Google Git
Sign in
chromium/external/github.com/pyca/cryptography/refs/heads/alex-patch-2/./docs/development/test-vectors.rst
blob: 54b645e2b507b211ac4f9f26884f5c04ab8879c3 [file] [edit]
Test vectors
============
Testing the correctness of the primitives implemented in ``cryptography``
requires trusted test vectors. Where possible these vectors are
obtained from official sources such as `NIST`_ or `IETF`_ RFCs. When this is
not possible ``cryptography`` has chosen to create a set of custom vectors
using an official vector file as input.
Vectors are kept in the ``cryptography_vectors`` package rather than within our
main test suite.
Sources
-------
Project Wycheproof
~~~~~~~~~~~~~~~~~~
We run vectors from `Project Wycheproof`_ -- a collection of known edge-cases
for various cryptographic algorithms. These are not included in the repository
(or ``cryptography_vectors`` package), but rather cloned from Git in our
continuous integration environments.
Asymmetric ciphers
~~~~~~~~~~~~~~~~~~
* RSA PKCS #1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/
and ftp://ftp.rsa.com/pub/rsalabs/tmp/).
* RSA FIPS 186-2 and PKCS1 v1.5 vulnerability test vectors from `NIST CAVP`_.
* FIPS 186-2 and FIPS 186-3 DSA test vectors from `NIST CAVP`_.
* FIPS 186-2 and FIPS 186-3 ECDSA test vectors from `NIST CAVP`_.
* DH and ECDH and ECDH+KDF(17.4) test vectors from `NIST CAVP`_.
* Ed25519 test vectors from the `Ed25519 website`_.
* ``asymmetric/PEM_Serialization/rsa-bad-1025-q-is-2.pem`` from `badkeys`_.
* OpenSSL PEM DSA serialization vectors from the `GnuTLS example keys`_.
* PKCS #8 PEM serialization vectors from
* GnuTLS: `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_,
`unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The encoding error in
`unenc-rsa-pkcs8.pem`_ was fixed, and the contents of `enc-rsa-pkcs8.pem`_
was re-encrypted to include it. The contents of `enc2-rsa-pkcs8.pem`_
was re-encrypted using a stronger PKCS#8 cipher.
* `Botan's ECC private keys`_.
* `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the
Ruby test suite.
* X25519 and X448 test vectors from :rfc:`7748`.
* RSA OAEP with custom label from the `BoringSSL evp tests`_.
* Ed448 test vectors from :rfc:`8032`.
* Deterministic ECDSA (:rfc:`6979`) from `OpenSSL's RFC 6979 test vectors`_.
* ``asymmetric/PKCS8/rsa-40bitrc2.pem`` a PKCS8 encoded RSA key from GnuTLS
encrypted with ``pbeWithSHAAnd40BitRC2-CBC``. The password is ``baz``.
* ``asymmetric/PKCS8/rsa-rc2-cbc.pem`` a PKCS8 encoded RSA key from GnuTLS
encrypted with ``RC2-CBC``. The password is ``Red Hat Enterprise Linux 7.4``.
* ``asymmetric/PKCS8/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem`` a PKCS8
encoded RSA key from Mbed-TLS using ``sha224`` as the PRF for PBKDF2.
The password is ``PolarSSLTest``.
* ``asymmetric/PKCS8/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem`` a PKCS8
encoded RSA key from Mbed-TLS using ``sha384`` as the PRF for PBKDF2.
The password is ``PolarSSLTest``.
* ``asymmetric/PKCS8/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem`` a PKCS8
encoded RSA key from Mbed-TLS using ``sha512`` as the PRF for PBKDF2.
The password is ``PolarSSLTest``.
* ``asymmetric/PKCS8/rsa-aes-192-cbc.pem`` a PKCS8 encoded RSA key from Mbed-TLS
encrypted with ``AES-192-CBC``. The password is ``PolarSSLTest``.
* ``asymmetric/PKCS8/ed25519-scrypt.pem`` a PKCS8 encoded Ed25519 key from
RustCrypto using scrypt as the KDF. The password is ``hunter42``.
* ``asymmetric/PKCS8/rsa-rc2-cbc-effective-key-length.pem`` a PKCS8 encoded key
encrypted with ``RC2-CBC`` with the ``effectiveKeyLength`` parameter set to
258. This is an invalid key.
* ``asymmetric/PKCS8/enc-ec-sha1-128-rc4.pem`` a PKCS8 encoded ECDSA P-256 key
encrypted with ``pbeWithSHA1And128BitRC4``. The password is ``password``.
Custom asymmetric vectors
~~~~~~~~~~~~~~~~~~~~~~~~~
.. toctree::
:maxdepth: 1
custom-vectors/secp256k1
custom-vectors/rsa-oaep-sha2
* ``asymmetric/PEM_Serialization/ec_private_key.pem`` and
``asymmetric/DER_Serialization/ec_private_key.der`` - Contains an Elliptic
Curve key generated by OpenSSL from the curve ``secp256r1``.
* ``asymmetric/PEM_Serialization/ec_private_key_encrypted.pem`` and
``asymmetric/DER_Serialization/ec_private_key_encrypted.der``- Contains the
same Elliptic Curve key as ``ec_private_key.pem``, except that it is
encrypted with AES-128 with the password "123456".
* ``asymmetric/PEM_Serialization/ec_public_key.pem`` and
``asymmetric/DER_Serialization/ec_public_key.der``- Contains the public key
corresponding to ``ec_private_key.pem``, generated using OpenSSL.
* ``asymmetric/PEM_Serialization/ec_public_key_rsa_delimiter.pem`` - Contains
the public key corresponding to ``ec_private_key.pem``, but with the wrong PEM
delimiter (``RSA PUBLIC KEY`` when it should be ``PUBLIC KEY``).
* ``asymmetric/PEM_Serialization/rsa_private_key.pem`` - Contains an RSA 2048
bit key generated using OpenSSL, protected by the secret "123456" with DES3
encryption.
* ``asymmetric/PEM_Serialization/rsa_public_key.pem`` and
``asymmetric/DER_Serialization/rsa_public_key.der``- Contains an RSA 2048
bit public generated using OpenSSL from ``rsa_private_key.pem``.
* ``asymmetric/PEM_Serialization/rsa_wrong_delimiter_public_key.pem`` - Contains
an RSA 2048 bit public key generated from ``rsa_private_key.pem``, but with
the wrong PEM delimiter (``RSA PUBLIC KEY`` when it should be ``PUBLIC KEY``).
* ``asymmetric/PEM_Serialization/dsa_4096.pem`` - Contains a 4096-bit DSA
private key generated using OpenSSL.
* ``asymmetric/PEM_Serialization/dsaparam.pem`` - Contains 2048-bit DSA
parameters generated using OpenSSL; contains no keys.
* ``asymmetric/PEM_Serialization/dsa_private_key.pem`` - Contains a DSA 2048
bit key generated using OpenSSL from the parameters in ``dsaparam.pem``,
protected by the secret "123456" with DES3 encryption.
* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` and
``asymmetric/DER_Serialization/dsa_public_key.der`` - Contains a DSA 2048 bit
key generated using OpenSSL from ``dsa_private_key.pem``.
* ``asymmetric/DER_Serialization/dsa_public_key_no_params.der`` - Contains a
DSA public key with the optional parameters removed.
* ``asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der`` -
Contains a DSA public key with the bit string padding value set to 2 rather
than the required 0.
* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pem`` and
``asymmetric/DER_Serialization/unenc-dsa-pkcs8.der`` - Contains a DSA 1024
bit key generated using OpenSSL.
* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pub.pem`` and
``asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der`` - Contains a DSA
2048 bit public key generated using OpenSSL from ``unenc-dsa-pkcs8.pem``.
* DER conversions of the `GnuTLS example keys`_ for DSA.
* DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and
`unenc-rsa-pkcs8.pem`_.
* ``asymmetric/public/PKCS1/rsa.pub.pem`` and
``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public
key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding.
* ``x509/custom/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is
the private key for the certificate ``x509/custom/ca/ca.pem``.
* ``pkcs12/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is
the private key for the certificate ``pkcs12/ca/ca.pem``. This key is
encoded in several of the PKCS12 custom vectors.
* ``x509/custom/ca/rsa_key.pem`` - An unencrypted PCKS8 4096 bit RSA key. It is
the private key for the certificate ``x509/custom/ca/rsa_ca.pem``.
* ``asymmetric/EC/compressed_points.txt`` - Contains compressed public points
generated using OpenSSL.
* ``asymmetric/EC/explicit_parameters_private_key.pem`` - Contains an EC
private key with an curve defined by explicit parameters.
* ``asymmetric/EC/explicit_parameters_wap_wsg_idm_ecid_wtls11_private_key.pem`` -
Contains an EC private key with over the ``wap-wsg-idm-ecid-wtls11`` curve,
encoded with explicit parameters.
* ``asymmetric/EC/secp256k1-explicit-no-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp256k1`` curve explicitly encoded (``secp256k1`` does not have
a seed).
