Migrate Wycheproof test vectors for ECDSA, RSA PKCS#1, and some more#2887
Merged
Migrate Wycheproof test vectors for ECDSA, RSA PKCS#1, and some more#2887
Conversation
This commit adds the infrastructure needed to migrate Wycheproof test vectors from third_party/wycheproof_testvectors/ to the new third_party/vectors/ system. Changes: - sync.py: Add support for multiple --new arguments to batch-add test vectors in a single command - convert_vector.py: Skip PEM format fields (publicKeyPem, privateKeyPkcs8) since file_test.h format doesn't support multi-line values - .duvet/config.toml: Configure automatic test type inference for test files, eliminating need for redundant '//= type=test' annotations - README.md: Add instructions for updating duvet snapshot after adding new test annotations These changes establish the pattern for migrating all remaining Wycheproof test vectors.
Migrate signature verification tests (ECDSA, DSA, EdDSA) from third_party/wycheproof_testvectors/ to the new third_party/vectors/ system with proper traceability. Test vectors added: - 10 ECDSA test files (secp224r1, secp256r1, secp384r1, secp521r1, secp256k1 with SHA-224, SHA-256, SHA-384, SHA-512) - 4 DSA test files (2048-bit and 3072-bit keys with SHA-224, SHA-256) - 1 EdDSA test file (Ed25519) Changes: - Add upstream JSON test vectors and converted txt files - Update evp_test.cc with new paths and duvet annotations for traceability - Update sources.cmake with new test vector paths - Add backward compatibility in RunWycheproofVerifyTest() to support both publicKeyDer (new format) and keyDer (old format) for unmigrated tests - Remove old test vector files that have been migrated - Update duvet snapshot and vectors_spec.md All tests pass with the new test vectors.
Migrate RSA PKCS#1 signature tests from third_party/wycheproof_testvectors/ to the new third_party/vectors/ system with proper traceability. Test vectors added: - 9 RSA signature verification test files (2048, 3072, 4096, 8192-bit keys with SHA-224, SHA-256, SHA-384, SHA-512) - 5 RSA signature generation test files (1024, 1536, 2048, 3072, 4096-bit keys including weak key sizes for compatibility testing) Changes: - Add upstream JSON test vectors and converted txt files - Update evp_test.cc with new paths and duvet annotations for traceability - Update sources.cmake with new test vector paths - Update converter to handle privateKeyPkcs8 field for signature generation - Remove old test vector files that have been migrated Previous test coverage maintained: - rsa_signature_test.txt (377 tests) superseded by specific key size files providing comprehensive coverage (2169+ tests) - rsa_sig_gen_misc_test.txt superseded by rsa_pkcs1_*_sig_gen_test.txt files with explicit key sizes All tests pass with the new test vectors.
Migrate RSA PKCS#1 v1.5 decryption tests from third_party/wycheproof_testvectors/ to the new third_party/vectors/ system with proper traceability. Test vectors added: - 3 RSA PKCS#1 v1.5 decryption test files (2048, 3072, 4096-bit keys) Changes: - Add upstream JSON test vectors and converted txt files - Update evp_test.cc with new paths and duvet annotations for traceability - Update sources.cmake with new test vector paths - Remove old test vector files that have been migrated - Update vectors_spec.md All tests pass with the new test vectors.
Update generate_spec.py to use a custom sort key that groups test files by common prefix. This ensures related test files appear consecutively in vectors_spec.md, making duvet annotations cleaner. Changes: - Add _sort_key() function that strips test suffixes and trailing numeric/hash components to extract base names - Sort by (base_name, test_type, full_name) tuple where test_type orders sig_gen_test before plain _test - Remove blank lines between individual requirements (only between source sections) This groups files like: - rsa_pkcs1_*_sig_gen_test.txt (all together) - rsa_pkcs1_*_test.txt (all together) - rsa_signature_*_test.txt (all together) Allows consecutive duvet annotations without blank line separators.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2887 +/- ##
==========================================
+ Coverage 78.21% 78.40% +0.18%
==========================================
Files 690 690
Lines 118733 118747 +14
Branches 16680 16686 +6
==========================================
+ Hits 92871 93099 +228
+ Misses 24974 24757 -217
- Partials 888 891 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
Author
|
Both required test failures are for |
justsmth
previously approved these changes
Dec 16, 2025
justsmth
approved these changes
Jan 6, 2026
Contributor
WillChilds-Klein
left a comment
There was a problem hiding this comment.
just to confirm -- the .txt files were created with convert_wycheproof.go?
also, do we need to update this list?
Contributor
Author
|
@WillChilds-Klein they were generated using the new third-party test vector management system added in #2811 and updated to include Wycheproof conversion in #2839. The intention is to eventually migrate all the Wycheproof vectors to this system, and then remove |
WillChilds-Klein
approved these changes
Jan 6, 2026
nhatnghiho
approved these changes
Jan 7, 2026
Merged
justsmth
added a commit
that referenced
this pull request
Jan 22, 2026
### Description of changes: Prepare AWS-LC v1.67.0 #### What's Changed * Migrate Wycheproof test vectors for ECDSA, RSA PKCS#1, and some more by @sgmenda in #2887 * increase timeout for SDE tests by @sgmenda in #2936 * Rename volatile state/memory to unique state/memory by @torben-hansen in #2935 * Fix failing Windows Docker image build by @nhatnghiho in #2931 * Service Indicator: Add error call trampoline to avoid delocator issue by @jakemas in #2920 * Add support for Big Endian in ACVP tool by @samuel40791765 in #2938 * AES-GCM: Add function pointer trampolines to avoid delocator issue by @jakemas in #2919 * Use already defined macro for no inline by @torben-hansen in #2942 * Remove Kyber completely by @torben-hansen in #2941 * Windows 7 support by @justsmth in #2940 * Import mldsa-native by @jakemas in #2902 * Use existing session context if new is actually NULL by @torben-hansen in #2946 * Integrate Wycheproof ML-KEM test vectors by @sgmenda in #2891 * Avoid cross-compilation build failure by @justsmth in #2944 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issues:
Migrating Wycheproof test vectors to the new
third_party/vectors/system introduced in #2811 and extended in #2839, enabling systematic tracking and traceability.Description of changes:
Migrates 30 test vector files to the new vector system:
Each migration adds upstream JSON vectors and converted txt files to
third_party/vectors/, updates test files with new paths and duvet annotations for traceability, and removes old files fromthird_party/wycheproof_testvectors/.Call-outs:
rsa_signature_test.txtsuperseded byrsa_signature_*_sha*_test.txtfiles with explicit key sizesrsa_sig_gen_misc_test.txtsuperseded byrsa_pkcs1_*_sig_gen_test.txtfiles with explicit key sizesTesting:
All migrated tests pass and duvet verification succeeds:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.