1Test vectors 2============ 3 4Testing the correctness of the primitives implemented in each ``cryptography`` 5backend requires trusted test vectors. Where possible these vectors are 6obtained from official sources such as `NIST`_ or `IETF`_ RFCs. When this is 7not possible ``cryptography`` has chosen to create a set of custom vectors 8using an official vector file as input to verify consistency between 9implemented backends. 10 11Vectors are kept in the ``cryptography_vectors`` package rather than within our 12main test suite. 13 14Sources 15------- 16 17Project Wycheproof 18~~~~~~~~~~~~~~~~~~ 19 20We run vectors from `Project Wycheproof`_ -- a collection of known edge-cases 21for various cryptographic algorithms. These are not included in the repository 22(or ``cryptography_vectors`` package), but rather cloned from Git in our 23continuous integration environments. 24 25We have ensured all test vectors are used as of commit 26``2196000605e45d91097147c9c71f26b72af58003``. 27 28Asymmetric ciphers 29~~~~~~~~~~~~~~~~~~ 30 31* RSA PKCS #1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/ 32 and ftp://ftp.rsa.com/pub/rsalabs/tmp/). 33* RSA FIPS 186-2 and PKCS1 v1.5 vulnerability test vectors from `NIST CAVP`_. 34* FIPS 186-2 and FIPS 186-3 DSA test vectors from `NIST CAVP`_. 35* FIPS 186-2 and FIPS 186-3 ECDSA test vectors from `NIST CAVP`_. 36* DH and ECDH and ECDH+KDF(17.4) test vectors from `NIST CAVP`_. 37* Ed25519 test vectors from the `Ed25519 website_`. 38* OpenSSL PEM RSA serialization vectors from the `OpenSSL example key`_ and 39 `GnuTLS key parsing tests`_. 40* OpenSSL PEM DSA serialization vectors from the `GnuTLS example keys`_. 41* PKCS #8 PEM serialization vectors from 42 43 * GnuTLS: `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, 44 `unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The encoding error in 45 `unenc-rsa-pkcs8.pem`_ was fixed, and the contents of `enc-rsa-pkcs8.pem`_ 46 was re-encrypted to include it. The contents of `enc2-rsa-pkcs8.pem`_ 47 was re-encrypted using a stronger PKCS#8 cipher. 48 * `Botan's ECC private keys`_. 49* `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the 50 Ruby test suite. 51* X25519 and X448 test vectors from :rfc:`7748`. 52* RSA OAEP with custom label from the `BoringSSL evp tests`_. 53* Ed448 test vectors from :rfc:`8032`. 54 55 56Custom asymmetric vectors 57~~~~~~~~~~~~~~~~~~~~~~~~~ 58 59.. toctree:: 60 :maxdepth: 1 61 62 custom-vectors/secp256k1 63 custom-vectors/rsa-oaep-sha2 64 65* ``asymmetric/PEM_Serialization/ec_private_key.pem`` and 66 ``asymmetric/DER_Serialization/ec_private_key.der`` - Contains an Elliptic 67 Curve key generated by OpenSSL from the curve ``secp256r1``. 68* ``asymmetric/PEM_Serialization/ec_private_key_encrypted.pem`` and 69 ``asymmetric/DER_Serialization/ec_private_key_encrypted.der``- Contains the 70 same Elliptic Curve key as ``ec_private_key.pem``, except that it is 71 encrypted with AES-128 with the password "123456". 72* ``asymmetric/PEM_Serialization/ec_public_key.pem`` and 73 ``asymmetric/DER_Serialization/ec_public_key.der``- Contains the public key 74 corresponding to ``ec_private_key.pem``, generated using OpenSSL. 75* ``asymmetric/PEM_Serialization/rsa_private_key.pem`` - Contains an RSA 2048 76 bit key generated using OpenSSL, protected by the secret "123456" with DES3 77 encryption. 78* ``asymmetric/PEM_Serialization/rsa_public_key.pem`` and 79 ``asymmetric/DER_Serialization/rsa_public_key.der``- Contains an RSA 2048 80 bit public generated using OpenSSL from ``rsa_private_key.pem``. 81* ``asymmetric/PEM_Serialization/dsa_4096.pem`` - Contains a 4096-bit DSA 82 private key generated using OpenSSL. 83* ``asymmetric/PEM_Serialization/dsaparam.pem`` - Contains 2048-bit DSA 84 parameters generated using OpenSSL; contains no keys. 85* ``asymmetric/PEM_Serialization/dsa_private_key.pem`` - Contains a DSA 2048 86 bit key generated using OpenSSL from the parameters in ``dsaparam.pem``, 87 protected by the secret "123456" with DES3 encryption. 88* ``asymmetric/PEM_Serialization/dsa_public_key.pem`` and 89 ``asymmetric/DER_Serialization/dsa_public_key.der`` - Contains a DSA 2048 bit 90 key generated using OpenSSL from ``dsa_private_key.pem``. 91* ``asymmetric/DER_Serialization/dsa_public_key_no_params.der`` - Contains a 92 DSA public key with the optional parameters removed. 93* ``asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der`` - 94 Contains a DSA public key with the bit string padding value set to 2 rather 95 than the required 0. 96* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pem`` and 97 ``asymmetric/DER_Serialization/unenc-dsa-pkcs8.der`` - Contains a DSA 1024 98 bit key generated using OpenSSL. 99* ``asymmetric/PKCS8/unenc-dsa-pkcs8.pub.pem`` and 100 ``asymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der`` - Contains a DSA 101 2048 bit public key generated using OpenSSL from ``unenc-dsa-pkcs8.pem``. 102* DER conversions of the `GnuTLS example keys`_ for DSA as well as the 103 `OpenSSL example key`_ for RSA. 104* DER conversions of `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_, and 105 `unenc-rsa-pkcs8.pem`_. 106* ``asymmetric/public/PKCS1/rsa.pub.pem`` and 107 ``asymmetric/public/PKCS1/rsa.pub.der`` are PKCS1 conversions of the public 108 key from ``asymmetric/PKCS8/unenc-rsa-pkcs8.pem`` using PEM and DER encoding. 