* ``asymmetric/EC/secp256k1-pub-explicit-no-seed.pem`` - A public key with the
``secp256k1`` curve explicitly encoded. This is the public key for the
private key ``asymmetric/EC/secp256k1-explicit-no-seed.pem``.
* ``asymmetric/EC/secp256r1-explicit-no-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp256r1`` curve explicitly encoded and with the seed omitted.
* ``asymmetric/EC/secp256r1-pub-explicit-no-seed.pem`` - A public key with the
``secp256r1`` curve explicitly encoded and with the seed omitted. This is the
public key for the private key ``asymmetric/EC/secp256r1-explicit-no-seed.pem``.
* ``asymmetric/EC/secp256r1-explicit-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp256r1`` curve explicitly encoded.
* ``asymmetric/EC/secp256r1-pub-explicit-seed.pem`` - A public key with the
``secp256r1`` curve explicitly encoded. This is the public key for the
private key ``asymmetric/EC/secp256r1-explicit-seed.pem``.
* ``asymmetric/EC/secp384r1-explicit-no-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp384r1`` curve explicitly encoded and with the seed omitted.
* ``asymmetric/EC/secp384r1-pub-explicit-no-seed.pem`` - A public key with the
``secp384r1`` curve explicitly encoded and with the seed omitted. This is the
public key for the private key ``asymmetric/EC/secp384r1-explicit-no-seed.pem``.
* ``asymmetric/EC/secp384r1-explicit-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp384r1`` curve explicitly encoded.
* ``asymmetric/EC/secp384r1-pub-explicit-seed.pem`` - A public key with the
``secp384r1`` curve explicitly encoded. This is the public key for the
private key ``asymmetric/EC/secp384r1-explicit-seed.pem``.
* ``asymmetric/EC/secp521r1-explicit-no-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp521r1`` curve explicitly encoded and with the seed omitted.
* ``asymmetric/EC/secp521r1-pub-explicit-no-seed.pem`` - A public key with the
``secp521r1`` curve explicitly encoded and with the seed omitted. This is the
public key for the private key ``asymmetric/EC/secp521r1-explicit-no-seed.pem``.
* ``asymmetric/EC/secp521r1-explicit-seed.pem`` - An unencrypted PKCS8 private
key with the ``secp521r1`` curve explicitly encoded.
* ``asymmetric/EC/secp521r1-pub-explicit-seed.pem`` - A public key with the
``secp521r1`` curve explicitly encoded. This is the public key for the
private key ``asymmetric/EC/secp521r1-explicit-seed.pem``.
* ``asymmetric/EC/secp128r1_private_key.pem`` - Contains an EC private key on
the curve ``secp128r1``.
* ``asymmetric/EC/sect163k1-spki.pem`` - Contains an EC SPKI on the curve
``sect163k1``.
* ``asymmetric/EC/sect163r2-spki.pem`` - Contains an EC SPKI on the curve
``sect163r2``.
* ``asymmetric/EC/sect233k1-spki.pem`` - Contains an EC SPKI on the curve
``sect233k1``.
* ``asymmetric/EC/sect233r1-spki.pem`` - Contains an EC SPKI on the curve
``sect233r1``.
* ``asymmetric/X448/x448-pkcs8-enc.pem`` and
``asymmetric/X448/x448-pkcs8-enc.der`` contain an X448 key encrypted with
AES 256 CBC with the password ``password``.
* ``asymmetric/X448/x448-pkcs8.pem`` and ``asymmetric/X448/x448-pkcs8.der``
contain an unencrypted X448 key.
* ``asymmetric/X448/x448-pub.pem`` and ``asymmetric/X448/x448-pub.der`` contain
an X448 public key.
* ``asymmetric/Ed25519/ed25519-pkcs8-enc.pem`` and
``asymmetric/Ed25519/ed25519-pkcs8-enc.der`` contain an Ed25519 key encrypted
with AES 256 CBC with the password ``password``.
* ``asymmetric/Ed25519/ed25519-pkcs8.pem`` and
``asymmetric/Ed25519/ed25519-pkcs8.der`` contain an unencrypted Ed25519 key.
* ``asymmetric/Ed25519/ed25519-pub.pem`` and
``asymmetric/Ed25519/ed25519-pub.der`` contain an Ed25519 public key.
* ``asymmetric/X25519/x25519-pkcs8-enc.pem`` and
``asymmetric/X25519/x25519-pkcs8-enc.der`` contain an X25519 key encrypted
with AES 256 CBC with the password ``password``.
* ``asymmetric/X25519/x25519-pkcs8.pem`` and
``asymmetric/X25519/x25519-pkcs8.der`` contain an unencrypted X25519 key.
* ``asymmetric/X25519/x25519-pub.pem`` and ``asymmetric/X25519/x25519-pub.der``
contain an X25519 public key.
* ``asymmetric/Ed448/ed448-pkcs8-enc.pem`` and
``asymmetric/Ed448/ed448-pkcs8-enc.der`` contain an Ed448 key encrypted
with AES 256 CBC with the password ``password``.
* ``asymmetric/Ed448/ed448-pkcs8.pem`` and
``asymmetric/Ed448/ed448-pkcs8.der`` contain an unencrypted Ed448 key.
* ``asymmetric/Ed448/ed448-pub.pem`` and ``asymmetric/Ed448/ed448-pub.der``
contain an Ed448 public key.
* ``asymmetric/PKCS8/rsa_pss_2048.pem`` - A 2048-bit RSA PSS key with no
explicit parameters set.
* ``asymmetric/PKCS8/rsa_pss_2048_pub.der`` - The public key corresponding to
``asymmetric/PKCS8/rsa_pss_2048.pem``.
* ``asymmetric/PKCS8/rsa_pss_2048_hash.pem`` - A 2048-bit RSA PSS key with the
hash algorithm PSS parameter set to SHA256.
* ``asymmetric/PKCS8/rsa_pss_2048_hash_mask.pem`` - A 2048-bit RSA PSS key with
with the hash (SHA256) and mask algorithm (SHA256) PSS parameters set.
* ``asymmetric/PKCS8/rsa_pss_2048_hash_mask_diff.pem`` - A 2048-bit RSA PSS key
with the hash (SHA256) and mask algorithm (SHA512) PSS parameters set.
* ``asymmetric/PKCS8/rsa_pss_2048_hash_mask_salt.pem`` - A 2048-bit RSA PSS key
with the hash (SHA256), mask algorithm (SHA256), and salt length (32)
PSS parameters set.
* ``asymmetric/Traditional_OpenSSL_Serialization/testrsa.pem`` - A 2048-bit RSA
key, encoded as a "traditional" ``RSA PRIVATE KEY`` PEM block, rather than a
``PRIVATE KEY`` block.
* ``asymmetric/Traditional_OpenSSL_Serialization/testrsa-encrypted.pem`` - The
above, encrypted at the PEM level with AES-128-CBC and password "password".
* ``asymmetric/Traditional_OpenSSL_Serialization/key1.pem`` - The above,
encrypted at the PEM level with DES-EDE3-CBC and password "123456".
* ``asymmetric/Traditional_OpenSSL_Serialization/key2.pem`` - The above,
encrypted at the PEM level with AES-128-CBC and password "a123456".
* ``asymmetric/DER_Serialization/testrsa.der`` - The above as a DER-encoded
RSAPrivateKey structure.
* ``asymmetric/DSA/custom/nilpotent.pem`` -- A key where the field is actually
a ring and the generator of the multiplicative subgroup is actually
nilpotent with low degree. Taken from BoringSSL (see
``TEST(DSATest, NilpotentGenerator)``).
* ``asymmetric/PKCS8/ec-invalid-private-scalar.pem`` - Contains a PKCS8 encoded
PEM with a ``secp256r1`` OID and an invalid (very large) private scalar.
* ``asymmetric/PKCS8/invalid-version.der`` - Contains a PKCS8 encoded DER with
an invalid version field.
* ``asymmetric/PKCS8/unknown-oid.der`` - Contains a PKCS8 encoded DER with an
unknown OID.
* ``asymmetric/Traditional_OpenSSL_Serialization/rsa-wrong-version.pem`` - An
RSA key, encoded as a "traditional" ``RSA PRIVATE KEY`` PEM block, with an
invalid version number.
* ``asymmetric/Traditional_OpenSSL_Serialization/dsa-wrong-version.pem`` - A
DSA key, encoded as a "traditional" ``DSA PRIVATE KEY`` PEM block, with an
invalid version number.
* ``asymmetric/PKCS8/ec-inconsistent-curve.pem`` - A PKCS8 encoded EC key where
the the curve OID in the parameters does not match the curve OID in the key.
* ``asymmetric/PKCS8/ec-inconsistent-curve2.pem`` - A PKCS8 encoded EC key
where the the curve OID in the parameters does not match the curve OID in
the key (the OIDs are reversed from ``ec-inconsistent-curve.pem``).
* ``asymmetric/EC/ec-missing-curve.pem`` - A PKCS#1 encoded EC key where the
curve OID is missing.
