aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/development/test-vectors.rst63
-rw-r--r--pytest.ini5
-rw-r--r--src/cryptography/hazmat/bindings/openssl/bio.py6
-rw-r--r--src/cryptography/hazmat/bindings/openssl/ecdsa.py8
-rw-r--r--src/cryptography/hazmat/bindings/openssl/err.py8
-rw-r--r--src/cryptography/hazmat/bindings/openssl/ssl.py12
-rw-r--r--tox.ini6
-rw-r--r--vectors/cryptography_vectors/x509/custom/dsa_selfsigned_ca.pem31
-rw-r--r--vectors/cryptography_vectors/x509/custom/ec_no_named_curve.pem16
-rw-r--r--vectors/cryptography_vectors/x509/custom/invalid_version.pem22
-rw-r--r--vectors/cryptography_vectors/x509/custom/post2000utctime.pem24
-rw-r--r--vectors/cryptography_vectors/x509/ecdsa_root.pem15
-rw-r--r--vectors/cryptography_vectors/x509/v1_cert.pem10
13 files changed, 183 insertions, 43 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 8c2d1361..10c20dba 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -34,10 +34,48 @@ Asymmetric ciphers
`enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher.
* `Botan's ECC private keys`_.
+Custom Asymmetric Vectors
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL
+ from the curve ``secp256r1``.
+* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as
+ ``ec_private_key.pem``, except that it is encrypted with AES-128 with the
+ password "123456".
+* ``ec_public_key.pem`` - Contains the public key corresponding to
+ ``ec_private_key.pem``, generated using OpenSSL.
+* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using
+ OpenSSL, protected by the secret "123456" with DES3 encryption.
+* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using
+ OpenSSL from ``rsa_private_key.pem``.
+* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL;
+ contains no keys.
+* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using
+ OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret
+ "123456" with DES3 encryption.
+* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL
+ from ``dsa_private_key.pem``.
+
+
X.509
~~~~~
* PKITS test suite from `NIST PKI Testing`_.
+* ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_).
+* ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root
+ certificate.
+
+Custom X.509 Vectors
+~~~~~~~~~~~~~~~~~~~~
+
+* ``invalid_version.pem`` - Contains an RSA 2048 bit certificate with the
+ X.509 version field set to ``0x7``.
+* ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the
+ ``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``.
+* ``dsa_selfsigned_ca.pem`` - Contains a DSA self-signed CA certificate
+ generated using OpenSSL.
+* ``ec_no_named_curve.pem`` - Contains an ECDSA certificate that does not have
+ an embedded OID defining the curve.
Hashes
~~~~~~
@@ -107,27 +145,8 @@ Creating test vectors
When official vectors are unavailable ``cryptography`` may choose to build
its own using existing vectors as source material.
-Current custom vectors
-~~~~~~~~~~~~~~~~~~~~~~
-
-* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL
- from the curve ``secp256r1``.
-* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as
- ``ec_private_key.pem``, except that it is encrypted with AES-128 with the
- password "123456".
-* ``ec_public_key.pem`` - Contains the public key corresponding to
- ``ec_private_key.pem``, generated using OpenSSL.
-* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using
- OpenSSL, protected by the secret "123456" with DES3 encryption.
-* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using
- OpenSSL from ``rsa_private_key.pem``.
-* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL;
- contains no keys.
-* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using
- OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret
- "123456" with DES3 encryption.
-* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL
- from ``dsa_private_key.pem``.