109* ``x509/custom/ca/ca_key.pem`` - An unencrypted PCKS8 ``secp256r1`` key. It is 110 the private key for the certificate ``x509/custom/ca/ca.pem``. This key is 111 encoded in several of the PKCS12 custom vectors. 112* ``x509/custom/ca/rsa_key.pem`` - An unencrypted PCKS8 4096 bit RSA key. It is 113 the private key for the certificate ``x509/custom/ca/rsa_ca.pem``. 114* ``asymmetric/EC/compressed_points.txt`` - Contains compressed public points 115 generated using OpenSSL. 116* ``asymmetric/X448/x448-pkcs8-enc.pem`` and 117 ``asymmetric/X448/x448-pkcs8-enc.der`` contain an X448 key encrypted with 118 AES 256 CBC with the password ``password``. 119* ``asymmetric/X448/x448-pkcs8.pem`` and ``asymmetric/X448/x448-pkcs8.der`` 120 contain an unencrypted X448 key. 121* ``asymmetric/X448/x448-pub.pem`` and ``asymmetric/X448/x448-pub.der`` contain 122 an X448 public key. 123* ``asymmetric/Ed25519/ed25519-pkcs8-enc.pem`` and 124 ``asymmetric/Ed25519/ed25519-pkcs8-enc.der`` contain an Ed25519 key encrypted 125 with AES 256 CBC with the password ``password``. 126* ``asymmetric/Ed25519/ed25519-pkcs8.pem`` and 127 ``asymmetric/Ed25519/ed25519-pkcs8.der`` contain an unencrypted Ed25519 key. 128* ``asymmetric/Ed25519/ed25519-pub.pem`` and 129 ``asymmetric/Ed25519/ed25519-pub.der`` contain an Ed25519 public key. 130* ``asymmetric/X25519/x25519-pkcs8-enc.pem`` and 131 ``asymmetric/X25519/x25519-pkcs8-enc.der`` contain an X25519 key encrypted 132 with AES 256 CBC with the password ``password``. 133* ``asymmetric/X25519/x25519-pkcs8.pem`` and 134 ``asymmetric/X25519/x25519-pkcs8.der`` contain an unencrypted X25519 key. 135* ``asymmetric/X25519/x25519-pub.pem`` and ``asymmetric/X25519/x25519-pub.der`` 136 contain an X25519 public key. 137* ``asymmetric/Ed448/ed448-pkcs8-enc.pem`` and 138 ``asymmetric/Ed448/ed448-pkcs8-enc.der`` contain an Ed448 key encrypted 139 with AES 256 CBC with the password ``password``. 140* ``asymmetric/Ed448/ed448-pkcs8.pem`` and 141 ``asymmetric/Ed448/ed448-pkcs8.der`` contain an unencrypted Ed448 key. 142* ``asymmetric/Ed448/ed448-pub.pem`` and ``asymmetric/Ed448/ed448-pub.der`` 143 contain an Ed448 public key. 144 145 146Key exchange 147~~~~~~~~~~~~ 148 149* ``vectors/cryptography_vectors/asymmetric/DH/rfc3526.txt`` contains 150 several standardized Diffie-Hellman groups from :rfc:`3526`. 151 152* ``vectors/cryptography_vectors/asymmetric/DH/RFC5114.txt`` contains 153 Diffie-Hellman examples from appendix A.1, A.2 and A.3 of :rfc:`5114`. 154 155* ``vectors/cryptography_vectors/asymmetric/DH/vec.txt`` contains 156 Diffie-Hellman examples from `botan`_. 157 158* ``vectors/cryptography_vectors/asymmetric/DH/bad_exchange.txt`` contains 159 Diffie-Hellman vector pairs that were generated using OpenSSL 160 ``DH_generate_parameters_ex`` and ``DH_generate_key``. 161 162* ``vectors/cryptography_vectors/asymmetric/DH/dhp.pem``, 163 ``vectors/cryptography_vectors/asymmetric/DH/dhkey.pem`` and 164 ``vectors/cryptography_vectors/asymmetric/DH/dhpub.pem`` contains 165 Diffie-Hellman parameters and key respectively. The keys were 166 generated using OpenSSL following `DHKE`_ guide. 167 ``vectors/cryptography_vectors/asymmetric/DH/dhkey.txt`` contains 168 all parameter in text. 169 ``vectors/cryptography_vectors/asymmetric/DH/dhp.der``, 170 ``vectors/cryptography_vectors/asymmetric/DH/dhkey.der`` and 171 ``vectors/cryptography_vectors/asymmetric/DH/dhpub.der`` contains 172 are the above parameters and keys in DER format. 173 174* ``vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.pem``, 175 ``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.pem`` and 176 ``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.pem`` contains 177 Diffie-Hellman parameters and key respectively. The keys were 178 generated using OpenSSL following `DHKE`_ guide. When creating the 179 parameters we added the `-pkeyopt dh_rfc5114:2` option to use 180 :rfc:`5114` 2048 bit DH parameters with 224 bit subgroup. 181 ``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.txt`` contains 182 all parameter in text. 183 ``vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.der``, 184 ``vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.der`` and 185 ``vectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.der`` contains 186 are the above parameters and keys in DER format. 187* ``vectors/cryptography_vectors/asymmetric/DH/dh_key_256.pem`` contains 188 a PEM PKCS8 encoded DH key with a 256-bit key size. 189 190* ``vectors/cryptoraphy_vectors/asymmetric/ECDH/brainpool.txt`` contains 191 Brainpool vectors from :rfc:`7027`. 192 193X.509 194~~~~~ 195 196* PKITS test suite from `NIST PKI Testing`_. 197* ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_). 198* ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root 199 certificate. 200* ``verisign-md2-root.pem`` - A legacy Verisign public root signed using the 201 MD2 algorithm. This is a PEM conversion of the `root data`_ in the NSS source 202 tree. 203* ``cryptography.io.pem`` - A leaf certificate issued by RapidSSL for the 204 cryptography website. 205* ``rapidssl_sha256_ca_g3.pem`` - The intermediate CA that issued the 206 ``cryptography.io.pem`` certificate. 207* ``cryptography.io.precert.pem`` - A pre-certificate with the CT poison 208 extension for the cryptography website. 