Test your cryptographic primitives with crypto-condor
Angèle Bossuat, Julio Loayza Meneses (R&D engineer, Quarkslab), Dahmun Goudarzi
crypto-condor is a tool to test implementations of cryptographic primitives. It aims to verify that implementations are compliant with the standard as well as with ANSSI's recommendations.
It is a Python library that includes a command-line interface (CLI). It comes with a documentation that details the library's features, gives usage examples, and includes method guides on the supported primitives. These guides outline the characteristics of a given primitive, along with a list of rules and
recommendations by the ANSSI pertaining the primitive. The post-quantum primitives currently under the NIST standardisation process are also documented.
The tool is not yet publicly available: we intend to release it as open source software alongside its documentation and a Python package on PyPI. This way, installing it will require a single command:
python -m pip install crypto-condor
Usage
For a complete guide, refer to the included documentation.
In a few words, this tool can test implementations under one of two scenarios:
- We either have access to its source code or the implementation so we can execute the functions we want to test, in which case we can use test vectors.
- Or we can at least capture inputs given to the implementation and their corresponding outputs, in which case we can compare these outputs to those generated by the tool's internal implementation.
Presentation outline
- Introduction: what does crypto-condor aim to solve?
- State of the art: example of Wycheproof and Paranoid.
- The tool: what is covered, the different modes of operation (wrapper or output), and the documentation.
- Usage example: CRY.ME, its implementation of AES-CBC, AES-GCM, and SHA3-256.
- Conclusion: currently under development (e.g. support for more primitives), going to be open source.