From ebc265065042a3aef34e96488b0f05114d911ac3 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 26 Nov 2014 19:18:56 -1000
Subject: add several new x509 test vectors

---
 docs/development/test-vectors.rst | 60 +++++++++++++++++++++++++--------------
 1 file changed, 39 insertions(+), 21 deletions(-)

(limited to 'docs/development')

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 8c2d1361..a682562a 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -34,10 +34,45 @@ Asymmetric ciphers
     `enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher.
   * `Botan's ECC private keys`_.
 
+Custom Asymmetric Vectors
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL
+  from the curve ``secp256r1``.
+* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as
+  ``ec_private_key.pem``, except that it is encrypted with AES-128 with the
+  password "123456".
+* ``ec_public_key.pem`` - Contains the public key corresponding to
+  ``ec_private_key.pem``, generated using OpenSSL.
+* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using
+  OpenSSL, protected by the secret "123456" with DES3 encryption.
+* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using
+  OpenSSL from ``rsa_private_key.pem``.
+* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL;
+  contains no keys.
+* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using
+  OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret
+  "123456" with DES3 encryption.
+* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL
+  from ``dsa_private_key.pem``.
+
+
 X.509
 ~~~~~
 
 * PKITS test suite from `NIST PKI Testing`_.
+* ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_).
+* ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root
+  certificate.
+
+Custom X.509 Vectors
+~~~~~~~~~~~~~~~~~~~~
+
+* ``invalid_version.pem`` - Contains an RSA 2048 bit certificate with the
+  X.509 version field set to ``0x7``.
+* ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the
+  ``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``.
+* ``dsa_root.pem`` - Contains a DSA root certificate generated using OpenSSL.
 
 Hashes
 ~~~~~~
@@ -107,27 +142,8 @@ Creating test vectors
 When official vectors are unavailable ``cryptography`` may choose to build
 its own using existing vectors as source material.
 
-Current custom vectors
-~~~~~~~~~~~~~~~~~~~~~~
-
-* ``ec_private_key.pem`` - Contains an Elliptic Curve key generated by OpenSSL
-  from the curve ``secp256r1``.
-* ``ec_private_key_encrypted.pem`` - Contains the same Elliptic Curve key as
-  ``ec_private_key.pem``, except that it is encrypted with AES-128 with the
-  password "123456".
-* ``ec_public_key.pem`` - Contains the public key corresponding to
-  ``ec_private_key.pem``, generated using OpenSSL.
-* ``rsa_private_key.pem`` - Contains an RSA 2048 bit key generated using
-  OpenSSL, protected by the secret "123456" with DES3 encryption.
-* ``rsa_public_key.pem`` - Contains an RSA 2048 bit public generated using
-  OpenSSL from ``rsa_private_key.pem``.
-* ``dsaparam.pem`` - Contains 2048-bit DSA parameters generated using OpenSSL;
-  contains no keys.
-* ``dsa_private_key.pem`` - Contains a DSA 2048 bit key generated using
-  OpenSSL from the parameters in ``dsaparam.pem``, protected by the secret
-  "123456" with DES3 encryption.
-* ``dsa_public_key.pem`` - Contains a DSA 2048 bit key generated using OpenSSL
-  from ``dsa_private_key.pem``.
+Custom Symmetric Vectors
+~~~~~~~~~~~~~~~~~~~~~~~~
 
 .. toctree::
     :maxdepth: 1
@@ -174,3 +190,5 @@ header format (substituting the correct information):
 .. _`Ed25519 website`: http://ed25519.cr.yp.to/software.html
 .. _`NIST SP-800-38B`: http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
 .. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
+.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
+.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
-- 
cgit v1.2.3


From d317baeba44c1cd35a4254712ae5a9a51f89ce1b Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 12 Dec 2014 11:42:31 -0600
Subject: add ECDSA certificate that does not have a named curve OID

---
 docs/development/test-vectors.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'docs/development')

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index a682562a..936540eb 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -73,6 +73,8 @@ Custom X.509 Vectors
 * ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the
   ``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``.
 * ``dsa_root.pem`` - Contains a DSA root certificate generated using OpenSSL.
+* ``ec_no_named_curve.pem`` - Contains an ECDSA certificate that does not have
+  an embedded OID defining the curve.
 
