aboutsummaryrefslogtreecommitdiffstats
path: root/vectors
Commit message (Collapse)AuthorAgeFilesLines
* add OCSP request with a request extension (nonce) (#4462)Paul Kehrer2018-09-071-0/+0
|
* More OCSP vectors (#4451)Paul Kehrer2018-09-012-0/+0
| | | | | | | | * yet another ocsp response vector. and yet there will be at least one more after this * add one more
* add LE subordinate certificate to test vectors (#4450)Paul Kehrer2018-09-011-0/+27
|
* add more OCSP response vectors (#4445)Paul Kehrer2018-09-013-0/+2
| | | | | | * add more OCSP response vectors * another vector and better docs
* OCSP response vector (#4443)Paul Kehrer2018-08-311-0/+0
| | | | | | | | | | * OCSP response vector * oops, wrong name * move ocsp response vector docs * make alex happy
* Added vector for pre-certificate poison extension (#4432)Alex Gaynor2018-08-301-0/+30
|
* Fix encoding errors in RSA test keys. (#4410)David Benjamin2018-08-233-111/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix encoding errors in RSA test keys. enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key correctly. Per RFC 8017, appendix A.1: The object identifier rsaEncryption identifies RSA public and private keys as defined in Appendices A.1.1 and A.1.2. The parameters field has associated with this OID in a value of type AlgorithmIdentifier SHALL have a value of type NULL. rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn, carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly, unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted with the openssl command-line tool which fixed the encoding in conversion. Current versions of OpenSSL are lax and ignore the parameters field, but it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem} with the new encoding but otherwise the same encryption parameters. I've refreshed the dumpasn1 (at least that's what it looks like) preamble at the top of each file, but the current version of dumpasn1 appears to have changed the spacing slightly, so there's some whitespace diff noise. * Update test-vectors.rst.
* add new OCSP request vectors (#4399)Paul Kehrer2018-08-152-0/+0
|
* reopen master (#4359)Paul Kehrer2018-07-181-1/+1
|
* bump version and changelog for 2.3 release (#4356)Paul Kehrer2018-07-181-1/+1
|
* Add SHA512/224 and SHA512/256 test vectors from NIST CAVP (#4237)Paul Kehrer2018-05-148-0/+7120
|
* add SHA3 and SHAKE vectors (#4213)Paul Kehrer2018-05-0920-0/+20712
| | | These can be used when OpenSSL 1.1.1 is released
* update the NIST keywrap vectors (#4191)Paul Kehrer2018-04-1212-17974/+17974
| | | | NIST has updated the vectors to cover the bug we had. Let's use those vectors. Thanks NIST!
* Added badtime.pem vector (#4179)Joshua Crowgey2018-03-301-0/+18
| | | | | | | | * Added badtime.pem vector In connection with forthcoming PR to fix #4158 * shortened line, corrected and->and
* add botan's AESKWP vectors reformatted for our NIST loader (#4159)Paul Kehrer2018-03-201-0/+650
|
* open master for 2.3 (#4151)Paul Kehrer2018-03-181-1/+1
|
* 2.2 release! (#4150)Paul Kehrer2018-03-181-1/+1
| | | | | | * 2.2 release! * also change versions
* brainpool vectors from rfc 7027 (#4143)Paul Kehrer2018-03-151-0/+34
|
* add 1200 byte HKDF test vector and a generator/verifier for it (#4074)Paul Kehrer2018-01-061-0/+9
| | | | | | | | * add 1200 byte HKDF test vector and a generator/verifier for it * exit non-zero when failing * ugh
* remove whirlpool vectors since we no longer support whirlpool (#4054)Paul Kehrer2017-12-101-71/+0
|
* start the twenty second release cycle (#3960)Paul Kehrer2017-10-111-1/+1
|
* update changelog release date and bump version for 2.1 release (#3958)Paul Kehrer2017-10-111-1/+1
|
* add utf8 DNSName x509 vector (#3952)Paul Kehrer2017-10-091-0/+41
|
* add Freshest CRL and Delta CRL Indicator test vectors (#3932)Paul Kehrer2017-09-202-0/+30
|
* add unique identifier test vector (#3925)Paul Kehrer2017-09-191-0/+11
| | | | | | * add unique identifier test vector * wrap a line I didn't even touch...
