Google celebrated the holiday season with the gift of Project Wycheproof, a security testing suite that can be...
used to check crypto libraries for known weaknesses.
Named for the smallest mountain in the world, Google's aim was to meet an achievable goal -- as easy as climbing a mountain that rises just 141 feet above the surrounding plain and only 486 feet above sea level. Project Wycheproof was designed to reduce the effect of errors in open source crypto libraries through the creation of a unit-testing suite that can identify well-known weaknesses in cryptographic implementations.
"In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long," Daniel Bleichenbacher and Thai Duong, security engineers at Google, wrote in a blog post. "Good implementation guidelines, however, are hard to come by: Understanding how to implement cryptography securely requires digesting decades' worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means."
According to the blog post, Google's cryptographers scanned relevant literature on crypt flaws and implemented the best-known attacks to develop Project Wycheproof, which features "a collection of unit tests that detect known weaknesses, or check for expected behaviors of some cryptographic algorithm." The result includes tests for most cryptographic algorithms, including RSA, elliptic curve cryptography and the digital signature algorithm used in the Digital Signature Standard.
Google noted, even if crypto libraries can pass all the tests, it won't necessarily mean they are secure.
"Passing the tests does not imply that the library is secure; it just means that it is not vulnerable to the attacks that Project Wycheproof tries to detect," Bleichenbacher and Duong wrote. "Cryptographers constantly discover new weaknesses in cryptographic protocols. Nevertheless, with Project Wycheproof, developers and users now can check their libraries against a large number of known attacks without having to sift through hundreds of academic papers or become cryptographers themselves."
Project Wycheproof includes tests for key crypto algorithms, including Advanced Encryption Standard, Diffie-Hellman, elliptic curve cryptographic algorithms, the Digital Signature Standard encryption and authentication algorithms, and more. The testing suite can detect if crypto libraries are vulnerable to more than 80 test cases -- and it has already found more than 40 bugs in widely used crypto libraries.
Google researchers found they could recover private keys of widely used DSA and ECDHC crypto library implementations, as well as other flaws. Libraries already tested and found wanting include the Sun Java Cryptography Extension framework, the Bouncy Castle crypto library and OpenSSL.
The unit tests in Project Wycheproof, according to Google, are written in Java, "because Java has a common cryptographic interface. This allowed us to test multiple providers with a single test suite. While this interface is somewhat low-level and should not be used directly, we still apply a 'defense in depth' argument and expect that the implementations are as robust as possible. For example, we consider weak default values to be a significant security flaw. We are converting as many tests into sets of test vectors to simplify porting the tests to other languages."
Find out more about OpenSSL risk assessments for commercial products
Learn about recent vulnerabilities in the OpenSSL crypto libraries
Read about why open source needs more than just auditing to be secure