209* ``cryptography-scts.io.pem`` - A leaf certificate issued by Let's Encrypt for 210 the cryptography website which contains signed certificate timestamps. 211* ``wildcard_san.pem`` - A leaf certificate issued by a public CA for 212 ``langui.sh`` that contains wildcard entries in the SAN extension. 213* ``san_edipartyname.der`` - A DSA certificate from a `Mozilla bug`_ 214 containing a SAN extension with an ``ediPartyName`` general name. 215* ``san_x400address.der`` - A DSA certificate from a `Mozilla bug`_ containing 216 a SAN extension with an ``x400Address`` general name. 217* ``department-of-state-root.pem`` - The intermediary CA for the Department of 218 State, issued by the United States Federal Government's Common Policy CA. 219 Notably has a ``critical`` policy constraints extensions. 220* ``e-trust.ru.der`` - A certificate from a `Russian CA`_ signed using the GOST 221 cipher and containing numerous unusual encodings such as NUMERICSTRING in 222 the subject DN. 223* ``alternate-rsa-sha1-oid.pem`` - A certificate from an 224 `unknown signature OID`_ Mozilla bug that uses an alternate signature OID for 225 RSA with SHA1. 226* ``badssl-sct.pem`` - A certificate with the certificate transparency signed 227 certificate timestamp extension. 228* ``bigoid.pem`` - A certificate with a rather long OID in the 229 Certificate Policies extension. We need to make sure we can parse 230 long OIDs. 231* ``wosign-bc-invalid.pem`` - A certificate issued by WoSign that contains 232 a basic constraints extension with CA set to false and a path length of zero 233 in violation of :rfc:`5280`. 234* ``tls-feature-ocsp-staple.pem`` - A certificate issued by Let's Encrypt that 235 contains a TLS Feature extension with the ``status_request`` feature 236 (commonly known as OCSP Must-Staple). 237* ``unique-identifier.pem`` - A certificate containing 238 a distinguished name with an ``x500UniqueIdentifier``. 239* ``utf8-dnsname.pem`` - A certificate containing non-ASCII characters in the 240 DNS name entries of the SAN extension. 241* ``badasn1time.pem`` - A certificate containing an incorrectly specified 242 UTCTime in its validity->not_after. 243* ``letsencryptx3.pem`` - A subordinate certificate used by Let's Encrypt to 244 issue end entity certificates. 245* ``ed25519-rfc8410.pem`` - A certificate containing an X25519 public key with 246 an ``ed25519`` signature taken from :rfc:`8410`. 247* ``root-ed25519.pem`` - An ``ed25519`` root certificate (``ed25519`` signature 248 with ``ed25519`` public key) from the OpenSSL test suite. 249 (`root-ed25519.pem`_) 250* ``server-ed25519-cert.pem`` - An ``ed25519`` server certificate (RSA 251 signature with ``ed25519`` public key) from the OpenSSL test suite. 252 (`server-ed25519-cert.pem`_) 253* ``server-ed448-cert.pem`` - An ``ed448`` server certificate (RSA 254 signature with ``ed448`` public key) from the OpenSSL test suite. 255 (`server-ed448-cert.pem`_) 256 257Custom X.509 Vectors 258~~~~~~~~~~~~~~~~~~~~ 259 260* ``invalid_version.pem`` - Contains an RSA 2048 bit certificate with the 261 X.509 version field set to ``0x7``. 262* ``post2000utctime.pem`` - Contains an RSA 2048 bit certificate with the 263 ``notBefore`` and ``notAfter`` fields encoded as post-2000 ``UTCTime``. 264* ``dsa_selfsigned_ca.pem`` - Contains a DSA self-signed CA certificate 265 generated using OpenSSL. 266* ``ec_no_named_curve.pem`` - Contains an ECDSA certificate that does not have 267 an embedded OID defining the curve. 268* ``all_supported_names.pem`` - An RSA 2048 bit certificate generated using 269 OpenSSL that contains a subject and issuer that have two of each supported 270 attribute type from :rfc:`5280`. 271* ``unsupported_subject_name.pem`` - An RSA 2048 bit self-signed CA certificate 272 generated using OpenSSL that contains the unsupported "initials" name. 273* ``utf8_common_name.pem`` - An RSA 2048 bit self-signed CA certificate 274 generated using OpenSSL that contains a UTF8String common name with the value 275 "We heart UTF8!™". 276* ``two_basic_constraints.pem`` - An RSA 2048 bit self-signed certificate 277 containing two basic constraints extensions. 278* ``basic_constraints_not_critical.pem`` - An RSA 2048 bit self-signed 279 certificate containing a basic constraints extension that is not marked as 280 critical. 281* ``bc_path_length_zero.pem`` - An RSA 2048 bit self-signed 282 certificate containing a basic constraints extension with a path length of 283 zero. 284* ``unsupported_extension.pem`` - An RSA 2048 bit self-signed certificate 285 containing an unsupported extension type. The OID was encoded as 286 "1.2.3.4" with an ``extnValue`` of "value". 287* ``unsupported_extension_2.pem`` - A ``secp256r1`` certificate 288 containing two unsupported extensions. The OIDs are ``1.3.6.1.4.1.41482.2`` 289 with an ``extnValue`` of ``1.3.6.1.4.1.41482.1.2`` and 290 ``1.3.6.1.4.1.45724.2.1.1`` with an ``extnValue`` of ``\x03\x02\x040`` 291* ``unsupported_extension_critical.pem`` - An RSA 2048 bit self-signed 292 certificate containing an unsupported extension type marked critical. The OID 293 was encoded as "1.2.3.4" with an ``extnValue`` of "value". 294* ``san_email_dns_ip_dirname_uri.pem`` - An RSA 2048 bit self-signed 295 certificate containing a subject alternative name extension with the 296 following general names: ``rfc822Name``, ``dNSName``, ``iPAddress``, 297 ``directoryName``, and ``uniformResourceIdentifier``. 