%3DbOFghXEr%2Bu_5Jy3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "wycheproof-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wycheproof-use...@googlegroups.com.

To post to this group, send email to wychepr...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wycheproof-users/49a68d4f09684399b48631be4277cee5%40EX13D06UWC002.ant.amazon.com.