* ``asymmetric/PKCS8/ec-consistent-curve.pem`` - A PKCS8 encoded EC key where
the the curve OID in the parameters is the same as the curve OID in the key
(encoding the curve OID twice is duplicative, as the inner curve is
optional).
* ``asymmetric/PKCS8/ec-invalid-version.pem`` - A PKCS8 encoded EC key with an
invalid elliptic curve version field.
* ``asymmetric/PKCS8/enc-rsa-3des.pem`` - A PKCS8 encoded RSA key encrypted
with 3DES, with the password "password".
* ``asymmetric/PKCS8/enc-unknown-algorithm.pem`` - A PKCS8 encoded key with an
unknown encryption algorithm.
* ``asymmetric/PKCS8/enc-unknown-pbkdf2-prf.pem`` - A PKCS8 encoded key
encrypted using PBKDF2 with an unknown PRF.
* ``asymmetric/PKCS8/enc-unknown-kdf.pem`` - A PKCS8 encoded key encrypted
using an unknown KDF.
* ``asymmetric/Traditional_OpenSSL_Serialization/key1-no-dek-info.pem`` - An
RSA key in an encrypted PEM with no ``DEK-Info`` header.
* ``asymmetric/Traditional_OpenSSL_Serialization/key1-malformed-dek-info.pem``
- An RSA key in an encrypted PEM with a malformed ``DEK-Info`` header (no
comma).
* ``asymmetric/Traditional_OpenSSL_Serialization/key1-malformed-iv.pem`` - An
RSA key in an encrypted PEM with a malformed IV (not valid hex).
* ``asymmetric/Traditional_OpenSSL_Serialization/key1-short-iv.pem`` - An
RSA key in an encrypted PEM with an IV that's too short (less than 8 bytes).
* ``asymmetric/PKCS8/rsa-pbewithmd5anddescbc.pem`` - A PKCS8 encoded RSA key
encrypted using the ``pbeWithMD5AndDES-CBC`` algorithm with the password
``hunter2``.
* ``asymmetric/PKCS8/rsa-pbe-3des-long-salt.pem`` - A PKCS8 encoded RSA key
encrypted with a 20 byte salt with the password ``password``.
Key exchange
~~~~~~~~~~~~
* ``vectors/cryptography_vectors/asymmetric/DH/rfc3526.txt`` contains
several standardized Diffie-Hellman groups from :rfc:`3526`.
* ``vectors/cryptography_vectors/asymmetric/DH/RFC5114.txt`` contains
Diffie-Hellman examples from appendix A.1, A.2 and A.3 of :rfc:`5114`.
* ``vectors/cryptography_vectors/asymmetric/DH/vec.txt`` contains
Diffie-Hellman examples from `botan`_.
* ``vectors/cryptography_vectors/asymmetric/DH/bad_exchange.txt`` contains
Diffie-Hellman vector pairs that were generated using OpenSSL
``DH_generate_parameters_ex`` and ``DH_generate_key``.
* ``vectors/cryptography_vectors/asymmetric/DH/dhp.pem``,
``vectors/cryptography_vectors/asymmetric/DH/dhkey.pem`` and
``vectors/cryptography_vectors/asymmetric/DH/dhpub.pem`` contains
Diffie-Hellman parameters and key respectively. The keys were
generated using OpenSSL following `DHKE`_ guide.
``vectors/cryptography_vectors/asymmetric/DH/dhkey.txt`` contains
all parameter in text.
``vectors/cryptography_vectors/asymmetric/DH/dhp.der``,
``vectors/cryptography_vectors/asymmetric/DH/dhkey.der`` and
``vectors/cryptography_vectors/asymmetric/DH/dhpub.der`` contains
are the above parameters and keys in DER format.
* ``vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.pem``,
``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.pem`` and
``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.pem`` contains
Diffie-Hellman parameters and key respectively. The keys were
generated using OpenSSL following `DHKE`_ guide. When creating the
parameters we added the `-pkeyopt dh_rfc5114:2` option to use
:rfc:`5114` 2048 bit DH parameters with 224 bit subgroup.
``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.txt`` contains
all parameter in text.
``vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.der``,
``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.der`` and
``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.der`` contains
are the above parameters and keys in DER format.
* ``vectors/cryptography_vectors/asymmetric/DH/dh_key_256.pem`` contains
a PEM PKCS8 encoded DH key with a 256-bit key size.
* ``vectors/cryptoraphy_vectors/asymmetric/ECDH/brainpool.txt`` contains
Brainpool vectors from :rfc:`7027`.
* ``vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem``
contains a Diffie-Hellman public key generated with a previous version of
``cryptography``.
X.509
~~~~~
* PKITS test suite from `NIST PKI Testing`_.
* ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_).
* ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root
certificate.
* ``verisign-md2-root.pem`` - A legacy Verisign public root signed using the
MD2 algorithm. This is a PEM conversion of the `root data`_ in the NSS source
tree.
* ``cryptography.io.pem`` - A leaf certificate issued by RapidSSL for the
cryptography website.
* ``cryptography.io.old_header.pem`` - A leaf certificate issued by RapidSSL
for the cryptography website. This certificate uses the ``X509 CERTIFICATE``
legacy PEM header format.
* ``cryptography.io.chain.pem`` - The same as ``cryptography.io.pem``,
but ``rapidssl_sha256_ca_g3.pem`` is concatenated to the end.
* ``cryptography.io.with_headers.pem`` - The same as ``cryptography.io.pem``,
but with an unrelated (encrypted) private key concatenated to the end.
* ``cryptography.io.chain_with_garbage.pem`` - The same as
``cryptography.io.chain.pem``, but with other sections and text around it.
* ``cryptography.io.with_garbage.pem`` - The same as ``cryptography.io.pem``,
but with other sections and text around it.
* ``rapidssl_sha256_ca_g3.pem`` - The intermediate CA that issued the
``cryptography.io.pem`` certificate.
* ``cryptography.io.precert.pem`` - A pre-certificate with the CT poison
extension for the cryptography website.
* ``cryptography-scts.pem`` - A leaf certificate issued by Let's Encrypt for
the cryptography website which contains signed certificate timestamps.
* ``wildcard_san.pem`` - A leaf certificate issued by a public CA for
``langui.sh`` that contains wildcard entries in the SAN extension.
* ``san_edipartyname.der`` - A DSA certificate from a `Mozilla bug`_
containing a SAN extension with an ``ediPartyName`` general name.
* ``san_x400address.der`` - A DSA certificate from a `Mozilla bug`_ containing
a SAN extension with an ``x400Address`` general name.
* ``department-of-state-root.pem`` - The intermediary CA for the Department of
State, issued by the United States Federal Government's Common Policy CA.
Notably has a ``critical`` policy constraints extensions.
* ``e-trust.ru.der`` - A certificate from a `Russian CA`_ signed using the GOST
cipher and containing numerous unusual encodings such as NUMERICSTRING in
the subject DN.
* ``alternate-rsa-sha1-oid.der`` - A certificate that uses an alternate
signature OID for RSA with SHA1. This certificate has an invalid signature.
* ``badssl-sct.pem`` - A certificate with the certificate transparency signed
certificate timestamp extension.
* ``badssl-sct-none-hash.der`` - The same as ``badssl-sct.pem``, but DER-encoded
and with the SCT's signature hash manually changed to "none" (``0x00``).
* ``badssl-sct-anonymous-sig.der`` - The same as ``badssl-sct.pem``, but
DER-encoded and with the SCT's signature algorithm manually changed to
"anonymous" (``0x00``).
* ``bigoid.pem`` - A certificate with a rather long OID in the
Certificate Policies extension. We need to make sure we can parse
long OIDs.
* ``wosign-bc-invalid.pem`` - A certificate issued by WoSign that contains
a basic constraints extension with CA set to false and a path length of zero
in violation of :rfc:`5280`.
* ``tls-feature-ocsp-staple.pem`` - A certificate issued by Let's Encrypt that
contains a TLS Feature extension with the ``status_request`` feature
(commonly known as OCSP Must-Staple).
* ``unique-identifier.pem`` - A certificate containing
a distinguished name with an ``x500UniqueIdentifier``.
* ``utf8-dnsname.pem`` - A certificate containing non-ASCII characters in the
DNS name entries of the SAN extension.
* ``badasn1time.pem`` - A certificate containing an incorrectly specified
UTCTime in its validity->not_after.
* ``letsencryptx3.pem`` - A subordinate certificate used by Let's Encrypt to
issue end entity certificates.
* ``ed25519-rfc8410.pem`` - A certificate containing an X25519 public key with
an ``ed25519`` signature taken from :rfc:`8410`.
* ``root-ed25519.pem`` - An ``ed25519`` root certificate (``ed25519`` signature
with ``ed25519`` public key) from the OpenSSL test suite.
(`root-ed25519.pem`_)
* ``server-ed25519-cert.pem`` - An ``ed25519`` server certificate (RSA
signature with ``ed25519`` public key) from the OpenSSL test suite.
(`server-ed25519-cert.pem`_)
* ``server-ed448-cert.pem`` - An ``ed448`` server certificate (RSA
signature with ``ed448`` public key) from the OpenSSL test suite.