298* ``san_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate 299 containing a subject alternative extension with an empty ``dNSName`` 300 general name. 301* ``san_other_name.pem`` - An RSA 2048 bit self-signed certificate containing 302 a subject alternative name extension with the ``otherName`` general name. 303* ``san_registered_id.pem`` - An RSA 1024 bit certificate containing a 304 subject alternative name extension with the ``registeredID`` general name. 305* ``all_key_usages.pem`` - An RSA 2048 bit self-signed certificate containing 306 a key usage extension with all nine purposes set to true. 307* ``extended_key_usage.pem`` - An RSA 2048 bit self-signed certificate 308 containing an extended key usage extension with eight usages. 309* ``san_idna_names.pem`` - An RSA 2048 bit self-signed certificate containing 310 a subject alternative name extension with ``rfc822Name``, ``dNSName``, and 311 ``uniformResourceIdentifier`` general names with IDNA (:rfc:`5895`) encoding. 312* ``san_wildcard_idna.pem`` - An RSA 2048 bit self-signed certificate 313 containing a subject alternative name extension with a ``dNSName`` general 314 name with a wildcard IDNA (:rfc:`5895`) domain. 315* ``san_idna2003_dnsname.pem`` - An RSA 2048 bit self-signed certificate 316 containing a subject alternative name extension with an IDNA 2003 317 (:rfc:`3490`) ``dNSName``. 318* ``san_rfc822_names.pem`` - An RSA 2048 bit self-signed certificate containing 319 a subject alternative name extension with various ``rfc822Name`` values. 320* ``san_rfc822_idna.pem`` - An RSA 2048 bit self-signed certificate containing 321 a subject alternative name extension with an IDNA ``rfc822Name``. 322* ``san_uri_with_port.pem`` - An RSA 2048 bit self-signed certificate 323 containing a subject alternative name extension with various 324 ``uniformResourceIdentifier`` values. 325* ``san_ipaddr.pem`` - An RSA 2048 bit self-signed certificate containing a 326 subject alternative name extension with an ``iPAddress`` value. 327* ``san_dirname.pem`` - An RSA 2048 bit self-signed certificate containing a 328 subject alternative name extension with a ``directoryName`` value. 329* ``inhibit_any_policy_5.pem`` - An RSA 2048 bit self-signed certificate 330 containing an inhibit any policy extension with the value 5. 331* ``inhibit_any_policy_negative.pem`` - An RSA 2048 bit self-signed certificate 332 containing an inhibit any policy extension with the value -1. 333* ``authority_key_identifier.pem`` - An RSA 2048 bit self-signed certificate 334 containing an authority key identifier extension with key identifier, 335 authority certificate issuer, and authority certificate serial number fields. 336* ``authority_key_identifier_no_keyid.pem`` - An RSA 2048 bit self-signed 337 certificate containing an authority key identifier extension with authority 338 certificate issuer and authority certificate serial number fields. 339* ``aia_ocsp_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate 340 containing an authority information access extension with two OCSP and one 341 CA issuers entry. 342* ``aia_ocsp.pem`` - An RSA 2048 bit self-signed certificate 343 containing an authority information access extension with an OCSP entry. 344* ``aia_ca_issuers.pem`` - An RSA 2048 bit self-signed certificate 345 containing an authority information access extension with a CA issuers entry. 346* ``cdp_empty_hostname.pem`` - An RSA 2048 bit self-signed certificate 347 containing a CRL distribution point extension with ``fullName`` URI without 348 a hostname. 349* ``cdp_fullname_reasons_crl_issuer.pem`` - An RSA 1024 bit certificate 350 containing a CRL distribution points extension with ``fullName``, 351 ``cRLIssuer``, and ``reasons`` data. 352* ``cdp_crl_issuer.pem`` - An RSA 1024 bit certificate containing a CRL 353 distribution points extension with ``cRLIssuer`` data. 354* ``cdp_all_reasons.pem`` - An RSA 1024 bit certificate containing a CRL 355 distribution points extension with all ``reasons`` bits set. 356* ``cdp_reason_aa_compromise.pem`` - An RSA 1024 bit certificate containing a 357 CRL distribution points extension with the ``AACompromise`` ``reasons`` bit 358 set. 359* ``nc_permitted_excluded.pem`` - An RSA 2048 bit self-signed certificate 360 containing a name constraints extension with both permitted and excluded 361 elements. Contains ``IPv4`` and ``IPv6`` addresses with network mask as well 362 as ``dNSName`` with a leading period. 363* ``nc_permitted_excluded_2.pem`` - An RSA 2048 bit self-signed certificate 364 containing a name constraints extension with both permitted and excluded 365 elements. Unlike ``nc_permitted_excluded.pem``, the general names do not 366 contain any name constraints specific values. 367* ``nc_permitted.pem`` - An RSA 2048 bit self-signed certificate containing a 368 name constraints extension with permitted elements. 369* ``nc_permitted_2.pem`` - An RSA 2048 bit self-signed certificate containing a 370 name constraints extension with permitted elements that do not contain any 371 name constraints specific values. 372* ``nc_excluded.pem`` - An RSA 2048 bit self-signed certificate containing a 373 name constraints extension with excluded elements. 