Test vector types
October 25, 2025 ยท View on GitHub
Version: 0.8rc21
[TOC]
AeadTestGroup
A test group for authenticated encryption with additional data.
Fields in AeadTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| ivSize | int | The IV size in bits. All IV sizes are multiple of 8 bits. | |
| keySize | int | the keySize in bits | |
| tagSize | int | The expected size of the tag in bits. This is the size that should be used to initialize instance of the cipher. The actual tag in the test vector may have a different size. Such a test vector is always invalid and an implementation is expected to reject such tags. All tag sizes are multiples of 8 bits. | |
| type | str | the type of the test | 'AeadTest' |
| tests | List of AeadTestVector | a list of test vectors |
AeadTestVector
A test vector for authenticated encryption with additional data.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| key | HexBytes | the key |
| iv | HexBytes | the nonce |
| aad | HexBytes | additional authenticated data |
| msg | HexBytes | the plaintext |
| ct | HexBytes | the ciphertext (without iv and tag) |
| tag | HexBytes | The authenticatian tag. Most encryption append the tag to the ciphertext. Encryption results in the concatenation ct || tag and decryption expects ct || tag as input. There are however some exceptions. For example AEAD-AES-SIV-CMAC (RFC 5297) computes a synthetic IV (SIV), which is used to initialize the counter for AES. The typical encoding here is to prepend the SIV. I.e. implementations would expect ciphertext of the form tag || ct or iv || tag || ct. |
Used in AeadTestGroup.
AsnSignatureTestVector
A test vector with an ASN.1 encoded public key signature. For example, ECDSA and DSA signatures are a pair of integers (r,s). These integers can be encoded in different ways. A popular encoding is to represent the integers as an ASN Sequence. The expectation is that any library generates only DER encoded signatures. Some libraries are also strict in the sense that only DER encoded signautes are accepted. Other libraries accept some signatures where the pair (r,s) uses an alternative BER encoding assuming of course that the encoded (r,s) is valid.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| msg | HexBytes | The message to sign |
| sig | Asn | An ASN encoded signature for msg |
Used in DsaTestGroup, EcdsaBitcoinTestGroup, EcdsaTestGroup.
DaeadTestGroup
Fields in DaeadTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| keySize | int | the keySize in bits | |
| type | str | the type of the test | 'DaeadTest' |
| tests | List of DaeadTestVector | a list of test vectors |
DaeadTestVector
A test vector used for authenticated deterministic encryption with additional data.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| key | HexBytes | the key |
| aad | HexBytes | additional authenticated data |
| msg | HexBytes | the plaintext |
| ct | HexBytes | the ciphertext including tag |
Used in DaeadTestGroup.
DsaP1363TestGroup
A test group for DSA signatures using IEEE P1363 encoding. The test vectors in this group are meant for signature verification. The test group contains the same public key for the signatures in multiple representations. The public keys are valid with the sole exception that they may use short keys and weak hash functions such as SHA-1.
Fields in DsaP1363TestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| key | DsaPublicKey | unencoded EC public key | |
| keyDer | Der | DER encoded public key | |
| keyPem | Pem | Pem encoded public key | |
| sha | MdName | the hash function used for DSA | |
| type | str | the type of the test | 'DsaP1363Verify' |
| tests | List of SignatureTestVector | a list of test vectors |
DsaPrivateKey
A DSA private key. This implementation of DSA must only be used for testing rsp. for generating test vectors. It has not been checked for flaws and in some cases may even avoid necessary checks so that it can be used for flawed test vectors.
| name | type | desc | enum |
|---|---|---|---|
| g | BigInt | the generator of the multiplicative subgroup | |
| keySize | int | the key size in bits | |
| p | BigInt | the modulus p | |
| q | BigInt | the order of the generator g | |
| type | str | the key type | 'DsaPrivateKey' |
| x | BigInt | the private key value | |
| y | BigInt | the public key value |
DsaPublicKey
The public key for DSA.
