From ebc265065042a3aef34e96488b0f05114d911ac3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 26 Nov 2014 19:18:56 -1000 Subject: add several new x509 test vectors --- docs/development/test-vectors.rst | 60 +++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 21 deletions(-) (limited to 'docs/development') diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 8c2d1361..a682562a 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -34,10 +34,45 @@ Asymmetric ciphers `enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher. * `Botan's ECC private keys`_. +Custom Asymmetric Vectors +~~~~~~~~~~~~~~~~~~~~~~~~~ + +* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL + from the curve ``secp256r1``. +* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as + ``ec_private_key.pem``, except that it is encrypted with AES-128 with the + password "123456". +* ``ec_public_key.pem`` - Contains the public key corresponding to + ``ec_private_key.pem``, generated using OpenSSL. +* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using + OpenSSL, protected by the secret "123456" with DES3 encryption. +* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using + OpenSSL from ``rsa_private_key.pem``. +* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL; + contains no keys. +* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using + OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret + "123456" with DES3 encryption. +* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL + from ``dsa_private_key.pem``. + + X.509 ~~~~~ * PKITS test suite from `NIST PKI Testing`_. +* ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_). +* ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root + certificate. + +Custom X.509 Vectors +~~~~~~~~~~~~~~~~~~~~ + +* ``invalid_version.pem`` - Contains an RSA 2048 bit certificate with the + X.509 version field set to ``0x7``. +* ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the + ``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``. +* ``dsa_root.pem`` - Contains a DSA root certificate generated using OpenSSL. Hashes ~~~~~~ @@ -107,27 +142,8 @@ Creating test vectors When official vectors are unavailable ``cryptography`` may choose to build its own using existing vectors as source material. -Current custom vectors -~~~~~~~~~~~~~~~~~~~~~~ - -* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL - from the curve ``secp256r1``. -* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as - ``ec_private_key.pem``, except that it is encrypted with AES-128 with the - password "123456". -* ``ec_public_key.pem`` - Contains the public key corresponding to - ``ec_private_key.pem``, generated using OpenSSL. -* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using - OpenSSL, protected by the secret "123456" with DES3 encryption. -* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using - OpenSSL from ``rsa_private_key.pem``. -* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL; - contains no keys. -* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using - OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret - "123456" with DES3 encryption. -* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL - from ``dsa_private_key.pem``. +Custom Symmetric Vectors +~~~~~~~~~~~~~~~~~~~~~~~~ .. toctree:: :maxdepth: 1 @@ -174,3 +190,5 @@ header format (substituting the correct information): .. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html .. _`NIST SP-800-38B`: http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf .. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html +.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem +.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt -- cgit v1.2.3