(`server-ed448-cert.pem`_)
* ``accvraiz1.pem`` - An RSA root certificate that contains an
``explicitText`` entry with a ``BMPString`` type.
* ``scottishpower-bitstring-dn.pem`` - An ECDSA certificate that contains
a subject DN with a bit string type.
* ``cryptography-scts-tbs-precert.der`` - The "to-be-signed" pre-certificate
bytes from ``cryptography-scts.pem``, with the SCT list extension removed.
* ``belgian-eid-invalid-visiblestring.pem`` - A certificate with UTF-8
bytes in a ``VisibleString`` type.
* ``ee-pss-sha1-cert.pem`` - An RSA PSS certificate using a SHA1 signature and
SHA1 for MGF1 from the OpenSSL test suite.
Custom X.509 Vectors
~~~~~~~~~~~~~~~~~~~~
* ``invalid_version.pem`` - Contains an RSA 2048 bit certificate with the
X.509 version field set to ``0x7``.
* ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the
``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``.
* ``dsa_selfsigned_ca.pem`` - Contains a DSA self-signed CA certificate
generated using OpenSSL.
* ``ec_no_named_curve.pem`` - Contains an ECDSA certificate that does not have
an embedded OID defining the curve.
* ``all_supported_names.pem`` - An RSA 2048 bit certificate generated using
OpenSSL that contains a subject and issuer that have two of each supported
attribute type from :rfc:`5280`.
* ``unsupported_subject_name.pem`` - An RSA 2048 bit self-signed CA certificate
generated using OpenSSL that contains the unsupported "initials" name.
* ``utf8_common_name.pem`` - An RSA 2048 bit self-signed CA certificate
generated using OpenSSL that contains a UTF8String common name with the value
"We heart UTF8!â„¢".
* ``invalid_utf8_common_name.pem`` - A certificate that contains a
``UTF8String`` common name with an invalid UTF-8 byte sequence.
* ``two_basic_constraints.pem`` - An RSA 2048 bit self-signed certificate
containing two basic constraints extensions.
* ``basic_constraints_not_critical.pem`` - An RSA 2048 bit self-signed
certificate containing a basic constraints extension that is not marked as
critical.
* ``bc_path_length_zero.pem`` - An RSA 2048 bit self-signed
certificate containing a basic constraints extension with a path length of
zero.
* ``unsupported_extension.pem`` - An RSA 2048 bit self-signed certificate
containing an unsupported extension type. The OID was encoded as
"1.2.3.4" with an ``extnValue`` of "value".
* ``unsupported_extension_2.pem`` - A ``secp256r1`` certificate
containing two unsupported extensions. The OIDs are ``1.3.6.1.4.1.41482.2``
with an ``extnValue`` of ``1.3.6.1.4.1.41482.1.2`` and
``1.3.6.1.4.1.45724.2.1.1`` with an ``extnValue`` of ``\x03\x02\x040``
* ``unsupported_extension_critical.pem`` - An RSA 2048 bit self-signed
certificate containing an unsupported extension type marked critical. The OID
was encoded as "1.2.3.4" with an ``extnValue`` of "value".
* ``san_email_dns_ip_dirname_uri.pem`` - An RSA 2048 bit self-signed
certificate containing a subject alternative name extension with the
following general names: ``rfc822Name``, ``dNSName``, ``iPAddress``,
``directoryName``, and ``uniformResourceIdentifier``.
* ``san_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate
containing a subject alternative extension with an empty ``dNSName``
general name.
* ``san_other_name.pem`` - An RSA 2048 bit self-signed certificate containing
a subject alternative name extension with the ``otherName`` general name.
* ``san_registered_id.pem`` - An RSA 1024 bit certificate containing a
subject alternative name extension with the ``registeredID`` general name.
* ``all_key_usages.pem`` - An RSA 2048 bit self-signed certificate containing
a key usage extension with all nine purposes set to true.
* ``extended_key_usage.pem`` - An RSA 2048 bit self-signed certificate
containing an extended key usage extension with eight usages.
* ``san_idna_names.pem`` - An RSA 2048 bit self-signed certificate containing
a subject alternative name extension with ``rfc822Name``, ``dNSName``, and
``uniformResourceIdentifier`` general names with IDNA (:rfc:`5895`) encoding.
* ``san_wildcard_idna.pem`` - An RSA 2048 bit self-signed certificate
containing a subject alternative name extension with a ``dNSName`` general
name with a wildcard IDNA (:rfc:`5895`) domain.
* ``san_idna2003_dnsname.pem`` - An RSA 2048 bit self-signed certificate
containing a subject alternative name extension with an IDNA 2003
(:rfc:`3490`) ``dNSName``.
* ``san_rfc822_names.pem`` - An RSA 2048 bit self-signed certificate containing
a subject alternative name extension with various ``rfc822Name`` values.
* ``san_rfc822_idna.pem`` - An RSA 2048 bit self-signed certificate containing
a subject alternative name extension with an IDNA ``rfc822Name``.
* ``san_uri_with_port.pem`` - An RSA 2048 bit self-signed certificate
containing a subject alternative name extension with various
``uniformResourceIdentifier`` values.
* ``san_ipaddr.pem`` - An RSA 2048 bit self-signed certificate containing a
subject alternative name extension with an ``iPAddress`` value.
* ``san_dirname.pem`` - An RSA 2048 bit self-signed certificate containing a
subject alternative name extension with a ``directoryName`` value.
* ``inhibit_any_policy_5.pem`` - An RSA 2048 bit self-signed certificate
containing an inhibit any policy extension with the value 5.
* ``inhibit_any_policy_negative.pem`` - An RSA 2048 bit self-signed certificate
containing an inhibit any policy extension with the value -1.
* ``authority_key_identifier.pem`` - An RSA 2048 bit self-signed certificate
containing an authority key identifier extension with key identifier,
authority certificate issuer, and authority certificate serial number fields.
* ``authority_key_identifier_no_keyid.pem`` - An RSA 2048 bit self-signed
certificate containing an authority key identifier extension with authority
certificate issuer and authority certificate serial number fields.
* ``aia_ocsp_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate
containing an authority information access extension with two OCSP and one
CA issuers entry.
* ``aia_ocsp.pem`` - An RSA 2048 bit self-signed certificate
containing an authority information access extension with an OCSP entry.
* ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate
containing an authority information access extension with a CA issuers entry.
* ``cdp_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate
containing a CRL distribution point extension with ``fullName`` URI without
a hostname.
* ``cdp_fullname_reasons_crl_issuer.pem`` - An RSA 1024 bit certificate
containing a CRL distribution points extension with ``fullName``,
``cRLIssuer``, and ``reasons`` data.
* ``cdp_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL
distribution points extension with ``cRLIssuer`` data.
* ``cdp_all_reasons.pem`` - An RSA 1024 bit certificate containing a CRL
distribution points extension with all ``reasons`` bits set.
* ``cdp_reason_aa_compromise.pem`` - An RSA 1024 bit certificate containing a
CRL distribution points extension with the ``AACompromise`` ``reasons`` bit
set.
* ``nc_permitted_excluded.pem`` - An RSA 2048 bit self-signed certificate
containing a name constraints extension with both permitted and excluded
elements. Contains ``IPv4`` and ``IPv6`` addresses with network mask as well
as ``dNSName`` with a leading period.
* ``nc_permitted_excluded_2.pem`` - An RSA 2048 bit self-signed certificate
containing a name constraints extension with both permitted and excluded
elements. Unlike ``nc_permitted_excluded.pem``, the general names do not
contain any name constraints specific values.
* ``nc_permitted.pem`` - An RSA 2048 bit self-signed certificate containing a
name constraints extension with permitted elements.
* ``nc_permitted_2.pem`` - An RSA 2048 bit self-signed certificate containing a
name constraints extension with permitted elements that do not contain any
name constraints specific values.
* ``nc_excluded.pem`` - An RSA 2048 bit self-signed certificate containing a
name constraints extension with excluded elements.
* ``nc_invalid_ip_netmask.pem`` - An RSA 2048 bit self-signed certificate
containing a name constraints extension with a permitted element that has an
``IPv6`` IP and an invalid network mask.
* ``nc_invalid_ip4_netmask.der`` - An RSA 2048 bit self-signed certificate
containing a name constraints extension with a permitted element that has an
``IPv4`` IP and an invalid network mask. The signature on this certificate
is invalid.
* ``nc_single_ip_netmask.pem`` - An RSA 2048 bit self-signed certificate
containing a name constraints extension with a permitted element that has two
IPs with ``/32`` and ``/128`` network masks.
* ``nc_ip_invalid_length.pem`` - An RSA 2048 bit self-signed certificate
containing a name constraints extension with a permitted element that has an
invalid length (33 bytes instead of 32) for an ``IPv6`` address with
network mask. The signature on this certificate is invalid.
* ``cp_user_notice_with_notice_reference.pem`` - An RSA 2048 bit self-signed
certificate containing a certificate policies extension with a
notice reference in the user notice.
