wycheproof_skill

This skill helps you validate crypto implementations against known attacks using Wycheproof test vectors across AES-GCM, ECDSA, RSA, and more.
  • Python

3k

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill trailofbits/skills --skill wycheproof

  • SKILL.md19.9 KB

Overview

This skill provides integration guidance and test vectors from Wycheproof to validate cryptographic implementations against known attacks and edge cases. It helps security engineers and QA teams automate correctness checks for common algorithms and discover implementation-specific vulnerabilities. Use it to prevent signature malleability, invalid-curve, padding, and tag-forgery issues before they reach production.

How this skill works

Wycheproof supplies JSON test files grouped by algorithm and test group. Each test vector contains inputs, expected outputs, flags, and an expected result (valid/acceptable/invalid). The skill shows how to load, convert hex fields to bytes, filter groups by constraints, and run parameterized unit tests that assert correct acceptance or rejection behavior.

When to use it

  • Adding cryptographic correctness tests to CI for libraries or services
  • Auditing third-party crypto code to verify edge-case handling
  • Validating implementations of AES-GCM, ECDSA, ECDH, RSA, ChaCha20-Poly1305, EdDSA
  • Detecting known vulnerabilities like signature malleability or invalid-curve attacks
  • Regression testing after crypto-related bug fixes or library upgrades

Best practices

  • Add Wycheproof as a submodule or fetch specific JSON files before running tests in CI
  • Convert hex string fields to binary and apply implementation-specific filters (e.g., IV size)
  • Parameterize tests so every test vector is an isolated test case with tcId and comment
  • Treat 'acceptable' separately from 'valid' and 'invalid' to document non-ideal but allowed behavior
  • Schedule regular updates of test vectors to pick up new attack patterns

Example use cases

  • Run aes_gcm_test.json vectors against an AES-GCM implementation to catch tag forgery and IV handling issues
  • Validate ECDSA and EdDSA signature parsing to detect DER or length-encoding acceptance bugs
  • Exercise ECDH code with invalid-curve test vectors to detect shared-secret validation flaws
  • Integrate vector parsing and tests into pytest or Mocha to surface regressions in CI
  • Audit an npm or pip dependency by running the relevant Wycheproof JSON for its supported algorithms

FAQ

No. Use it as a git submodule for automatic updates or fetch only the specific JSON files you need for targeted testing.

How do I handle 'acceptable' results?

'Acceptable' indicates non-ideal but permitted behavior. Flag these cases for review and decide if stricter validation is required for your threat model.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
wycheproof skill by trailofbits/skills | VeilStrat