| name | type | desc | enum |
|---|---|---|---|
| g | BigInt | the generator of the multiplicative subgroup | |
| keySize | int | the key size in bits | |
| p | BigInt | the modulus p | |
| q | BigInt | the order of the generator g | |
| type | str | the key type | 'DsaPublicKey' |
| y | BigInt | the public key value |
DsaTestGroup
Fields in DsaTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| key | DsaPublicKey | unencoded DSA public key | |
| keyDer | Der | DER encoded public key | |
| keyPem | Pem | Pem encoded public key | |
| sha | MdName | the hash function used for DSA | |
| type | str | the type of the test | 'DsaVerify' |
| tests | List of AsnSignatureTestVector | a list of test vectors |
EcPointTestGroup
Fields in EcPointTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| curve | EcCurve | the name of the elliptic curve | |
| encoding | str | the encoding used | 'compressed', 'uncompressed' |
| type | str | the type of the test | 'EcPointTest' |
| tests | List of EcPointTestVector | a list of test vectors |
EcPointTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| encoded | HexBytes | X509 encoded point on the curve |
| x | BigInt | x-coordinate of the point |
| y | BigInt | y-coordinate of the point |
Used in EcPointTestGroup.
EcPublicKey
An EC public key. The EC public key can specify the underlying curve parameters in two ways. (1) as a named curve (2) as a structure containing the curve parameters generator, order and cofactor.
| name | type | desc | enum |
|---|---|---|---|
| curve | (EcUnnamedGroup or EcNamedGroup) | the EC group used by this public key | |
| keySize | int | the key size in bits | |
| type | str | the key type | 'EcPublicKey' |
| uncompressed | HexBytes | X509 encoded public key point in hexadecimal format | |
| wx | BigInt | the x-coordinate of the public key point | |
| wy | BigInt | the y-coordinate of the public key point |
EcPublicKeyOnNamedCurve
An EC public key. This data type allows only named curves to specify the underlying EC parameters.
| name | type | desc | enum |
|---|---|---|---|
| curve | EcNamedGroup | the EC group used by this public key | |
| keySize | int | the key size in bits | |
| type | str | the key type | 'EcPublicKey' |
| uncompressed | HexBytes | X509 encoded public key point in hexadecimal format | |
| wx | BigInt | the x-coordinate of the public key point | |
| wy | BigInt | the y-coordinate of the public key point |
EcPublicKeyTestGroup
Fields in EcPublicKeyTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| encoding | str | the encoding of the encoded keys | 'asn', 'pem', 'webcrypto' |
| type | str | the type of the test | 'EcPublicKeyVerify' |
| tests | List of EcPublicKeyTestVector | a list of test vectors |
EcPublicKeyTestVector
Draft version for test vectors that test importing of EC public keys. The test vectors contain modified EC public keys. The goal of the test is to recognize if importing the EC public keys notices inconsistencies and bad formatting.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| encoded | Asn | Encoded EC public key over a prime order field |
| p | BigInt | The order of underlying field |
| n | BigInt | The order of the generator |
| a | BigInt | The value a of the Weierstrass equation |
| b | BigInt | The value b of the Weierstrass equation |
| gx | BigInt | x-coordinate of the generator |
| gy | BigInt | y-coordinate of the generator |
| h | (int or null) | [optional] the cofactor |
| wx | BigInt | x-coordinate of the public point |
| wy | BigInt | y-coordinate of the public point |
Used in EcPublicKeyTestGroup.
