home / skills / plurigrid / asi / wycheproof

wycheproof skill

/skills/wycheproof

This skill provides Wycheproof test vectors for cryptographic implementation testing to improve robustness and security assessments.

npx playbooks add skill plurigrid/asi --skill wycheproof

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
1.2 KB
---
name: wycheproof
description: Google's Wycheproof test vectors for cryptographic implementation testing.
category: testing-handbook-skills
author: Trail of Bits
source: trailofbits/skills
license: AGPL-3.0
trit: -1
trit_label: MINUS
verified: true
featured: false
---

# Wycheproof Skill

**Trit**: -1 (MINUS)
**Category**: testing-handbook-skills
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Google's Wycheproof test vectors for cryptographic implementation testing.

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 4. Pattern Matching

**Concepts**: unification, match, segment variables, pattern

### GF(3) Balanced Triad

```
wycheproof (+) + SDF.Ch4 (+) + [balancer] (+) = 0
```

**Skill Trit**: 1 (PLUS - generation)


### Connection Pattern

Pattern matching extracts structure. This skill recognizes and transforms patterns.

Overview

This skill provides automated access to Google Wycheproof test vectors to validate cryptographic implementations. It bundles Python utilities to run known-answer tests and edge-case vectors against crypto primitives. The goal is to surface algorithmic and implementation-level mistakes before production deployment.

How this skill works

The skill loads Wycheproof JSON test vector suites and maps each vector to the target implementation interface. It executes positive and negative test cases, records pass/fail outcomes, and summarizes failure modes (e.g., incorrect parameter handling, missing checks, or side-channel issues). Reports include vector identifiers and minimal reproduction data to guide fixes.

When to use it

  • During CI to catch regressions in cryptographic primitives after code changes
  • When implementing a new algorithm or porting crypto code to a different language
  • Before a security review or external audit to demonstrate test coverage
  • To verify third-party crypto libraries behave correctly on edge cases
  • When hardening protocols that depend on strict algorithmic behavior

Best practices

  • Integrate the skill into automated test pipelines and fail builds on unexpected negatives
  • Run both the full Wycheproof suite and targeted subsets relevant to used algorithms
  • Treat Wycheproof failures as indicators for root-cause analysis, not false positives
  • Combine vector testing with fuzzing and static analysis for broader coverage
  • Keep test data and mapping code versioned alongside implementation changes

Example use cases

  • Validate TLS library PRs by running RSA, ECDSA, and AES test sets from Wycheproof
  • Confirm correct handling of malformed inputs and boundary parameters in a custom crypto module
  • Audit a mobile app’s crypto layer to ensure it rejects invalid signatures and malformed keys
  • Automate nightly regression runs to detect subtle breaks introduced by dependency updates
  • Demonstrate to stakeholders that known-edge-case vectors are covered before release

FAQ

Does this replace functional tests?

No. Wycheproof complements functional tests by focusing on known-edge-case and interoperability vectors that typical unit tests may miss.

Can I run a subset of vectors?

Yes. The skill supports selecting suites or algorithms to limit runtime and focus on relevant cases.