* ``cp_user_notice_with_explicit_text.pem`` - An RSA 2048 bit self-signed
certificate containing a certificate policies extension with explicit
text and no notice reference.
* ``cp_cps_uri.pem`` - An RSA 2048 bit self-signed certificate containing a
certificate policies extension with a CPS URI and no user notice.
* ``cp_user_notice_no_explicit_text.pem`` - An RSA 2048 bit self-signed
certificate containing a certificate policies extension with a user notice
with no explicit text.
* ``cp_invalid.pem`` - An RSA 2048 bit self-signed certificate containing a
certificate policies extension with invalid data. The ``policyQualifierId``
is for ``id-qt-unotice`` but the value is an ``id-qt-cps`` ASN.1 structure.
* ``cp_invalid2.der`` - An RSA 2048 bit self-signed certificate containing a
certificate policies extension with invalid data. The ``policyQualifierId``
is for ``id-qt-cps`` but the value is an ``id-qt-unotice`` ASN.1 structure.
The signature on this certificate is invalid.
* ``ian_uri.pem`` - An RSA 2048 bit certificate containing an issuer
alternative name extension with a ``URI`` general name.
* ``ocsp_nocheck.pem`` - An RSA 2048 bit self-signed certificate containing
an ``OCSPNoCheck`` extension.
* ``pc_inhibit_require.pem`` - An RSA 2048 bit self-signed certificate
containing a policy constraints extension with both inhibit policy mapping
and require explicit policy elements.
* ``pc_inhibit.pem`` - An RSA 2048 bit self-signed certificate containing a
policy constraints extension with an inhibit policy mapping element.
* ``pc_require.pem`` - An RSA 2048 bit self-signed certificate containing a
policy constraints extension with a require explicit policy element.
* ``unsupported_subject_public_key_info.pem`` - A certificate whose public key
is an unknown OID (``1.3.6.1.4.1.8432.1.1.2``).
* ``policy_constraints_explicit.pem`` - A self-signed certificate containing
a ``policyConstraints`` extension with a ``requireExplicitPolicy`` value.
* ``freshestcrl.pem`` - A self-signed certificate containing a ``freshestCRL``
extension.
* ``sia.pem`` - An RSA 2048 bit self-signed certificate containing a subject
information access extension with both a CA repository entry and a custom
OID entry.
* ``ca/ca.pem`` - A self-signed certificate with ``basicConstraints`` set to
true. Its private key is ``ca/ca_key.pem``.
* ``pkcs12/ca/ca.pem`` - A self-signed certificate with ``basicConstraints``
set to true. Its private key is ``pkcs12/ca/ca_key.pem``. This key is
encoded in several of the PKCS12 custom vectors.
* ``negative_serial.pem`` - A certificate with a serial number that is a
negative number.
* ``rsa_pss.pem`` - A certificate with an RSA PSS signature.
* ``root-ed448.pem`` - An ``ed448`` self-signed CA certificate
using ``ed448-pkcs8.pem`` as key.
* ``ca/rsa_ca.pem`` - A self-signed RSA certificate with ``basicConstraints``
set to true. Its private key is ``ca/rsa_key.pem``.
* ``ca/rsae_ca.pem`` - A self-signed RSA certificate using a (non-PSS) RSA
public key and a RSA PSS signature. Its private key is ``ca/rsa_key.pem``.
* ``invalid-sct-version.der`` - A certificate with an SCT with an unknown
version.
* ``invalid-sct-length.der`` - A certificate with an SCT with an internal
length greater than the amount of data.
* ``bad_country.pem`` - A certificate with country name and jurisdiction
country name values in its subject and issuer distinguished names which
are longer than 2 characters.
* ``rsa_pss_cert.pem`` - A self-signed certificate with an RSA PSS signature
with ``asymmetric/PKCS8/rsa_pss_2048.pem`` as its key.
* ``rsa_pss_cert_invalid_mgf.der`` - A self-signed certificate with an invalid
RSA PSS signature that has a non-MGF1 OID for its mask generation function in the
signature algorithm.
* ``rsa_pss_cert_no_sig_params.der`` - A self-signed certificate with an invalid
RSA PSS signature algorithm that is missing signature parameters for PSS.
* ``rsa_pss_cert_unsupported_mgf_hash.der`` - A self-signed certificate with an
unsupported MGF1 hash algorithm in the signature algorithm.
* ``long-form-name-attribute.pem`` - A certificate with ``subject`` and ``issuer``
names containing attributes whose value's tag is encoded in long-form.
* ``mismatch_inner_outer_sig_algorithm.der`` - A leaf certificate derived from
``x509/cryptography.io.pem`` but modifying the ``tbs_cert.signature_algorithm``
OID to not match the outer signature algorithm OID.
* ``ms-certificate-template.pem`` - A certificate with a ``msCertificateTemplate``
extension.
* ``rsa_pss_sha256_no_null.pem`` - A certificate with an RSA PSS signature
with no encoded ``NULL`` for the PSS hash algorithm parameters. This certificate
was generated by LibreSSL.
* ``ecdsa_null_alg.pem`` - A certificate with an ECDSA signature with ``NULL``
algorithm parameters. This encoding is invalid, but was generated by Java 11.
* ``dsa_null_alg_params.pem`` - A certificate with a DSA signature with ``NULL``
algorithm parameters. This encoding is invalid, but was generated by Java 20.
* ``ekucrit-testuser-cert.pem`` - A leaf certificate containing a critical EKU.
This is an invalid certificate per CA/B 7.1.2.7.6.
* ``empty-eku.pem`` - A leaf certificate containing an empty EKU extension.
This is an invalid certificate per :rfc:`5280` 4.2.1.12.
* ``malformed-san.pem`` - A certificate with a malformed SAN.
* ``malformed-ian.pem`` - A certificate with a malformed IAN.
* ``admissions_extension_optional_data_not_provided.pem`` -
A certificate containing the ``Admissions`` extension with multiple admissions,
signed by ``x509/custom/ca/rsa_ca.pem`` CA. The admissions in this certificate
are prepared using synthetic data to verify the possible corner cases are handled
by the parser correctly (an admission missing naming authority or admission
authority, a profession info missing naming authority or profession OIDs
or the registration number etc).
* ``admissions_extension_authority_not_provided.pem`` - A certificate containing
the ``Admissions`` extension with no admissions and no admission authority,
signed by ``x509/custom/ca/rsa_ca.pem`` CA.
* ``no_sans.pem`` - Leaf certificate issued by ``x509/custom/ca/rsa_ca.pem``
with no SAN extension.
* ``private_key_usage_period_both_dates.pem`` - A certificate containing
PrivateKeyUsagePeriod with both ``notBefore`` and ``notAfter`` fields set.
* ``private_key_usage_period_only_not_before.pem`` - A certificate containing
PrivateKeyUsagePeriod with only ``notBefore`` field set.
* ``private_key_usage_period_only_not_after.pem`` - A certificate containing
PrivateKeyUsagePeriod with only ``notAfter`` field set.
Custom X.509 Request Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``dsa_sha1.pem`` and ``dsa_sha1.der`` - Contain a certificate request using
1024-bit DSA parameters and SHA1 generated using OpenSSL.
* ``rsa_md4.pem`` and ``rsa_md4.der`` - Contain a certificate request using
2048 bit RSA and MD4 generated using OpenSSL.
* ``rsa_sha1.pem`` and ``rsa_sha1.der`` - Contain a certificate request using
2048 bit RSA and SHA1 generated using OpenSSL.
* ``rsa_sha256.pem`` and ``rsa_sha256.der`` - Contain a certificate request
using 2048 bit RSA and SHA256 generated using OpenSSL.
* ``ec_sha256.pem`` and ``ec_sha256.der`` - Contain a certificate request
using EC (``secp384r1``) and SHA256 generated using OpenSSL.
* ``ec_sha256_old_header.pem`` - Identical to ``ec_sha256.pem``, but uses
the ``-----BEGIN NEW CERTIFICATE REQUEST-----`` legacy PEM header format.
* ``san_rsa_sha1.pem`` and ``san_rsa_sha1.der`` - Contain a certificate
request using RSA and SHA1 with a subject alternative name extension
generated using OpenSSL.
* ``two_basic_constraints.pem`` - A certificate signing request
for an RSA 2048 bit key containing two basic constraints extensions. The
signature on this CSR is invalid.
* ``unsupported_extension.pem`` - A certificate signing request
for an RSA 2048 bit key containing containing an unsupported
extension type. The OID was encoded as "1.2.3.4" with an
``extnValue`` of "value". The signature on this CSR is invalid.
* ``unsupported_extension_critical.pem`` - A certificate signing
request for an RSA 2048 bit key containing containing an unsupported
extension type marked critical. The OID was encoded as "1.2.3.4"
with an ``extnValue`` of "value". The signature on this CSR is invalid.
* ``basic_constraints.pem`` - A certificate signing request for an RSA
2048 bit key containing a basic constraints extension marked as
critical. The signature on this CSR is invalid.
* ``invalid_signature.pem`` - A certificate signing request for an RSA
1024 bit key containing an invalid signature with correct padding.