+Custom Symmetric Vectors
+~~~~~~~~~~~~~~~~~~~~~~~~
.. toctree::
:maxdepth: 1
@@ -174,3 +193,5 @@ header format (substituting the correct information):
.. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html
.. _`NIST SP-800-38B`: http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
.. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
+.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
+.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
diff --git a/pytest.ini b/pytest.ini
deleted file mode 100644
index 0567f800..00000000
--- a/pytest.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[pytest]
-addopts = -r s
-markers =
- requires_backend_interface: this test requires a specific backend interface
- supported: parametrized test requiring only_if and skip_message
diff --git a/src/cryptography/hazmat/bindings/openssl/bio.py b/src/cryptography/hazmat/bindings/openssl/bio.py
index 854b2bc6..6cc1bcb2 100644
--- a/src/cryptography/hazmat/bindings/openssl/bio.py
+++ b/src/cryptography/hazmat/bindings/openssl/bio.py
@@ -17,7 +17,7 @@ struct bio_method_st {
int (*bwrite)(BIO *, const char *, int);
int (*bread)(BIO *, char *, int);
int (*bputs)(BIO *, const char *);
- int (*bgets)(BIO *, char*, int);
+ int (*bgets)(BIO *, char *, int);
long (*ctrl)(BIO *, int, long, void *);
int (*create)(BIO *);
int (*destroy)(BIO *);
@@ -27,7 +27,7 @@ struct bio_method_st {
typedef struct bio_method_st BIO_METHOD;
struct bio_st {
BIO_METHOD *method;
- long (*callback)(struct bio_st*, int, const char*, int, long, long);
+ long (*callback)(struct bio_st *, int, const char *, int, long, long);
char *cb_arg;
int init;
int shutdown;
@@ -89,7 +89,7 @@ static const int BIO_TYPE_FILTER;
"""
FUNCTIONS = """
-BIO* BIO_new(BIO_METHOD *);
+BIO *BIO_new(BIO_METHOD *);
int BIO_set(BIO *, BIO_METHOD *);
int BIO_free(BIO *);
void BIO_vfree(BIO *);
diff --git a/src/cryptography/hazmat/bindings/openssl/ecdsa.py b/src/cryptography/hazmat/bindings/openssl/ecdsa.py
index 30866d11..db21025c 100644
--- a/src/cryptography/hazmat/bindings/openssl/ecdsa.py
+++ b/src/cryptography/hazmat/bindings/openssl/ecdsa.py
@@ -34,7 +34,7 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **s, const unsigned char **, long);
ECDSA_SIG *ECDSA_do_sign(const unsigned char *, int, EC_KEY *);
ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *, int, const BIGNUM *,
const BIGNUM *, EC_KEY *);
-int ECDSA_do_verify(const unsigned char *, int, const ECDSA_SIG *, EC_KEY*);
+int ECDSA_do_verify(const unsigned char *, int, const ECDSA_SIG *, EC_KEY *);
int ECDSA_sign_setup(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **);
int ECDSA_sign(int, const unsigned char *, int, unsigned char *,
unsigned int *, EC_KEY *);
@@ -44,9 +44,9 @@ int ECDSA_verify(int, const unsigned char *, int, const unsigned char *, int,
EC_KEY *);
int ECDSA_size(const EC_KEY *);
-const ECDSA_METHOD* ECDSA_OpenSSL();
+const ECDSA_METHOD *ECDSA_OpenSSL();
void ECDSA_set_default_method(const ECDSA_METHOD *);
-const ECDSA_METHOD* ECDSA_get_default_method();
