internal/wycheproof: add Wycheproof tests for verifying signatures provides test vectors exposing
vulnerabilities in crypto packages. This change creates a new package
called internal/wycheproof that runs these Wycheproof tests against
a number of pacakages in the standard library (and in the future,

Directory structure:
 - interal/wycheproof/internal/ecdsa: internal version of ecdsa package which
includes a new function that verifies ASN encoded signatures directly
 - interal/wycheproof/internal/dsa: internal version of dsa package which
includes a new function that verifies ASN encoded signatures directly
 - internal/wycheproof: all tests

internal/wycheproof/wycheproof_test.go provides utility functions that are
common to many tests in the package, and contains the TestMain which
fetches from the source.

This change includes tests for signature verification with dsa, ecdsa,
eddsa, and rsa (both PKCS#1 v1.5 and PSS signatures).

Note that these tests download testdata from
by running `go mod download` in the TestMain. This means that internet
access will be necessary in order to run these tests if the testdata is
not already in your module cache.

More tests will be added incrementally.

Change-Id: I0378d4be24b5679fdc186e9fc94c1cc0068e81f7
Run-TryBot: Katie Hockman <>
TryBot-Result: Gobot Gobot <>
Reviewed-by: Filippo Valsorda <>
9 files changed
tree: 1e5336b823f7dc36485030ea2d29666ffd9a8a14
  1. .gitattributes
  2. .gitignore
  9. acme/
  10. argon2/
  11. bcrypt/
  12. blake2b/
  13. blake2s/
  14. blowfish/
  15. bn256/
  16. cast5/
  17. chacha20/
  18. chacha20poly1305/
  19. codereview.cfg
  20. cryptobyte/
  21. curve25519/
  22. ed25519/
  23. go.mod
  24. go.sum
  25. hkdf/
  26. internal/
  27. md4/
  28. nacl/
  29. ocsp/
  30. openpgp/
  31. otr/
  32. pbkdf2/
  33. pkcs12/
  34. poly1305/
  35. ripemd160/
  36. salsa20/
  37. scrypt/
  38. sha3/
  39. ssh/
  40. tea/
  41. twofish/
  42. xtea/
  43. xts/

Go Cryptography

This repository holds supplementary Go cryptography libraries.


The easiest way to install is to run go get -u You can also manually git clone the repository to $GOPATH/src/

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see

The main issue tracker for the crypto repository is located at Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.