* ``challenge.pem`` - A certificate signing request for an RSA 2048 bit key
containing a challenge password.
* ``challenge-invalid.der`` - A certificate signing request for an RSA 2048 bit
key containing a challenge password attribute that has been encoded as an
ASN.1 integer rather than a string.
* ``challenge-unstructured.pem`` - A certificate signing request for an RSA
2048 bit key containing a challenge password attribute and an unstructured
name attribute.
* ``challenge-multi-valued.der`` - A certificate signing request for an RSA
2048 bit key containing a challenge password attribute with two values
inside the ASN.1 set. The signature on this request is invalid.
* ``freeipa-bad-critical.pem`` - A certificate signing request where the
extensions value has a ``critical`` value of ``False`` explicitly encoded.
* ``bad-version.pem`` - A certificate signing request where the version is
invalid.
* ``long-form-attribute.pem`` - A certificate signing request containing an
attribute whose value's tag is encoded in the long form.
* ``zero-element-attribute.pem`` - A certificate signing request containing an
attribute whose value has zero elements.
Custom X.509 Certificate Revocation List Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``crl_all_reasons.pem`` - Contains a CRL with 12 revoked certificates, whose
serials match their list position. It includes one revocation without
any entry extensions, 10 revocations with every supported reason code and one
revocation with an unsupported, non-critical entry extension with the OID
value set to "1.2.3.4". The signature on this CRL is invalid.
* ``crl_dup_entry_ext.pem`` - Contains a CRL with one revocation which has a
duplicate entry extension. The signature on this CRL is invalid.
* ``crl_md2_unknown_crit_entry_ext.pem`` - Contains a CRL with one revocation
which contains an unsupported critical entry extension with the OID value set
to "1.2.3.4". The CRL uses an unsupported MD2 signature algorithm, and the
signature on this CRL is invalid.
* ``crl_unsupported_reason.pem`` - Contains a CRL with one revocation which has
an unsupported reason code. The signature on this CRL is invalid.
* ``crl_inval_cert_issuer_entry_ext.pem`` - Contains a CRL with one revocation
which has one entry extension for certificate issuer with an empty value. The
signature on this CRL is invalid.
* ``crl_empty.pem`` - Contains a CRL with no revoked certificates.
* ``crl_empty_no_sequence.der`` - Contains a CRL with no revoked certificates
and the optional ASN.1 sequence for revoked certificates is omitted.
* ``crl_ian_aia_aki.pem`` - Contains a CRL with ``IssuerAlternativeName``,
``AuthorityInformationAccess``, ``AuthorityKeyIdentifier`` and ``CRLNumber``
extensions.
* ``valid_signature_crl.pem`` - Contains a CRL with a valid signature.
* ``valid_signature_cert.pem`` - Contains a cert whose public key corresponds
to the private key that produced the signature for
``valid_signature_crl.pem``.
* ``invalid_signature_crl.pem`` - Contains a CRL with the last signature byte
incremented by 1 to produce an invalid signature.
* ``invalid_signature_cert.pem`` - Contains a cert whose public key corresponds
to the private key that produced the signature for
``invalid_signature_crl.pem``.
* ``crl_delta_crl_indicator.pem`` - Contains a CRL with the
``DeltaCRLIndicator`` extension.
* ``crl_idp_fullname_only.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension with only a ``fullname`` for the
distribution point.
* ``crl_idp_only_ca.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension that is only valid for CA certificate
revocation.
* ``crl_idp_fullname_only_aa.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension that sets a ``fullname`` and is only
valid for attribute certificate revocation.
* ``crl_idp_fullname_only_user.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension that sets a ``fullname`` and is only
valid for user certificate revocation.
* ``crl_idp_fullname_indirect_crl.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension that sets a ``fullname`` and the
indirect CRL flag.
* ``crl_idp_reasons_only.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension that is only valid for revocations
with the ``keyCompromise`` reason.
* ``crl_idp_relative_user_all_reasons.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension that sets all revocation reasons as
allowed.
* ``crl_idp_relativename_only.pem`` - Contains a CRL with an
``IssuingDistributionPoints`` extension with only a ``relativename`` for
the distribution point.
* ``crl_unrecognized_extension.der`` - Contains a CRL containing an
unsupported extension type. The OID was encoded as "1.2.3.4.5" with an
``extnValue`` of ``abcdef``.
* ``crl_invalid_time.der`` - Contains a CRL with an invalid ``UTCTime``
value in ``thisUpdate``. The signature on this CRL is invalid.
* ``crl_no_next_time.pem`` - Contains a CRL with no ``nextUpdate`` value. The
signature on this CRL is invalid.
* ``crl_bad_version.pem`` - Contains a CRL with an invalid version.
* ``crl_almost_10k.pem`` - Contains a CRL with 9,999 entries.
* ``crl_inner_outer_mismatch.der`` - A CRL created from
``valid_signature_crl.pem`` but with a mismatched inner and
outer signature algorithm. The signature on this CRL is invalid.
* ``crl_issuer_invalid_printable_string.der`` - A CRL where the ``issuer``
field contains an invalid ``PRINTABLE STRING`` value.
X.509 OCSP Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~
* ``x509/ocsp/resp-sha256.der`` - An OCSP response for ``cryptography.io`` with
a SHA256 signature.
* ``x509/ocsp/resp-unauthorized.der`` - An OCSP response with an unauthorized
status.
* ``x509/ocsp/resp-revoked.der`` - An OCSP response for ``revoked.badssl.com``
with a revoked status.
* ``x509/ocsp/resp-delegate-unknown-cert.der`` - An OCSP response for an
unknown cert from ``AC Camerafirma``. This response also contains a delegate
certificate.
* ``x509/ocsp/resp-responder-key-hash.der`` - An OCSP response from the
``DigiCert`` OCSP responder that uses a key hash for the responder ID.
* ``x509/ocsp/resp-revoked-reason.der`` - An OCSP response from the
``QuoVadis`` OCSP responder that contains a revoked certificate with a
revocation reason.
* ``x509/ocsp/resp-revoked-no-next-update.der`` - An OCSP response that
contains a revoked certificate and no ``nextUpdate`` value.
* ``x509/ocsp/resp-invalid-signature-oid.der`` - An OCSP response that was
modified to contain an MD2 signature algorithm object identifier.
* ``x509/ocsp/resp-single-extension-reason.der`` - An OCSP response that
contains a ``CRLReason`` single extension.
* ``x509/ocsp/resp-sct-extension.der`` - An OCSP response containing a
``CT Certificate SCTs`` single extension, from the SwissSign OCSP responder.
* ``x509/ocsp/ocsp-army.deps.mil-resp.der`` - An OCSP response containing
multiple ``SINGLERESP`` values.
* ``x509/ocsp/resp-response-type-unknown-oid.der`` - An OCSP response with
an unknown OID for response type. The signature on this response is invalid.
* ``x509/ocsp/resp-successful-no-response-bytes.der`` - An OCSP request with
a successful response type but the response bytes are missing.
* ``x509/ocsp/resp-unknown-response-status.der`` - An OCSP response with an
unknown response status.
Custom X.509 OCSP Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``x509/ocsp/req-sha1.der`` - An OCSP request containing a single request and
using SHA1 as the hash algorithm.
* ``x509/ocsp/req-multi-sha1.der`` - An OCSP request containing multiple
requests.
* ``x509/ocsp/req-invalid-hash-alg.der`` - An OCSP request containing an
invalid hash algorithm OID.
* ``x509/ocsp/req-ext-nonce.der`` - An OCSP request containing a nonce
extension.
* ``x509/ocsp/req-ext-unknown-oid.der`` - An OCSP request containing an
extension with an unknown OID.
* ``x509/ocsp/req-duplicate-ext.der`` - An OCSP request with duplicate
extensions.
* ``x509/ocsp/resp-unknown-extension.der`` - An OCSP response containing an
extension with an unknown OID.
* ``x509/ocsp/resp-unknown-hash-alg.der`` - An OCSP response containing an
invalid hash algorithm OID.
* ``x509/ocsp/req-acceptable-responses.der`` - An OCSP request containing an
acceptable responses extension.
Custom PKCS12 Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``pkcs12/cert-key-aes256cbc.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
both encrypted with AES 256 CBC with the password ``cryptography``.
* ``pkcs12/cert-none-key-none.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with no encryption. The password (used for integrity checking only) is
``cryptography``.
* ``pkcs12/cert-rc2-key-3des.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) encrypted with RC2 and key
(``pkcs12/ca/ca_key.pem``) encrypted via 3DES with the password
``cryptography``.
* ``pkcs12/no-password.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``) with no
encryption and no password.
* ``pkcs12/no-cert-key-aes256cbc.p12`` - A PKCS12 file containing a key
(``pkcs12/ca/ca_key.pem``) encrypted via AES 256 CBC with the
password ``cryptography`` and no certificate.
* ``pkcs12/cert-aes256cbc-no-key.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) encrypted via AES 256 CBC with the
password ``cryptography`` and no private key.
