bleichenbacher-daniel

Makes sense. I think I'm already trying to go in this direction. The upper limit for the file size is about 1 MB, simply because some tools stop displaying or...

RFC 5869 doesn't define key sizes (unless I overlooked something). Hence this is a bit unclear. Generally, implementations should be allowed to restrict parameters. E.g., there are a lot of...

Yes, I makes sense to add this as an edge case test. Libraries should either reject the key properly or compute the correct result and not return an internal error...

> Heh, well, me being me it would probably be Go :) but again it would just be about making sure a PR doesn't break the tests and cause a...

One of the options to simplify the test environment is to run tests with test vectors through java/com/google/security/wycheproof/testcases/JsonTest.java This class takes a file with any test vectors as input and...

I'm currently testing new test vectors against pyca and Rust. That gives about 70% of coverage. When testing against Rust I often struggle with seemingly non-uniform interfaces. Otherwise Rust does...

Thanks for the reply. I certainly agree that protocols should generally select small subsets of well specified algorithms. Using keys with multiple algorithms/parameters is of course a problem, but I...

Good point. Maybe for RSA it is time to start encoding keys with id-RSAES-OAEP and id-RSASSA-PSS object identifiers, so that libraries can no longer pass tests if they at least...

OK, I guess I can also treat them as distinct algorithms and add files based on popularity of the variants.

Another potential change is the format for bigIntegers. Wycheproof currently uses bigendian two's complement representation of bigIntegers in hexadecimal representation. This can lead to confusion because of leading 00 or...