+const ECDSA_METHOD *ECDSA_get_default_method();
int ECDSA_get_ex_new_index(long, void *, CRYPTO_EX_new *,
CRYPTO_EX_dup *, CRYPTO_EX_free *);
int ECDSA_set_method(EC_KEY *, const ECDSA_METHOD *);
@@ -72,7 +72,7 @@ ECDSA_SIG* (*ECDSA_do_sign)(const unsigned char *, int, EC_KEY *eckey) = NULL;
ECDSA_SIG* (*ECDSA_do_sign_ex)(const unsigned char *, int, const BIGNUM *,
const BIGNUM *, EC_KEY *) = NULL;
int (*ECDSA_do_verify)(const unsigned char *, int, const ECDSA_SIG *,
- EC_KEY*) = NULL;
+ EC_KEY *) = NULL;
int (*ECDSA_sign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **) = NULL;
int (*ECDSA_sign)(int, const unsigned char *, int, unsigned char *,
unsigned int *, EC_KEY *) = NULL;
diff --git a/src/cryptography/hazmat/bindings/openssl/err.py b/src/cryptography/hazmat/bindings/openssl/err.py
index 1d43acd7..ec393c1b 100644
--- a/src/cryptography/hazmat/bindings/openssl/err.py
+++ b/src/cryptography/hazmat/bindings/openssl/err.py
@@ -231,11 +231,11 @@ FUNCTIONS = """
void ERR_load_crypto_strings(void);
void ERR_load_SSL_strings(void);
void ERR_free_strings(void);
-char* ERR_error_string(unsigned long, char *);
+char *ERR_error_string(unsigned long, char *);
void ERR_error_string_n(unsigned long, char *, size_t);
-const char* ERR_lib_error_string(unsigned long);
-const char* ERR_func_error_string(unsigned long);
-const char* ERR_reason_error_string(unsigned long);
+const char *ERR_lib_error_string(unsigned long);
+const char *ERR_func_error_string(unsigned long);
+const char *ERR_reason_error_string(unsigned long);
void ERR_print_errors(BIO *);
void ERR_print_errors_fp(FILE *);
unsigned long ERR_get_error(void);
diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py
index 87c1429c..9a48f586 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/cryptography/hazmat/bindings/openssl/ssl.py
@@ -322,7 +322,7 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int);
RHEL/CentOS 5 this can be moved back to FUNCTIONS. */
SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *);
-const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*);
+const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *);
/* NPN APIs were introduced in OpenSSL 1.0.1. To continue to support earlier
* versions some special handling of these is necessary.
@@ -353,8 +353,8 @@ SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int);
/* ALPN APIs were introduced in OpenSSL 1.0.2. To continue to support earlier
* versions some special handling of these is necessary.
*/
-int SSL_CTX_set_alpn_protos(SSL_CTX *, const unsigned char*, unsigned);
-int SSL_set_alpn_protos(SSL *, const unsigned char*, unsigned);
+int SSL_CTX_set_alpn_protos(SSL_CTX *, const unsigned char *, unsigned);
+int SSL_set_alpn_protos(SSL *, const unsigned char *, unsigned);
void SSL_CTX_set_alpn_select_cb(SSL_CTX *,
int (*) (SSL *,
const unsigned char **,
@@ -487,7 +487,7 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1;
#endif
/* Workaround for #794 caused by cffi const** bug. */
-const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) {