* ``pkcs12/no-name-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``).
* ``pkcs12/name-all-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with friendly name ``name``, as well as two additional certificates
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``name2`` and ``name3``, respectively.
* ``pkcs12/name-1-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with friendly name ``name``, as well as two additional certificates
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``).
* ``pkcs12/name-2-3-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and
``name3``, respectively.
* ``pkcs12/name-2-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``), the first having friendly name ``name2``.
* ``pkcs12/name-3-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``), the latter having friendly name ``name3``.
* ``pkcs12/name-unicode-no-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with friendly name ``☺``, as well as two additional certificates
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``ä`` and ``ç``, respectively.
* ``pkcs12/no-name-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``),
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/name-all-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with friendly name ``name``, as well as two additional certificates
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``name2`` and ``name3`` respectively,
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/name-1-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with friendly name ``name``, as well as two additional certificates
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/name-2-3-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``) with friendly names ``name2`` and
``name3`` respectively, encrypted via AES 256 CBC with the password
``cryptography``.
* ``pkcs12/name-2-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``), the first having friendly name ``name2``,
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/name-3-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``),
as well as two additional certificates (``x509/cryptography.io.pem``
and ``x509/letsencryptx3.pem``), the latter having friendly name ``name2``,
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/name-unicode-pwd.p12`` - A PKCS12 file containing a cert
(``pkcs12/ca/ca.pem``) and key (``pkcs12/ca/ca_key.pem``)
with friendly name ``☺``, as well as two additional certificates
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``ä`` and ``ç`` respectively, encrypted via
AES 256 CBC with the password ``cryptography``.
* ``pkcs12/no-cert-no-name-no-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``).
* ``pkcs12/no-cert-name-all-no-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``name2`` and ``name3``, respectively.
* ``pkcs12/no-cert-name-2-no-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
the first having friendly name ``name2``.
* ``pkcs12/no-cert-name-3-no-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
the second having friendly name ``name3``.
* ``pkcs12/no-cert-name-unicode-no-pwd.p12`` - A PKCS12 file containing two
certs (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``☹`` and ``ï``, respectively.
* ``pkcs12/no-cert-no-name-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/no-cert-name-all-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``name2`` and ``name3``, respectively,
encrypted via AES 256 CBC with the password ``cryptography``.
* ``pkcs12/no-cert-name-2-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
the first with friendly name ``name2``, encrypted via AES 256 CBC with
the password ``cryptography``.
* ``pkcs12/no-cert-name-3-pwd.p12`` - A PKCS12 file containing two certs
(``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``),
the second with friendly name ``name3``, encrypted via AES 256 CBC with
the password ``cryptography``.
* ``pkcs12/no-cert-name-unicode-pwd.p12`` - A PKCS12 file containing two
certs (``x509/cryptography.io.pem`` and ``x509/letsencryptx3.pem``)
with friendly names ``☹`` and ``ï``, respectively, encrypted via
AES 256 CBC with the password ``cryptography``.
* ``pkcs12/java-truststore.p12`` - A PKCS12 file containing two certs
(``x509/custom/dsa_selfsigned_ca.pem`` and ``x509/letsencryptx3.pem``) with
the first having a friendly name of `cert1`. Both have Java truststore
attributes with ANY_EXTENDED_KEY_USAGE.
Custom PKCS7 Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~
* ``pkcs7/isrg.pem`` - A PEM encoded PKCS7 file containing the ISRG X1 root
CA.
* ``pkcs7/amazon-roots.p7b`` - A BER encoded PCKS7 file containing Amazon Root
CA 2 and 3 generated by Apple Keychain.
* ``pkcs7/amazon-roots.der`` - A DER encoded PCKS7 file containing Amazon Root
CA 2 and 3 generated by OpenSSL.
* ``pkcs7/enveloped.pem`` - A PEM encoded PKCS7 file with enveloped data.
* ``pkcs7/enveloped-triple-des.pem`` - A PEM encoded PKCS7 file with
enveloped data, with content encrypted using DES EDE3 CBC (also called
Triple DES), under the public key of ``x509/custom/ca/rsa_ca.pem``.
* ``pkcs7/enveloped-rsa-oaep.pem``- A PEM encoded PKCS7 file with
enveloped data, with key encrypted using RSA-OAEP, under the public key of
``x509/custom/ca/rsa_ca.pem``.
* ``pkcs7/enveloped-no-content.der``- A DER encoded PKCS7 file with
enveloped data, without encrypted content, with key encrypted under the
public key of ``x509/custom/ca/rsa_ca.pem``.
Custom OpenSSH Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``ed25519-aesgcm-psw.key`` and ``ed25519-aesgcm-psw.key.pub`` generated by
exporting an Ed25519 key from ``1password 8`` with the password "password".
This key is encrypted using the ``aes256-gcm@openssh.com`` algorithm.
Generated by
``asymmetric/OpenSSH/gen.sh``
using command-line tools from OpenSSH_7.6p1 package.
* ``dsa-nopsw.key``, ``dsa-nopsw.key.pub``, ``dsa-nopsw.key-cert.pub`` -
DSA-1024 private key; and corresponding public key in plain format
and with self-signed certificate.
* ``dsa-psw.key``, ``dsa-psw.key.pub`` -
Password-protected DSA-1024 private key and corresponding public key.
Password is "password".
* ``ecdsa-nopsw.key``, ``ecdsa-nopsw.key.pub``,
``ecdsa-nopsw.key-cert.pub`` -
SECP256R1 private key; and corresponding public key in plain format
and with self-signed certificate.
* ``ecdsa-psw.key``, ``ecdsa-psw.key.pub`` -
Password-protected SECP384R1 private key and corresponding public key.
Password is "password".
* ``ed25519-nopsw.key``, ``ed25519-nopsw.key.pub``,
``ed25519-nopsw.key-cert.pub`` -
Ed25519 private key; and corresponding public key in plain format
and with self-signed certificate.
* ``ed25519-psw.key``, ``ed25519-psw.key.pub`` -
Password-protected Ed25519 private key and corresponding public key.
Password is "password".
* ``rsa-nopsw.key``, ``rsa-nopsw.key.pub``,
``rsa-nopsw.key-cert.pub`` -
RSA-2048 private key; and corresponding public key in plain format
and with self-signed certificate.
* ``rsa-psw.key``, ``rsa-psw.key.pub`` -
Password-protected RSA-2048 private key and corresponding public key.
Password is "password".
Custom OpenSSH Certificate Test Vectors
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``p256-p256-duplicate-extension.pub`` - A certificate with a duplicate
extension.
* ``p256-p256-non-lexical-extensions.pub`` - A certificate with extensions
in non-lexical order.
* ``p256-p256-duplicate-crit-opts.pub`` - A certificate with a duplicate
critical option.
* ``p256-p256-non-lexical-crit-opts.pub`` - A certificate with critical
options in non-lexical order.
* ``p256-ed25519-non-singular-crit-opt-val.pub`` - A certificate with
a critical option that contains more than one value.
* ``p256-ed25519-non-singular-ext-val.pub`` - A certificate with
an extension that contains more than one value.
* ``dsa-p256.pub`` - A certificate with a DSA public key signed by a P256
CA.
* ``p256-dsa.pub`` - A certificate with a P256 public key signed by a DSA
CA.
* ``p256-p256-broken-signature-key-type.pub`` - A certificate with a P256
public key signed by a P256 CA, but the signature key type is set to
``rsa-sha2-512``.
* ``p256-p256-empty-principals.pub`` - A certificate with a P256 public
key signed by a P256 CA with an empty valid principals list.
* ``p256-p256-invalid-cert-type.pub`` - A certificate with a P256 public
key signed by a P256 CA with an invalid certificate type.
* ``p256-p384.pub`` - A certificate with a P256 public key signed by a P384
CA.
* ``p256-p521.pub`` - A certificate with a P256 public key signed by a P521
CA.
* ``p256-rsa-sha1.pub`` - A certificate with a P256 public key signed by a
RSA CA using SHA1.
* ``p256-rsa-sha256.pub`` - A certificate with a P256 public key signed by
a RSA CA using SHA256.
* ``p256-rsa-sha512.pub`` - A certificate with a P256 public key signed by
a RSA CA using SHA512.
Hashes
~~~~~~
* MD5 from :rfc:`1321`.
* RIPEMD160 from the `RIPEMD website`_.
* SHA1 from `NIST CAVP`_.
* SHA2 (224, 256, 384, 512, 512/224, 512/256) from `NIST CAVP`_.
* SHA3 (224, 256, 384, 512) from `NIST CAVP`_.
* SHAKE (128, 256) from `NIST CAVP`_.
* Blake2s and Blake2b from OpenSSL `test/evptests.txt`_.
HMAC
~~~~
* HMAC-MD5 from :rfc:`2202`.
* HMAC-SHA1 from :rfc:`2202`.
* HMAC-RIPEMD160 from :rfc:`2286`.
* HMAC-SHA2 (224, 256, 384, 512) from :rfc:`4231`.