374* ``nc_invalid_ip_netmask.pem`` - An RSA 2048 bit self-signed certificate 375 containing a name constraints extension with a permitted element that has an 376 ``IPv6`` IP and an invalid network mask. 377* ``nc_single_ip_netmask.pem`` - An RSA 2048 bit self-signed certificate 378 containing a name constraints extension with a permitted element that has two 379 IPs with ``/32`` and ``/128`` network masks. 380* ``cp_user_notice_with_notice_reference.pem`` - An RSA 2048 bit self-signed 381 certificate containing a certificate policies extension with a 382 notice reference in the user notice. 383* ``cp_user_notice_with_explicit_text.pem`` - An RSA 2048 bit self-signed 384 certificate containing a certificate policies extension with explicit 385 text and no notice reference. 386* ``cp_cps_uri.pem`` - An RSA 2048 bit self-signed certificate containing a 387 certificate policies extension with a CPS URI and no user notice. 388* ``cp_user_notice_no_explicit_text.pem`` - An RSA 2048 bit self-signed 389 certificate containing a certificate policies extension with a user notice 390 with no explicit text. 391* ``cp_invalid.pem`` - An RSA 2048 bit self-signed certificate containing a 392 certificate policies extension with invalid data. 393* ``ian_uri.pem`` - An RSA 2048 bit certificate containing an issuer 394 alternative name extension with a ``URI`` general name. 395* ``ocsp_nocheck.pem`` - An RSA 2048 bit self-signed certificate containing 396 an ``OCSPNoCheck`` extension. 397* ``pc_inhibit_require.pem`` - An RSA 2048 bit self-signed certificate 398 containing a policy constraints extension with both inhibit policy mapping 399 and require explicit policy elements. 400* ``pc_inhibit.pem`` - An RSA 2048 bit self-signed certificate containing a 401 policy constraints extension with an inhibit policy mapping element. 402* ``pc_require.pem`` - An RSA 2048 bit self-signed certificate containing a 403 policy constraints extension with a require explicit policy element. 404* ``unsupported_subject_public_key_info.pem`` - A certificate whose public key 405 is an unknown OID (``1.3.6.1.4.1.8432.1.1.2``). 406* ``policy_constraints_explicit.pem`` - A self-signed certificate containing 407 a ``policyConstraints`` extension with a ``requireExplicitPolicy`` value. 408* ``freshestcrl.pem`` - A self-signed certificate containing a ``freshestCRL`` 409 extension. 410* ``sia.pem`` - An RSA 2048 bit self-signed certificate containing a subject 411 information access extension with both a CA repository entry and a custom 412 OID entry. 413* ``ca/ca.pem`` - A self-signed certificate with ``basicConstraints`` set to 414 true. Its private key is ``ca/ca_key.pem``. This certificate is encoded in 415 several of the PKCS12 custom vectors. 416* ``negative_serial.pem`` - A certificate with a serial number that is a 417 negative number. 418* ``rsa_pss.pem`` - A certificate with an RSA PSS signature. 419* ``root-ed448.pem`` - An ``ed448`` self-signed CA certificate 420 using ``ed448-pkcs8.pem`` as key. 421* ``ca/rsa_ca.pem`` - A self-signed RSA certificate with ``basicConstraints`` 422 set to true. Its private key is ``ca/rsa_key.pem``. 423 424Custom X.509 Request Vectors 425~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 426 427* ``dsa_sha1.pem`` and ``dsa_sha1.der`` - Contain a certificate request using 428 1024-bit DSA parameters and SHA1 generated using OpenSSL. 429* ``rsa_md4.pem`` and ``rsa_md4.der`` - Contain a certificate request using 430 2048 bit RSA and MD4 generated using OpenSSL. 431* ``rsa_sha1.pem`` and ``rsa_sha1.der`` - Contain a certificate request using 432 2048 bit RSA and SHA1 generated using OpenSSL. 433* ``rsa_sha256.pem`` and ``rsa_sha256.der`` - Contain a certificate request 434 using 2048 bit RSA and SHA256 generated using OpenSSL. 435* ``ec_sha256.pem`` and ``ec_sha256.der`` - Contain a certificate request 436 using EC (``secp384r1``) and SHA256 generated using OpenSSL. 437* ``san_rsa_sha1.pem`` and ``san_rsa_sha1.der`` - Contain a certificate 438 request using RSA and SHA1 with a subject alternative name extension 439 generated using OpenSSL. 440* ``two_basic_constraints.pem`` - A certificate signing request 441 for an RSA 2048 bit key containing two basic constraints extensions. 442* ``unsupported_extension.pem`` - A certificate signing request 443 for an RSA 2048 bit key containing containing an unsupported 444 extension type. The OID was encoded as "1.2.3.4" with an 445 ``extnValue`` of "value". 446* ``unsupported_extension_critical.pem`` - A certificate signing 447 request for an RSA 2048 bit key containing containing an unsupported 448 extension type marked critical. The OID was encoded as "1.2.3.4" 449 with an ``extnValue`` of "value". 450* ``basic_constraints.pem`` - A certificate signing request for an RSA 451 2048 bit key containing a basic constraints extension marked as 452 critical. 453* ``invalid_signature.pem`` - A certificate signing request for an RSA 454 1024 bit key containing an invalid signature with correct padding. 455* ``challenge.pem`` - A certificate signing request for an RSA 2048 bit key 456 containing a challenge password. 457* ``challenge-invalid.der`` - A certificate signing request for an RSA 2048 bit 458 key containing a challenge password attribute that has been encoded as an 459 ASN.1 integer rather than a string. 