+const SSL_METHOD *Cryptography_SSL_CTX_get_method(const SSL_CTX *ctx) {
return ctx->method;
}
@@ -525,9 +525,9 @@ static const long Cryptography_HAS_NEXTPROTONEG = 1;
/* ALPN was added in OpenSSL 1.0.2. */
#if OPENSSL_VERSION_NUMBER < 0x10002001L
int (*SSL_CTX_set_alpn_protos)(SSL_CTX *,
- const unsigned char*,
+ const unsigned char *,
unsigned) = NULL;
-int (*SSL_set_alpn_protos)(SSL *, const unsigned char*, unsigned) = NULL;
+int (*SSL_set_alpn_protos)(SSL *, const unsigned char *, unsigned) = NULL;
void (*SSL_CTX_set_alpn_select_cb)(SSL_CTX *,
int (*) (SSL *,
const unsigned char **,
diff --git a/tox.ini b/tox.ini
index 85a095b5..677df7e4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -76,3 +76,9 @@ application-import-names = cryptography,cryptography_vectors,tests
[doc8]
extensions = rst
+
+[pytest]
+addopts = -r s
+markers =
+ requires_backend_interface: this test requires a specific backend interface
+ supported: parametrized test requiring only_if and skip_message
diff --git a/vectors/cryptography_vectors/x509/custom/dsa_selfsigned_ca.pem b/vectors/cryptography_vectors/x509/custom/dsa_selfsigned_ca.pem
new file mode 100644
index 00000000..4348ce81
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/dsa_selfsigned_ca.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFWjCCBRqgAwIBAgIJAKNzUuCyFC+GMAkGByqGSM44BAMwZzELMAkGA1UEBhMC
+VVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xITAfBgNVBAoTGElu
+dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAxMLUHlDQSBEU0EgQ0EwHhcN
+MTQxMTI3MDUxNDE3WhcNMTQxMjI3MDUxNDE3WjBnMQswCQYDVQQGEwJVUzEOMAwG
+A1UECBMFVGV4YXMxDzANBgNVBAcTBkF1c3RpbjEhMB8GA1UEChMYSW50ZXJuZXQg
+V2lkZ2l0cyBQdHkgTHRkMRQwEgYDVQQDEwtQeUNBIERTQSBDQTCCAzowggItBgcq
+hkjOOAQBMIICIAKCAQEAv63mBI43PNTki2d+h4yOWwjAIQKuBOsstcRqUjo68cc9
+FrJPNKSWR4GuflBQDiF3d1SmcL0Zp0INYzCE5VVuM8osDn1UfqX0agegG/hmmuO9
+7AQtmyrl5uz0nwC6nayZq27/FA0s7fci7mLC+XNoV5cURMJdCjPSAX3DbWgqEFT+
+KpQo3aNVqFHObm1h4D5Bn9TKTnAzE3Q9hsqohZMPYu1b80LYFlYnaB6cwyRLpyqi
+IUhACmu+gBVOhV0ELJ3Co0BfHlF76d6lBWL1bak/YIX4RKfnBcHwQ+ZXUcWDuA0p
+ED5ZDMsm79qgiT2DPjZGjzkHz8p4ijy3kPA0HIoxvwIVAIIv9dI04HO5Ac9ZQfWO
+H1OOcdQNAoIBAEt87XHcNTll7MENRBqaBvwklDoy1mQp3V70TUPmfXidmXcK7DLA
+QV3JKXCICHLaRf743R4RWj5IATh7ptdVhh8GL9O26eqOJkEVIzm4KDFbFSjubHt5
+RY0h89uXP2/DA/k5cXTCeZ3SNRKCqi2IQsNXpzSVu6rEkyeGQUxV5g1zFp9XYQNv
+uinp7r+wSfijsbfO5vP7+hNiBfEwvuLPW5w43BCV1ABvLnMzXAc1LGQTChqyuJ8T
+tI9ijTzDhovuzpu3vq3p+DDqzG+iQUJcCz/MDfQWoMife/NWaNdl7JXNz76cr/Sc
+/BVsZox2+mJHZ2ptOslFhEoINQnGobQ2usoDggEFAAKCAQBMCL/l8tdmScgKz31D
+H2riEksheryMn2rKd23fqUU7ZlbxPlQ2hM1fZDGjFDd9Kr+gaLcIDLjdwGWvwt6l
+WfC1hMl6KyNbm2m0a8beGu1CKm80GDJhi8quIZiro4gJna+wX/C17+yzsK4WmmLh
+xyAir1CuaK87AzwY5u7B999GksRWzK+3nMfgjaCleG6YFs7aZR1htLt7gcJ4Pal8
+6mLfZ69ehZkf3BOv8Q/GDgZYY4a5a7eNZXUPVC+GlR4FptgbqtvNNaLlytQRmSOu
+aiACCRo9FwF/k8UpcBE83BGZcLkHTKUG6skcPdN2Ml30r2s5Ee8mfSZiOlocXfSm
+0T8co4HMMIHJMB0GA1UdDgQWBBSk+4h6E/zeswO7rpod7KcvElpUGzCBmQYDVR0j
+BIGRMIGOgBSk+4h6E/zeswO7rpod7KcvElpUG6FrpGkwZzELMAkGA1UEBhMCVVMx
+DjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xITAfBgNVBAoTGEludGVy
+bmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAxMLUHlDQSBEU0EgQ0GCCQCjc1Lg
+shQvhjAMBgNVHRMEBTADAQH/MAkGByqGSM44BAMDLwAwLAIUJcSoSpNqsxHuAX08
+vZo8ZQuzrkoCFF0wxktDJoa9+SVxa07QWRhDlrzO
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/custom/ec_no_named_curve.pem b/vectors/cryptography_vectors/x509/custom/ec_no_named_curve.pem
new file mode 100644
index 00000000..4edeaa1c
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/ec_no_named_curve.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICbTCCAhOgAwIBAgIBADAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztYWUxJOlpC
+M0w6NUpINjpFVVZYOldVS0o6S0w2WTpSSENPOlRFU1k6SVNYTToyWVZFOkZOSFU6
+Wkk2UTAeFw0xNDEyMTIwODAyMTdaFw0xNDEyMTMwODAyMTdaMEYxRDBCBgNVBAMT
+O1hZTEk6WkIzTDo1Skg2OkVVVlg6V1VLSjpLTDZZOlJIQ086VEVTWTpJU1hNOjJZ
+VkU6Rk5IVTpaSTZRMIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIh
+AP////8AAAABAAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAA
+AAAAAAAAAAAA///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7
+zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA
+8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R
+9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABO5cqNMX
+U4PWD9x2ffa/B9xvpw3poTOAQYpRHSlGV7JTYuubeZEm2vRRLXA9n1l7+JBffxZC
+r+yjS2JHNuq+0kgwCgYIKoZIzj0EAwIDSAAwRQIhAKYoc7Azt/GwTeLFBlhaLpSD
+seB3qsN1kdZH4bzylonjAiA9/nVi7fbYydpym5jnW4DpHnenoZcZdWeDVnhE0J4c
+WA==
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/custom/invalid_version.pem b/vectors/cryptography_vectors/x509/custom/invalid_version.pem
new file mode 100644
index 00000000..84a55626
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/invalid_version.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBBwITBlqtEggCEIn2HtsUzORK3EHP0zANBgkqhkiG9w0BAQUF
+ADBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3Rp
+bjENMAsGA1UECgwEUHlDQTEYMBYGA1UEAwwPQ3J5cHRvZ3JhcGh5IENBMB4XDTE0
+MTEyNjE0NDQ1N1oXDTM0MTEyMTIwNDQ1N1owVzELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMQ8wDQYDVQQHDAZBdXN0aW4xDTALBgNVBAoMBFB5Q0ExGDAWBgNV
+BAMMD0NyeXB0b2dyYXBoeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAJZPCfKbFZQ5G5gYdXbxPq7o1DFaYzeWOqBzR4M1iE1gnDTw/ZQXExVVIZga
+QU3aiiL1hZ+9NdWvmViDKlj4Qa7+8FxHhuq/Weri/itFhMcEuGs+iTclWc/H1M5J
+3OChClzKcugeOPP/ZevZXiKSB4pGd+b6esw40WSmIWBqwKpQOu8DxXX1LCP+xS9j
+ZlARDS2VqD/LP6ZbTd5odOX6kMi4dm9mVnfREUL79hMShTPt2BB7muKm2yNWmJuh
+npUWTyl0P7r+lgr1y1E+u+3YbThWe7hk2Ra21J1Xpba4v1j5WR0+IfwjbJIJA7up
+eeqB3rrZBJmPyKGVX6m8gXiYtR8CAwEAAaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUrc6wKzvf3ST5Tk+Idr37QF9pIjMwHwYDVR0jBBgwFoAUrc6wKzvf
+3ST5Tk+Idr37QF9pIjMwDQYJKoZIhvcNAQEFBQADggEBACZusajSqo9wL+Rjn0EA
+kM92FglKgZ7K3Bp1O9MPp740ytnueY7lWduiPuEjcUQUeI2nBfQYJRoucPLi/2dD
+jJgxK6BoYwvm5VJH3g65G39EYnz3L8IUCYGKJ75nffVYvlqcJkfNO+lxt11hGXMA
+w/QOdv4TsfjVVbLMcbhKtrMh5iaB5+QbcoBx21i8opg1qi3pwJ8Tgj6JxsKTjlc0
+xoZWDjPao8/dpvbfMsJwlHazZFAPdknZN8/oo0M5DWBQuxiFNoXllDsHrZNN8TAk
+Xvr/2XumAxgJJmxDqSbRBDXnwAzj9Jq3ITl4bJ8Nw9sPpS920Owv0xKtQILbo+RR
+tcA=
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/custom/post2000utctime.pem b/vectors/cryptography_vectors/x509/custom/post2000utctime.pem