EcUnnamedGroup
An unnamed EC group
| name | type | desc | enum |
|---|---|---|---|
| a | BigInt | coefficient a of the elliptic curve equation | |
| b | BigInt | coefficient b of the elliptic curve equation | |
| gx | BigInt | the x-coordinate of the generator | |
| gy | BigInt | the y-coordinate of the generator | |
| h | int | the cofactor | |
| n | BigInt | the order of the generator | |
| p | BigInt | the order of the underlying field | |
| type | str | an unnamed EC group over a prime field in Weierstrass form | 'PrimeOrderCurve' |
EcdhEcpointTestGroup
Fields in EcdhEcpointTestGroup are:
| name | type | desc | enum | optional |
|---|---|---|---|---|
| curve | EcCurve | the curve of the private key | ||
| encoding | str | the encoding of the public key | 'ecpoint' | True |
| type | str | the type of the test | 'EcdhEcpointTest' | |
| tests | List of EcdhEcpointTestVector | a list of test vectors |
EcdhEcpointTestVector
Fields additional to the fields in TestVector are:
| name | type | desc | ref |
|---|---|---|---|
| public | Asn | ASN encoded public point | X9.62, Section 4.3.6 |
| private | BigInt | The private exponent | |
| shared | HexBytes | The shared secret key |
Used in EcdhEcpointTestGroup.
EcdhPemTestGroup
Fields in EcdhPemTestGroup are:
| name | type | desc | enum | optional |
|---|---|---|---|---|
| curve | EcCurve | the curve of the private key | ||
| encoding | str | the encoding of the keys | 'pem' | True |
| type | str | the type of the test | 'EcdhPemTest' | |
| tests | List of EcdhPemTestVector | a list of test vectors |
EcdhPemTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| public | Pem | Pem encoded public key. The test vectors check against invalid curve attacks. Hence some test vectors contain keys that are not on the curve, test vectors that use different curve or even public keys from different primitives. |
| private | Pem | Pem encoded private key. The key is always valid. |
| shared | HexBytes | The shared secret key |
Used in EcdhPemTestGroup.
EcdhTestGroup
Fields in EcdhTestGroup are:
| name | type | desc | enum | optional |
|---|---|---|---|---|
| curve | EcCurve | the curve of the private key | ||
| encoding | str | the encoding of the keys. There are test vector files for a number of encodings (raw, asn, pem, ...) to simplify testing libraries that only allow keys with certain encodings. This field however, has become somewhat redundant, since the schema defines the format. | 'asn' | True |
| type | str | the type of the test | 'EcdhTest' | |
| tests | List of EcdhTestVector | a list of test vectors |
EcdhTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| public | Asn | X509 encoded public key. The encoding of the public key contains the type of the public key, the curve and possibly the curve parameters. The test vectors contain cases where these fields do not match the curve in the testGroup. |
| private | BigInt | the private key |
| shared | HexBytes | The shared secret key. Some invalid test vectors contain a shared secret, which is computed using the curve of the private key. This allows to distinguish between implementations ignoring public key info and implementations using the curve of the public key. |
Used in EcdhTestGroup.
EcdhWebcryptoTestGroup
Fields in EcdhWebcryptoTestGroup are:
| name | type | desc | enum | optional |
|---|---|---|---|---|
| curve | EcCurve | the curve of the private key | ||
| encoding | str | the encoding of the keys | 'webcrypto' | True |
| type | str | the type of the test | 'EcdhWebcryptoTest' | |
| tests | List of EcdhWebcryptoTestVector | a list of test vectors |
EcdhWebcryptoTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| public | Json | Valid or invalid public key in webcrypto format |
| private | JwkEcPrivateKey | Private key in webcrypto format |
| shared | HexBytes | The shared secret key |
Used in EcdhWebcryptoTestGroup.
EcdsaBitcoinTestGroup
A test group for the bitcoin variant of ECDSA signatures. The test vectors in this group are meant for signature verification. The test group contains the same public key for the signatures in multiple representations. The public keys are valid.