* add chacha20 test vectors from RFC 7539 (#3918)Paul Kehrer2017-09-141-0/+23
|
* add X509 test vector with a TLS Feature (RFC 7633) extension (#3898)Paul Kehrer2017-09-081-0/+33
|
* oaep label vector (#3895)Paul Kehrer2017-09-071-0/+8
| | | | | | | | | | * oaep label vector * add count so we can use the nist vector loader * add RSA key from the boring vectors as well https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt#8
* add initial OCSP request test vector (#3890)Paul Kehrer2017-09-071-0/+0
|
* add test vector with invalid basicconstraints (#3866)Paul Kehrer2017-08-151-0/+34
| | | | | | * add test vector with invalid basicconstraints * sigh
* Add is_signature_valid method on CertificateRevocationList (#3849)Vincent Pelletier2017-08-122-0/+56
|
* Open master for 2.1 (#3788)Alex Gaynor2017-07-171-1/+1
|
* 2.0 version bump and changelog (#3787)Paul Kehrer2017-07-171-1/+1
| | | | | | * 2.0 version bump and changelog * dates are just an illusion
* add rfc 3526 DH groups (#3767)Paul Kehrer2017-07-081-0/+31
|
* Dh parameters serialization (#3504)Aviv Palivoda2017-06-241-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH parameter serizalization - no X9.42 * Support X9.42 serialization - DER not working * Fix dhp_rfc5114_2.der Changing the DER parameters serialization after the fix in openssl commit a292c9f1b835 * DH parameters X9.42 DER serialization fixed * fix _skip_dhx_unsupported * document DH parameter_bytes * PEP8 fixes * Document load_pem_parameters * Document load_der_parameters * document ParameterFormat * Increase test coverage * Increase test covrage * Remove unneeded check * Fix typo * Fix error in load_der_parameters * Add load_pem_parameters and load_der_parameters to interfaces * CR fixes * Removed unverified phrase * Update version to 2.0 * Fix pep8 * Rename ParameterFormat.ASN1 to ParameterFormat.DHParameter * link pkcs3 * Add new line at end of file to serialization.rst * Rename DHparameters to PKCS3 * doc CR fix
* Removed executable bit from vectors (#3708)Alex Gaynor2017-06-1919-0/+0
|
* add NIST CAVP CCM vectors (#3698)Paul Kehrer2017-06-1819-0/+21708
| | | | | http://csrc.nist.gov/groups/STM/cavp/documents/mac/ccmtestvectors.zip No TLS :(
* add X25519 test vectors from RFC 7748 section 5.2 (#3685)Paul Kehrer2017-06-061-0/+16
|
* when you :%s/\:/=/g sometimes there's a colon you shouldn't have touched (#3678)Paul Kehrer2017-06-041-1/+1
|
* add ChaCha20Poly1305 test vectors from OpenSSL/RFC7539 (#3673)Paul Kehrer2017-06-042-0/+575
| | | | | | | | * add ChaCha20Poly1305 test vectors from OpenSSL/RFC7539 * add the boringssl tests as well * highlight the lines
* Post release tasks to open master for 2.0 (#3644)Alex Gaynor2017-05-291-1/+1
|
* 1.9 version bump and changelog (#3641)Paul Kehrer2017-05-291-1/+1
|
* Enlarge _oid2txt buffer to handle larger OIDs (#3612)Fraser Tweedale2017-05-291-0/+32
| | | | | | | | | The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt: https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values. But OIDs longer than this occur in real life (e.g. Active Directory makes some very long OIDs). If the length of the stringified OID exceeds the buffer size, allocate a new buffer that is big enough to hold the stringified OID, and re-do the conversion into the new buffer.
* Remove trailing space in vector #3522 (#3523)Alex Gaynor2017-04-281-1/+1
| | | The original source of this vector does not have a space, we added it by accident
* Refs #3461 -- added a test vector with SCTs (#3462)Alex Gaynor2017-03-191-0/+30
| | | | | | * Refs #3461 -- added a test vector with SCTs * timestamp is a word
* port 1.8.1 changelog and update master for 1.9 release cycle (#3440)Paul Kehrer2017-03-101-1/+1
|
* 1.8 version bump and changelog date (#3438)Paul Kehrer2017-03-091-1/+1
|
* DH subgroup order (q) (#3369)Aviv Palivoda2017-03-058-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support DH q (subgroup order) * Change RFC5114.txt to NIST format * Add tests for DH q * Update docs for DH q * Fix pep8 * Improve test covergae for DH q * Create _dh_params_dup that copy q if DHparams_dup don't On OpenSSL < 1.0.2 DHparams_dup don't copy q. _dh_params_dup call DHparams_dup and if the version is smaller than 1.0.2 copy q manually * Copy q manually on libressl * Add to test vectors serialized RFC5114 2048 bit DH parameters with 224 bit subgroup * Support serialization of DH with q * Add tests for serialization of DH with q * Support DH serialization with q only if Cryptography_HAS_EVP_PKEY_DHX is true * Raise exception when trying to serialize DH X9.42 when not supported * raise unsupported key type when deserilizing DH X9.42 if not supported * pep8 fixes * Fix test_serialization * Add dhx_serialization_supported method to DHBacked * document q in dh_parameters_supported * Rename dhx_serialization_supported to dh_x942_serialization_supported
* DH serialization (#3297)Aviv Palivoda2017-02-077-0/+29
| | | | | | | | | | | | | | | | | | * DH keys support serialization * Add DH serialization documentation * Add tests for DH keys serialization in DER encoding * update version to 1.8 * Allow only SubjectPublicKeyInfo serialization * Remove support in TraditionalOpenSSL format * Fix pep8 * Refactor dh serialization tests
* It is 2017, in UTC (#3342)Alex Gaynor2016-12-311-1/+1
|