460* ``challenge-unstructured.pem`` - A certificate signing request for an RSA 461 2048 bit key containing a challenge password attribute and an unstructured 462 name attribute. 463 464Custom X.509 Certificate Revocation List Vectors 465~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 466 467* ``crl_all_reasons.pem`` - Contains a CRL with 12 revoked certificates, whose 468 serials match their list position. It includes one revocation without 469 any entry extensions, 10 revocations with every supported reason code and one 470 revocation with an unsupported, non-critical entry extension with the OID 471 value set to "1.2.3.4". 472* ``crl_dup_entry_ext.pem`` - Contains a CRL with one revocation which has a 473 duplicate entry extension. 474* ``crl_md2_unknown_crit_entry_ext.pem`` - Contains a CRL with one revocation 475 which contains an unsupported critical entry extension with the OID value set 476 to "1.2.3.4". The CRL uses an unsupported MD2 signature algorithm. 477* ``crl_unsupported_reason.pem`` - Contains a CRL with one revocation which has 478 an unsupported reason code. 479* ``crl_inval_cert_issuer_entry_ext.pem`` - Contains a CRL with one revocation 480 which has one entry extension for certificate issuer with an empty value. 481* ``crl_empty.pem`` - Contains a CRL with no revoked certificates. 482* ``crl_ian_aia_aki.pem`` - Contains a CRL with ``IssuerAlternativeName``, 483 ``AuthorityInformationAccess``, ``AuthorityKeyIdentifier`` and ``CRLNumber`` 484 extensions. 485* ``valid_signature.pem`` - Contains a CRL with the public key which was used 486 to generate it. 487* ``invalid_signature.pem`` - Contains a CRL with the last signature byte 488 incremented by 1 to produce an invalid signature, and the public key which 489 was used to generate it. 490* ``crl_delta_crl_indicator.pem`` - Contains a CRL with the 491 ``DeltaCRLIndicator`` extension. 492* ``crl_idp_fullname_only.pem`` - Contains a CRL with an 493 ``IssuingDistributionPoints`` extension with only a ``fullname`` for the 494 distribution point. 495* ``crl_idp_only_ca.pem`` - Contains a CRL with an 496 ``IssuingDistributionPoints`` extension that is only valid for CA certificate 497 revocation. 498* ``crl_idp_fullname_only_aa.pem`` - Contains a CRL with an 499 ``IssuingDistributionPoints`` extension that sets a ``fullname`` and is only 500 valid for attribute certificate revocation. 501* ``crl_idp_fullname_only_user.pem`` - Contains a CRL with an 502 ``IssuingDistributionPoints`` extension that sets a ``fullname`` and is only 503 valid for user certificate revocation. 504* ``crl_idp_fullname_indirect_crl.pem`` - Contains a CRL with an 505 ``IssuingDistributionPoints`` extension that sets a ``fullname`` and the 506 indirect CRL flag. 507* ``crl_idp_reasons_only.pem`` - Contains a CRL with an 508 ``IssuingDistributionPoints`` extension that is only valid for revocations 509 with the ``keyCompromise`` reason. 510* ``crl_idp_relative_user_all_reasons.pem`` - Contains a CRL with an 511 ``IssuingDistributionPoints`` extension that sets all revocation reasons as 512 allowed. 513* ``crl_idp_relativename_only.pem`` - Contains a CRL with an 514 ``IssuingDistributionPoints`` extension with only a ``relativename`` for 515 the distribution point. 516 517X.509 OCSP Test Vectors 518~~~~~~~~~~~~~~~~~~~~~~~ 519* ``x509/ocsp/resp-sha256.der`` - An OCSP response for ``cryptography.io`` with 520 a SHA256 signature. 521* ``x509/ocsp/resp-unauthorized.der`` - An OCSP response with an unauthorized 522 status. 523* ``x509/ocsp/resp-revoked.der`` - An OCSP response for ``revoked.badssl.com`` 524 with a revoked status. 525* ``x509/ocsp/resp-delegate-unknown-cert.der`` - An OCSP response for an 526 unknown cert from ``AC Camerafirma``. This response also contains a delegate 527 certificate. 528* ``x509/ocsp/resp-responder-key-hash.der`` - An OCSP response from the 529 ``DigiCert`` OCSP responder that uses a key hash for the responder ID. 530* ``x509/ocsp/resp-revoked-reason.der`` - An OCSP response from the 531 ``QuoVadis`` OCSP responder that contains a revoked certificate with a 532 revocation reason. 533* ``x509/ocsp/resp-revoked-no-next-update.der`` - An OCSP response that 534 contains a revoked certificate and no ``nextUpdate`` value. 535* ``x509/ocsp/resp-invalid-signature-oid.der`` - An OCSP response that was 536 modified to contain an MD2 signature algorithm object identifier. 537* ``x509/ocsp/resp-single-extension-reason.der`` - An OCSP response that 538 contains a ``CRLReason`` single extension. 539* ``x509/ocsp/resp-sct-extension.der`` - An OCSP response containing a 540 ``CT Certificate SCTs`` single extension, from the SwissSign OCSP responder. 541* ``x509/ocsp/ocsp-army.deps.mil-resp.der`` - An OCSP response containing 542 multiple ``SINGLERESP`` values. 543 544Custom X.509 OCSP Test Vectors 545~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 546* ``x509/ocsp/req-sha1.der`` - An OCSP request containing a single request and 547 using SHA1 as the hash algorithm. 548* ``x509/ocsp/req-multi-sha1.der`` - An OCSP request containing multiple 549 requests. 550* ``x509/ocsp/req-invalid-hash-alg.der`` - An OCSP request containing an 551 invalid hash algorithm OID. 552* ``x509/ocsp/req-ext-nonce.der`` - An OCSP request containing a nonce 553 extension. 