new file mode 100644
index 00000000..ce5c058b
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/custom/post2000utctime.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID8DCCAtigAwIBAgIJAKBstLlV9/TbMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxETAPBgNVBAMTCEhlbGxvIENBMB4XDTE0MTEyNjIxNDEy
+MFoXDTE0MTIyNjIxNDEyMFowWDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
+U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDERMA8GA1UE
+AxMISGVsbG8gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwOvcC
+BZ4n8eIoS1a7smwDkVO/gfKVtzpJEymQZF7eTS2gqRPELn0401iaANOUDRlPbm2H
+fC74EtoionXoPYvnhkZ0i05/I9EOhz/XL1ehPexzL8VqsTixuzCDmbtBLNc5IU73
+FOGXbglgNAXiVWKZoFUiUQrEV0216css9fmej0jBaWqz6i1tLdq31OGzFxiLdqVy
+l39uzgpK05bwFQ59ixqZhsDLkFJ+wmylbikUwnDSoZi2MvqKL9pVB509OYZLb7lt
+2+Mxyss8uHg6hJTMzNiGo1JQeIR8oByl+APokhRAPopLVJlTnAuG96DapFsgSo4H
+nYpbA9t7obo9cBGnAgMBAAGjgbwwgbkwHQYDVR0OBBYEFNjoncd35EcmVvGGRpWp
+9mt7BACuMIGJBgNVHSMEgYEwf4AU2Oidx3fkRyZW8YZGlan2a3sEAK6hXKRaMFgx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxETAPBgNVBAMTCEhlbGxvIENBggkAoGy0uVX3
+9NswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAjg9y/L6+R1Wryvds
+jOC64XzeTbFikWOOGxzgSpPNtMRKNIYHCYbFqIDBT9+El+fSibJjDMsh0ko9GqGy
+2HSCB/Oh4WzN+Nqop+oaM9SXdPUT7fCScL2OZltjAKEPADZqWQdpBetjzxCoGgyn
+im7zEn9ssvb7f5R/ziKjDYAEjCQ7osGlTEJf4SMQ6Kc3Y49JIDVNTM4ly9neol5q
+L+DYV5pcjZKbknW+Ihl1R58/dQdbys8JUmUjtf1n92g/PNpCD6ux6eb8JrwGSc9h
+uwUdaTL6w3Bmuxb1WQPf54U9xeUF4qEPu6T56ToNO1O3+jSwXXum7vhpv8NLjlFP
+1UGfdQ==
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/ecdsa_root.pem b/vectors/cryptography_vectors/x509/ecdsa_root.pem
new file mode 100644
index 00000000..bc20c1e1
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/ecdsa_root.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
+Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw
+EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
+IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG
+fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO
+Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
+BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx
+AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/
+oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
+sycX
+-----END CERTIFICATE-----
diff --git a/vectors/cryptography_vectors/x509/v1_cert.pem b/vectors/cryptography_vectors/x509/v1_cert.pem
new file mode 100644
index 00000000..8a85d149
--- /dev/null
+++ b/vectors/cryptography_vectors/x509/v1_cert.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
+BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
+MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
+RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
+AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
+/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
+Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
+zl9HYIMxATFyqSiD9jsx
+-----END CERTIFICATE-----
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-11 17:58:25 +0000