 Hashes
 ~~~~~~
-- 
cgit v1.2.3


From a850c613f0d2874a46a6ed883b32ca385048b395 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Fri, 12 Dec 2014 14:21:18 -0600
Subject: rename DSA test vector certificate to be more clear

---
 docs/development/test-vectors.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'docs/development')

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 936540eb..10c20dba 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -72,7 +72,8 @@ Custom X.509 Vectors
   X.509 version field set to ``0x7``.
 * ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the
   ``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``.
-* ``dsa_root.pem`` - Contains a DSA root certificate generated using OpenSSL.
+* ``dsa_selfsigned_ca.pem`` - Contains a DSA self-signed CA certificate
+  generated using OpenSSL.
 * ``ec_no_named_curve.pem`` - Contains an ECDSA certificate that does not have
   an embedded OID defining the curve.
 
-- 
cgit v1.2.3

f='#n90'>90</a>
<a id='n91' href='#n91'>91</a>
<a id='n92' href='#n92'>92</a>
<a id='n93' href='#n93'>93</a>
<a id='n94' href='#n94'>94</a>
<a id='n95' href='#n95'>95</a>
<a id='n96' href='#n96'>96</a>
<a id='n97' href='#n97'>97</a>
<a id='n98' href='#n98'>98</a>
<a id='n99' href='#n99'>99</a>
<a id='n100' href='#n100'>100</a>
<a id='n101' href='#n101'>101</a>
<a id='n102' href='#n102'>102</a>
<a id='n103' href='#n103'>103</a>
<a id='n104' href='#n104'>104</a>
<a id='n105' href='#n105'>105</a>
<a id='n106' href='#n106'>106</a>
<a id='n107' href='#n107'>107</a>
<a id='n108' href='#n108'>108</a>
<a id='n109' href='#n109'>109</a>
<a id='n110' href='#n110'>110</a>
<a id='n111' href='#n111'>111</a>
<a id='n112' href='#n112'>112</a>
<a id='n113' href='#n113'>113</a>
<a id='n114' href='#n114'>114</a>
<a id='n115' href='#n115'>115</a>
<a id='n116' href='#n116'>116</a>
<a id='n117' href='#n117'>117</a>
<a id='n118' href='#n118'>118</a>
<a id='n119' href='#n119'>119</a>
<a id='n120' href='#n120'>120</a>
<a id='n121' href='#n121'>121</a>
<a id='n122' href='#n122'>122</a>
<a id='n123' href='#n123'>123</a>
<a id='n124' href='#n124'>124</a>
<a id='n125' href='#n125'>125</a>
<a id='n126' href='#n126'>126</a>
<a id='n127' href='#n127'>127</a>
<a id='n128' href='#n128'>128</a>
<a id='n129' href='#n129'>129</a>
<a id='n130' href='#n130'>130</a>
<a id='n131' href='#n131'>131</a>
<a id='n132' href='#n132'>132</a>
<a id='n133' href='#n133'>133</a>
<a id='n134' href='#n134'>134</a>
<a id='n135' href='#n135'>135</a>
<a id='n136' href='#n136'>136</a>
<a id='n137' href='#n137'>137</a>
<a id='n138' href='#n138'>138</a>
<a id='n139' href='#n139'>139</a>
<a id='n140' href='#n140'>140</a>
<a id='n141' href='#n141'>141</a>
<a id='n142' href='#n142'>142</a>
<a id='n143' href='#n143'>143</a>
<a id='n144' href='#n144'>144</a>
<a id='n145' href='#n145'>145</a>
<a id='n146' href='#n146'>146</a>
<a id='n147' href='#n147'>147</a>
<a id='n148' href='#n148'>148</a>
<a id='n149' href='#n149'>149</a>
<a id='n150' href='#n150'>150</a>
<a id='n151' href='#n151'>151</a>
<a id='n152' href='#n152'>152</a>
<a id='n153' href='#n153'>153</a>
<a id='n154' href='#n154'>154</a>
<a id='n155' href='#n155'>155</a>
<a id='n156' href='#n156'>156</a>
<a id='n157' href='#n157'>157</a>
<a id='n158' href='#n158'>158</a>
<a id='n159' href='#n159'>159</a>
<a id='n160' href='#n160'>160</a>
<a id='n161' href='#n161'>161</a>
<a id='n162' href='#n162'>162</a>
<a id='n163' href='#n163'>163</a>
<a id='n164' href='#n164'>164</a>
<a id='n165' href='#n165'>165</a>
<a id='n166' href='#n166'>166</a>
<a id='n167' href='#n167'>167</a>
<a id='n168' href='#n168'>168</a>
<a id='n169' href='#n169'>169</a>
<a id='n170' href='#n170'>170</a>
<a id='n171' href='#n171'>171</a>
<a id='n172' href='#n172'>172</a>
<a id='n173' href='#n173'>173</a>
<a id='n174' href='#n174'>174</a>
<a id='n175' href='#n175'>175</a>
<a id='n176' href='#n176'>176</a>
<a id='n177' href='#n177'>177</a>
<a id='n178' href='#n178'>178</a>
<a id='n179' href='#n179'>179</a>
<a id='n180' href='#n180'>180</a>
<a id='n181' href='#n181'>181</a>
<a id='n182' href='#n182'>182</a>
<a id='n183' href='#n183'>183</a>
<a id='n184' href='#n184'>184</a>
<a id='n185' href='#n185'>185</a>
<a id='n186' href='#n186'>186</a>
<a id='n187' href='#n187'>187</a>
<a id='n188' href='#n188'>188</a>
<a id='n189' href='#n189'>189</a>
<a id='n190' href='#n190'>190</a>
<a id='n191' href='#n191'>191</a>
<a id='n192' href='#n192'>192</a>
<a id='n193' href='#n193'>193</a>
<a id='n194' href='#n194'>194</a>
<a id='n195' href='#n195'>195</a>
<a id='n196' href='#n196'>196</a>
<a id='n197' href='#n197'>197</a>
<a id='n198' href='#n198'>198</a>
<a id='n199' href='#n199'>199</a>
<a id='n200' href='#n200'>200</a>
<a id='n201' href='#n201'>201</a>
<a id='n202' href='#n202'>202</a>
<a id='n203' href='#n203'>203</a>
<a id='n204' href='#n204'>204</a>
</pre></td>
<td class='lines'><pre><code>