554 555Custom PKCS12 Test Vectors 556~~~~~~~~~~~~~~~~~~~~~~~~~~ 557* ``pkcs12/cert-key-aes256cbc.p12`` - A PKCS12 file containing a cert 558 (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) 559 both encrypted with AES 256 CBC with the password ``cryptography``. 560* ``pkcs12/cert-none-key-none.p12`` - A PKCS12 file containing a cert 561 (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) 562 with no encryption. The password (used for integrity checking only) is 563 ``cryptography``. 564* ``pkcs12/cert-rc2-key-3des.p12`` - A PKCS12 file containing a cert 565 (``x509/custom/ca/ca.pem``) encrypted with RC2 and key 566 (``x509/custom/ca/ca_key.pem``) encrypted via 3DES with the password 567 ``cryptography``. 568* ``pkcs12/no-password.p12`` - A PKCS12 file containing a cert 569 (``x509/custom/ca/ca.pem``) and key (``x509/custom/ca/ca_key.pem``) with no 570 encryption and no password. 571* ``pkcs12/no-cert-key-aes256cbc.p12`` - A PKCS12 file containing a key 572 (``x509/custom/ca/ca_key.pem``) encrypted via AES 256 CBC with the 573 password ``cryptography`` and no certificate. 574* ``pkcs12/cert-aes256cbc-no-key.p12`` - A PKCS12 file containing a cert 575 (``x509/custom/ca/ca.pem``) encrypted via AES 256 CBC with the 576 password ``cryptography`` and no private key. 577 578Custom PKCS7 Test Vectors 579~~~~~~~~~~~~~~~~~~~~~~~~~ 580* ``pkcs7/isrg.pem`` - A PEM encoded PKCS7 file containing the ISRG X1 root 581 CA. 582* ``pkcs7/amazon-roots.p7b`` - A DER encoded PCKS7 file containing Amazon Root 583 CA 2 and 3. 584* ``pkcs7/enveloped.pem`` - A PEM encoded PKCS7 file with enveloped data. 585 586Custom OpenSSH Test Vectors 587~~~~~~~~~~~~~~~~~~~~~~~~~~~ 588 589Generated by 590``asymmetric/OpenSSH/gen.sh`` 591using command-line tools from OpenSSH_7.6p1 package. 592 593* ``dsa-nopsw.key``, ``dsa-nopsw.key.pub``, ``dsa-nopsw.key-cert.pub`` - 594 DSA-1024 private key; and corresponding public key in plain format 595 and with self-signed certificate. 596* ``dsa-psw.key``, ``dsa-psw.key.pub`` - 597 Password-protected DSA-1024 private key and corresponding public key. 598 Password is "password". 599* ``ecdsa-nopsw.key``, ``ecdsa-nopsw.key.pub``, 600 ``ecdsa-nopsw.key-cert.pub`` - 601 SECP256R1 private key; and corresponding public key in plain format 602 and with self-signed certificate. 603* ``ecdsa-psw.key``, ``ecdsa-psw.key.pub`` - 604 Password-protected SECP384R1 private key and corresponding public key. 605 Password is "password". 606* ``ed25519-nopsw.key``, ``ed25519-nopsw.key.pub``, 607 ``ed25519-nopsw.key-cert.pub`` - 608 Ed25519 private key; and corresponding public key in plain format 609 and with self-signed certificate. 610* ``ed25519-psw.key``, ``ed25519-psw.key.pub`` - 611 Password-protected Ed25519 private key and corresponding public key. 612 Password is "password". 613* ``rsa-nopsw.key``, ``rsa-nopsw.key.pub``, 614 ``rsa-nopsw.key-cert.pub`` - 615 RSA-2048 private key; and corresponding public key in plain format 616 and with self-signed certificate. 617* ``rsa-psw.key``, ``rsa-psw.key.pub`` - 618 Password-protected RSA-2048 private key and corresponding public key. 619 Password is "password". 620 621Hashes 622~~~~~~ 623 624* MD5 from :rfc:`1321`. 625* RIPEMD160 from the `RIPEMD website`_. 626* SHA1 from `NIST CAVP`_. 627* SHA2 (224, 256, 384, 512, 512/224, 512/256) from `NIST CAVP`_. 628* SHA3 (224, 256, 384, 512) from `NIST CAVP`_. 629* SHAKE (128, 256) from `NIST CAVP`_. 630* Blake2s and Blake2b from OpenSSL `test/evptests.txt`_. 631 632HMAC 633~~~~ 634 635* HMAC-MD5 from :rfc:`2202`. 636* HMAC-SHA1 from :rfc:`2202`. 637* HMAC-RIPEMD160 from :rfc:`2286`. 638* HMAC-SHA2 (224, 256, 384, 512) from :rfc:`4231`. 639 640Key derivation functions 641~~~~~~~~~~~~~~~~~~~~~~~~ 642 643* HKDF (SHA1, SHA256) from :rfc:`5869`. 644* PBKDF2 (HMAC-SHA1) from :rfc:`6070`. 645* scrypt from the `draft RFC`_. 646* X9.63 KDF from `NIST CAVP`_. 647* SP 800-108 Counter Mode KDF (HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, 648 HMAC-SHA384, HMAC-SHA512) from `NIST CAVP`_. 649 650Key wrapping 651~~~~~~~~~~~~ 652 653* AES key wrap (AESKW) and 3DES key wrap test vectors from `NIST CAVP`_. 654* AES key wrap with padding vectors from `Botan's key wrap vectors`_. 655 656Recipes 657~~~~~~~ 658 659* Fernet from its `specification repository`_. 660 661Symmetric ciphers 662~~~~~~~~~~~~~~~~~ 663 664* AES (CBC, CFB, ECB, GCM, OFB, CCM) from `NIST CAVP`_. 665* AES CTR from :rfc:`3686`. 666* 3DES (CBC, CFB, ECB, OFB) from `NIST CAVP`_. 667* ARC4 (KEY-LENGTH: 40, 56, 64, 80, 128, 192, 256) from :rfc:`6229`. 668* ARC4 (KEY-LENGTH: 160) generated by this project. 669 See: :doc:`/development/custom-vectors/arc4` 670* Blowfish (CBC, CFB, ECB, OFB) from `Bruce Schneier's vectors`_. 671* Camellia (ECB) from NTT's `Camellia page`_ as linked by `CRYPTREC`_. 672* Camellia (CBC, CFB, OFB) from `OpenSSL's test vectors`_. 673* CAST5 (ECB) from :rfc:`2144`. 674* CAST5 (CBC, CFB, OFB) generated by this project. 675 See: :doc:`/development/custom-vectors/cast5` 676* ChaCha20 from :rfc:`7539`. 677* ChaCha20Poly1305 from :rfc:`7539`, `OpenSSL's evpciph.txt`_, and the 678 `BoringSSL ChaCha20Poly1305 tests`_. 679* IDEA (ECB) from the `NESSIE IDEA vectors`_ created by `NESSIE`_. 680* IDEA (CBC, CFB, OFB) generated by this project. 681 See: :doc:`/development/custom-vectors/idea` 682* SEED (ECB) from :rfc:`4269`. 