Test vector format

[bleichenbacher-daniel]

Below is just a proposal open for discussion.

It would make sense to ensure that the whole C2SP project uses the same or at least similar formats for test vectors. There are a few things that make using the current test vectors in Wycheproof more laborious than necessary:

• More than one algorithm in the same test file. Here algorithm means cryptographic primitive together with algorithm parameters such as key size, nonce size etc. Currently, implementers have to filter test vector files for suitable test vectors, if their implementation is restricted to say AES-GCM with 128 or 256-bit key (but not 192), 12 byte nonces and 16 byte tags. Having multiple parameter sets in the same file can in the worst case mean that special case implementation (e.g. CCM with 13 byte nonces) are not tested at all if no such vector is available.

• the use of TestGroups: TestGroups are typically used to group the test vectors into groups with the same parameters, e.g., they are grouped by key size. They can reduce the size of a test vector file, but more importantly they just add additional complexity to the code handling them. If a new test vector format is added, then the TestGroups should be removed.

• the header of a test file should describe the algorithm that is used and briefly explain the test type (e.g. signature verification vs. signature generation). E.g. users not knowing that there are DER and P1363 encoded signatures should at least have a chance to notice that they may be using the wrong file by reading the header information.

• The testvector_v1 format did add additional information about the generation of the test vectors, the bug type that the test vector tries to check and potential implications that a failure has. The impact of this information is currently unclear to me.