Key derivation functions
~~~~~~~~~~~~~~~~~~~~~~~~
* HKDF (SHA1, SHA256) from :rfc:`5869`.
* PBKDF2 (HMAC-SHA1) from :rfc:`6070`.
* scrypt from the `draft RFC`_.
* X9.63 KDF from `NIST CAVP`_.
* SP 800-108 Counter Mode KDF (HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, HMAC-SHA512) from `NIST CAVP`_.
* argon2id from :rfc:`9106`, OpenSSL's `evpkdf_argon2.txt`_, and the
argon2 command line application.
Key wrapping
~~~~~~~~~~~~
* AES key wrap (AESKW) and 3DES key wrap test vectors from `NIST CAVP`_.
* AES key wrap with padding vectors from `Botan's key wrap vectors`_.
Recipes
~~~~~~~
* Fernet from its `specification repository`_.
Symmetric ciphers
~~~~~~~~~~~~~~~~~
* AES (CBC, CFB, ECB, GCM, OFB, CCM) from `NIST CAVP`_.
* AES CTR from :rfc:`3686`.
* AES-GCM-SIV (KEY-LENGTH: 128, 256) from OpenSSL's `evpciph_aes_gcm_siv.txt`_.
* AES-GCM-SIV (KEY-LENGTH: 192) generated by this project.
See :doc:`/development/custom-vectors/aes-192-gcm-siv`
* AES OCB3 from :rfc:`7253`, `dkg's additional OCB3 vectors`_, and `OpenSSL's OCB vectors`_.
* AES SIV from OpenSSL's `evpciph_aes_siv.txt`_.
* 3DES (CBC, CFB, ECB, OFB) from `NIST CAVP`_.
* ARC4 (KEY-LENGTH: 40, 56, 64, 80, 128, 192, 256) from :rfc:`6229`.
* ARC4 (KEY-LENGTH: 160) generated by this project.
See: :doc:`/development/custom-vectors/arc4`
* Blowfish (CBC, CFB, ECB, OFB) from `Bruce Schneier's vectors`_.
* Camellia (ECB) from NTT's `Camellia page`_ as linked by `CRYPTREC`_.
* Camellia (CBC, CFB, OFB) from `OpenSSL's test vectors`_.
* CAST5 (ECB) from :rfc:`2144`.
* CAST5 (CBC, CFB, OFB) generated by this project.
See: :doc:`/development/custom-vectors/cast5`
* ChaCha20 from :rfc:`7539` and generated by this project.
See: :doc:`/development/custom-vectors/chacha20`
* ChaCha20Poly1305 from :rfc:`7539`, `OpenSSL's evpciph.txt`_, and the
`BoringSSL ChaCha20Poly1305 tests`_.
* IDEA (ECB) from the `NESSIE IDEA vectors`_ created by `NESSIE`_.
* IDEA (CBC, CFB, OFB) generated by this project.
See: :doc:`/development/custom-vectors/idea`
* RC2-128-CBC generated by this project. See: :doc:`/development/custom-vectors/rc2`
* SEED (ECB) from :rfc:`4269`.
* SEED (CBC) from :rfc:`4196`.
* SEED (CFB, OFB) generated by this project.
See: :doc:`/development/custom-vectors/seed`
* SM4 (CBC, CFB, CTR, ECB, OFB) from `draft-ribose-cfrg-sm4-10`_.
* SM4 (GCM) from :rfc:`8998`.
Two factor authentication
~~~~~~~~~~~~~~~~~~~~~~~~~
* HOTP from :rfc:`4226`
* TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC
6238 exists)
CMAC
~~~~
* AES-128, AES-192, AES-256, 3DES from `NIST SP-800-38B`_
Poly1305
~~~~~~~~
* Test vectors from :rfc:`7539`.
Creating test vectors
---------------------
When official vectors are unavailable ``cryptography`` may choose to build
its own using existing vectors as source material.
Created Vectors
~~~~~~~~~~~~~~~
.. toctree::
:maxdepth: 1
custom-vectors/aes-192-gcm-siv
custom-vectors/arc4
custom-vectors/cast5
custom-vectors/chacha20
custom-vectors/idea
custom-vectors/seed
custom-vectors/hkdf
custom-vectors/rc2
If official test vectors appear in the future the custom generated vectors
should be discarded.
Any vectors generated by this method must also be prefixed with the following
header format (substituting the correct information):
.. code-block:: python
# CAST5 CBC vectors built for https://github.com/pyca/cryptography
# Derived from the AESVS MMT test data for CBC
# Verified against the CommonCrypto and Go crypto packages
# Key Length : 128
.. _`NIST`: https://www.nist.gov/
.. _`IETF`: https://www.ietf.org/
.. _`Project Wycheproof`: https://github.com/C2SP/wycheproof
.. _`NIST CAVP`: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program
.. _`Bruce Schneier's vectors`: https://www.schneier.com/wp-content/uploads/2015/12/vectors-2.txt
.. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/
.. _`CRYPTREC`: https://www.cryptrec.go.jp
.. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232
.. _`OpenSSL's evpciph.txt`: https://github.com/openssl/openssl/blob/5a7bc0be97dee9ac715897fe8180a08e211bc6ea/test/evpciph.txt#L2362
.. _`BoringSSL ChaCha20Poly1305 tests`: https://boringssl.googlesource.com/boringssl/+/2e2a226ac9201ac411a84b5e79ac3a7333d8e1c9/crypto/cipher_extra/test/chacha20_poly1305_tests.txt
.. _`BoringSSL evp tests`: https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt
.. _`RIPEMD website`: https://homes.esat.kuleuven.be/~bosselae/ripemd160.html
.. _`draft RFC`: https://datatracker.ietf.org/doc/html/draft-josefsson-scrypt-kdf-01
.. _`Specification repository`: https://github.com/fernet/spec
.. _`errata`: https://www.rfc-editor.org/errata_search.php?rfc=6238
.. _`enc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/encpkcs8.pem
.. _`enc2-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/enc2pkcs8.pem
.. _`unenc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/unencpkcs8.pem
.. _`pkcs12_s2k_pem.c`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs12_s2k_pem.c
.. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc
.. _`GnuTLS example keys`: https://gitlab.com/gnutls/gnutls/-/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b
.. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors
.. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE
.. _`draft-ribose-cfrg-sm4-10`: https://datatracker.ietf.org/doc/html/draft-ribose-cfrg-sm4-10
.. _`Ed25519 website`: https://ed25519.cr.yp.to/software.html
.. _`NIST SP-800-38B`: https://csrc.nist.gov/pubs/sp/800/38/b/final
.. _`NIST PKI Testing`: https://csrc.nist.gov/Projects/PKI-Testing
.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
.. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053
.. _`asymmetric/public/PKCS1/dsa.pub.pem`: https://github.com/ruby/ruby/blob/4ccb387f3bc436a08fc6d72c4931994f5de95110/test/openssl/test_pkey_dsa.rb#L53
.. _`Mozilla bug`: https://bugzilla.mozilla.org/show_bug.cgi?id=233586
.. _`Russian CA`: https://e-trust.gosuslugi.ru/
.. _`test/evptests.txt`: https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt
.. _`unknown signature OID`: https://bugzilla.mozilla.org/show_bug.cgi?id=405966
.. _`botan`: https://github.com/randombit/botan/blob/57789bdfc55061002b2727d0b32587612829a37c/src/tests/data/pubkey/dh.vec
.. _`DHKE`: https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl
.. _`Botan's key wrap vectors`: https://github.com/randombit/botan/blob/737f33c09a18500e044dca3e2ae13bd2c08bafdd/src/tests/data/keywrap/nist_key_wrap.vec
.. _`root-ed25519.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/root-ed25519.pem
.. _`server-ed25519-cert.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/server-ed25519-cert.pem
.. _`server-ed448-cert.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/server-ed448-cert.pem
.. _`evpciph_aes_gcm_siv.txt`: https://github.com/openssl/openssl/blob/a2b1ab6100d5f0fb50b61d241471eea087415632/test/recipes/30-test_evp_data/evpciph_aes_gcm_siv.txt
.. _`evpciph_aes_siv.txt`: https://github.com/openssl/openssl/blob/d830526c711074fdcd82c70c24c31444366a1ed8/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
.. _`dkg's additional OCB3 vectors`: https://gitlab.com/dkg/ocb-test-vectors
.. _`OpenSSL's OCB vectors`: https://github.com/openssl/openssl/commit/2f19ab18a29cf9c82cdd68bc8c7e5be5061b19be
.. _`badkeys`: https://github.com/vcsjones/badkeys/tree/50f1cc5f8d13bf3a2046d689f6452decb15d9c3c
.. _`evpkdf_argon2.txt`: https://github.com/openssl/openssl/blob/01f4b44e075a796d62d3b007a80c5c04d0e77bfb/test/recipes/30-test_evp_data/evpkdf_argon2.txt
.. _`OpenSSL's RFC 6979 test vectors`: https://github.com/openssl/openssl/blob/01690a7ff36c4d18c48b301cdf375c954105a1d9/test/recipes/30-test_evp_data/evppkey_ecdsa_rfc6979.txt