Fields in EcdsaBitcoinTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| key | EcPublicKey | unencoded EC public key | |
| keyDer | Der | DER encoded public key | |
| keyPem | Pem | Pem encoded public key | |
| sha | MdName | the hash function used for ECDSA | 'SHA-256' |
| type | str | the type of the test | 'EcdsaBitcoinVerify' |
| tests | List of AsnSignatureTestVector | a list of test vectors |
EcdsaP1363TestGroup
A test group for ECDSA signatures using IEEE P1363 encoding. The test vectors in this group are meant for signature verification. The test group contains the same public key for the signatures in multiple representations. The public keys are valid with the sole exception that they may use short keys and weak hash functions such as SHA-1.
Fields in EcdsaP1363TestGroup are:
| name | type | desc | optional | enum |
|---|---|---|---|---|
| jwk | JwkEcPublicKey | the public key in webcrypto format | True | |
| key | EcPublicKey | unencoded EC public key | ||
| keyDer | Der | DER encoded public key | ||
| keyPem | Pem | Pem encoded public key | ||
| sha | MdName | the hash function used for ECDSA | ||
| type | str | the type of the test | 'EcdsaP1363Verify' | |
| tests | List of SignatureTestVector | a list of test vectors |
EcdsaTestGroup
A test group for ECDSA signatures. The test vectors in this group are meant for signature verification. The test group contains the same public key for the signatures in multiple representations. The public keys are valid with the sole exception that they may use short keys and weak hash functions such as SHA-1.
Fields in EcdsaTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| key | EcPublicKey | unencoded EC public key | |
| keyDer | Der | DER encoded public key | |
| keyPem | Pem | Pem encoded public key | |
| sha | MdName | the hash function used for ECDSA | |
| type | str | the type of the test | 'EcdsaVerify' |
| tests | List of AsnSignatureTestVector | a list of test vectors |
EddsaTestGroup
Fields in EddsaTestGroup are:
| name | type | desc | since | ref | enum |
|---|---|---|---|---|---|
| jwk | Json | the private key in webcrypto format | 0.7 | RFC 8037 Section 2 | |
| key | Json | unencoded key pair | |||
| keyDer | Der | Asn encoded public key | |||
| keyPem | Pem | Pem encoded public key | |||
| type | str | the type of the test | 'EddsaVerify' | ||
| tests | List of SignatureTestVector | a list of test vectors |
HkdfTestGroup
A test group for key derivation functions that take 4 arguments (ikm, salt, info, size) as input.
Fields in HkdfTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| keySize | int | the size of the ikm in bits | |
| type | str | the type of the test | 'HkdfTest' |
| tests | List of HkdfTestVector | a list of test vectors |
HkdfTestVector
A test vector for HKDF (or any other key derivation function with input ikm, salt, info, size
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| ikm | HexBytes | the key (input key material) |
| salt | HexBytes | the salt for the key derivation |
| info | HexBytes | additional information used in the key derivation |
| size | int | the size of the output in bytes |
| okm | HexBytes | the generated bytes (output key material) |
Used in HkdfTestGroup.
IndCpaTestGroup
Fields in IndCpaTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| ivSize | int | the IV size in bits | |
| keySize | int | the keySize in bits | |
| type | str | the type of the test | 'IndCpaTest' |
| tests | List of IndCpaTestVector | a list of test vectors |
IndCpaTestVector
A test vector that is used for symmetric primitives that are indistinguishable under chosen plaintext attacks. These primitives are without an integrity check and hence without additional authenticated data. For example AES using cipher block chaining (CBC) is tested using this format.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| key | HexBytes | the key |
| iv | HexBytes | the initialization vector |
| msg | HexBytes | the plaintext |
| ct | HexBytes | the raw ciphertext (without IV) |
Used in IndCpaTestGroup.