683* SEED (CBC) from :rfc:`4196`. 684* SEED (CFB, OFB) generated by this project. 685 See: :doc:`/development/custom-vectors/seed` 686 687Two factor authentication 688~~~~~~~~~~~~~~~~~~~~~~~~~ 689 690* HOTP from :rfc:`4226` 691* TOTP from :rfc:`6238` (Note that an `errata`_ for the test vectors in RFC 692 6238 exists) 693 694CMAC 695~~~~ 696 697* AES-128, AES-192, AES-256, 3DES from `NIST SP-800-38B`_ 698 699Poly1305 700~~~~~~~~ 701 702* Test vectors from :rfc:`7539`. 703 704Creating test vectors 705--------------------- 706 707When official vectors are unavailable ``cryptography`` may choose to build 708its own using existing vectors as source material. 709 710Created Vectors 711~~~~~~~~~~~~~~~ 712 713.. toctree:: 714 :maxdepth: 1 715 716 custom-vectors/arc4 717 custom-vectors/cast5 718 custom-vectors/idea 719 custom-vectors/seed 720 custom-vectors/hkdf 721 722 723If official test vectors appear in the future the custom generated vectors 724should be discarded. 725 726Any vectors generated by this method must also be prefixed with the following 727header format (substituting the correct information): 728 729.. code-block:: python 730 731 # CAST5 CBC vectors built for https://github.com/pyca/cryptography 732 # Derived from the AESVS MMT test data for CBC 733 # Verified against the CommonCrypto and Go crypto packages 734 # Key Length : 128 735 736.. _`NIST`: https://www.nist.gov/ 737.. _`IETF`: https://www.ietf.org/ 738.. _`Project Wycheproof`: https://github.com/google/wycheproof 739.. _`NIST CAVP`: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program 740.. _`Bruce Schneier's vectors`: https://www.schneier.com/wp-content/uploads/2015/12/vectors-2.txt 741.. _`Camellia page`: https://info.isl.ntt.co.jp/crypt/eng/camellia/ 742.. _`CRYPTREC`: https://www.cryptrec.go.jp 743.. _`OpenSSL's test vectors`: https://github.com/openssl/openssl/blob/97cf1f6c2854a3a955fd7dd3a1f113deba00c9ef/crypto/evp/evptests.txt#L232 744.. _`OpenSSL's evpciph.txt`: https://github.com/openssl/openssl/blob/5a7bc0be97dee9ac715897fe8180a08e211bc6ea/test/evpciph.txt#L2362 745.. _`BoringSSL ChaCha20Poly1305 tests`: https://boringssl.googlesource.com/boringssl/+/2e2a226ac9201ac411a84b5e79ac3a7333d8e1c9/crypto/cipher_extra/test/chacha20_poly1305_tests.txt 746.. _`BoringSSL evp tests`: https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt 747.. _`RIPEMD website`: https://homes.esat.kuleuven.be/~bosselae/ripemd160.html 748.. _`draft RFC`: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-01 749.. _`Specification repository`: https://github.com/fernet/spec 750.. _`errata`: https://www.rfc-editor.org/errata_search.php?rfc=6238 751.. _`OpenSSL example key`: https://github.com/openssl/openssl/blob/d02b48c63a58ea4367a0e905979f140b7d090f86/test/testrsa.pem 752.. _`GnuTLS key parsing tests`: https://gitlab.com/gnutls/gnutls/commit/f16ef39ef0303b02d7fa590a37820440c466ce8d 753.. _`enc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/encpkcs8.pem 754.. _`enc2-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/enc2pkcs8.pem 755.. _`unenc-rsa-pkcs8.pem`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs8-decode/unencpkcs8.pem 756.. _`pkcs12_s2k_pem.c`: https://gitlab.com/gnutls/gnutls/blob/f8d943b38bf74eaaa11d396112daf43cb8aa82ae/tests/pkcs12_s2k_pem.c 757.. _`Botan's ECC private keys`: https://github.com/randombit/botan/tree/4917f26a2b154e841cd27c1bcecdd41d2bdeb6ce/src/tests/data/ecc 758.. _`GnuTLS example keys`: https://gitlab.com/gnutls/gnutls/commit/ad2061deafdd7db78fd405f9d143b0a7c579da7b 759.. _`NESSIE IDEA vectors`: https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/idea/Idea-128-64.verified.test-vectors 760.. _`NESSIE`: https://en.wikipedia.org/wiki/NESSIE 761.. _`Ed25519 website`: https://ed25519.cr.yp.to/software.html 762.. _`NIST SP-800-38B`: https://csrc.nist.gov/publications/detail/sp/800-38b/archive/2005-05-01 763.. _`NIST PKI Testing`: https://csrc.nist.gov/Projects/PKI-Testing 764.. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem 765.. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt 766.. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053 767.. _`asymmetric/public/PKCS1/dsa.pub.pem`: https://github.com/ruby/ruby/blob/4ccb387f3bc436a08fc6d72c4931994f5de95110/test/openssl/test_pkey_dsa.rb#L53 768.. _`Mozilla bug`: https://bugzilla.mozilla.org/show_bug.cgi?id=233586 769.. _`Russian CA`: https://e-trust.gosuslugi.ru/ 770.. _`test/evptests.txt`: https://github.com/openssl/openssl/blob/2d0b44126763f989a4cbffbffe9d0c7518158bb7/test/evptests.txt 771.. _`unknown signature OID`: https://bugzilla.mozilla.org/show_bug.cgi?id=405966 772.. _`botan`: https://github.com/randombit/botan/blob/57789bdfc55061002b2727d0b32587612829a37c/src/tests/data/pubkey/dh.vec 773.. _`DHKE`: https://sandilands.info/sgordon/diffie-hellman-secret-key-exchange-with-openssl 774.. _`Botan's key wrap vectors`: https://github.com/randombit/botan/blob/737f33c09a18500e044dca3e2ae13bd2c08bafdd/src/tests/data/keywrap/nist_key_wrap.vec 775.. _`root-ed25519.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/root-ed25519.pem 776.. _`server-ed25519-cert.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/server-ed25519-cert.pem 777.. _`server-ed448-cert.pem`: https://github.com/openssl/openssl/blob/2a1e2fe145c6eb8e75aa2e1b3a8c3a49384b2852/test/certs/server-ed448-cert.pem 778