JwkEcPrivateKey
| name | type | desc | enum |
|---|---|---|---|
| crv | str | the curve | 'P-256', 'P-384', 'P-521', 'P-256K' |
| d | Base64Url | The private multiplier | |
| kid | str | the key id | |
| kty | str | the algorithm | 'EC' |
| use | str | the purpose of the key | |
| x | Base64Url | The x-coordinate of the public point | |
| y | Base64Url | The y-coordinate of the public point |
JwkEcPublicKey
| name | type | desc | enum |
|---|---|---|---|
| crv | str | the curve | 'P-256', 'P-384', 'P-521', 'P-256K' |
| kid | str | the key id | |
| kty | str | the algorithm | 'EC' |
| use | str | the purpose of the key | |
| x | Base64Url | The x-coordinate of the public point | |
| y | Base64Url | The y-coordinate of the public point |
JwkRsaPrivateKey
| name | type | desc | enum |
|---|---|---|---|
| d | Base64Url | the private exponent | |
| dp | Base64Url | the value d % (p-1) | |
| dq | Base64Url | the value d % (q-1) | |
| e | Base64Url | the public exponent | |
| kid | str | the key identifier | |
| kty | str | the algorithm | 'RSA' |
| n | Base64Url | the modulus of the key | |
| p | Base64Url | a prime factor of the modulus | |
| q | Base64Url | a prime factor of the modulus | |
| qi | Base64Url | the CRT value q^(-1) % p | |
| use | str | the purpose of the key | 'sig', 'enc' |
JwkRsaPublicKey
| name | type | desc | enum |
|---|---|---|---|
| e | Base64Url | the public exponent | |
| kid | str | the key identifier | |
| kty | str | the algorithm | 'RSA' |
| n | Base64Url | the modulus of the key | |
| use | str | the purpose of the key | 'sig', 'enc' |
JwkXdhPrivateKey
| name | type | desc | enum |
|---|---|---|---|
| crv | str | the DH function | 'X25519', 'X448' |
| d | Base64Url | the private key value | |
| kid | str | the key identifier | |
| kty | str | the key type | 'OKP' |
| x | Base64Url | the public key value |
JwkXdhPublicKey
| name | type | desc | enum |
|---|---|---|---|
| crv | str | the DH function | 'X25519', 'X448' |
| kid | str | the key identifier | |
| kty | str | the key type | 'OKP' |
| x | Base64Url | the public key value |
KdfTestGroup
A test group for key derivation functions that take 2 arguments (seed, size) as input.
Fields in KdfTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| keySize | int | the size of the seed in bits | |
| type | str | the type of the test | 'KdfTest' |
| tests | List of KdfTestVector | a list of test vectors |
KdfTestVector
A test vector for key derivation functions. I.e., these are deterministic functions that take a seed and a size as input and generate a pseudorandom output depending on the seed. (The size may simply determine the length of the pseudorandom output or may change the pseudorandom stream).
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| seed | HexBytes | the seed |
| size | int | the size of the output in bytes |
| okm | HexBytes | the generated bytes (output key material) |
Used in KdfTestGroup.
KeywrapTestGroup
Fields in KeywrapTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| keySize | int | the keySize in bits | |
| type | str | the type of the test | 'KeywrapTest' |
| tests | List of KeywrapTestVector | a list of test vectors |
KeywrapTestVector
A test vector for key wrap primitives. Key wrap primitives are typically symmetric encryptions that were specifically desigend for encrypting key material. In some cases the input size is restricted to typical key sizes e.g. a multiple of 8 bytes. The encryption may assume that the wrapped bytes have high entropy. Hence some of the key wrap primitives are deterministic.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| key | HexBytes | the wrapping key |
| msg | HexBytes | the key bytes to wrap |
| ct | HexBytes | the wrapped key |
Used in KeywrapTestGroup.
MacTestGroup
Fields in MacTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| keySize | int | the keySize in bits | |
| tagSize | int | the expected size of the tag in bits | |
| type | str | the type of the test | 'MacTest' |
| tests | List of MacTestVector | a list of test vectors |
MacTestVector
A test vector for message authentication codes (MAC).
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| key | HexBytes | the key |
| msg | HexBytes | the plaintext |
| tag | HexBytes | the authentication tag |
Used in MacTestGroup.
MacWithIvTestGroup
Fields in MacWithIvTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| ivSize | int | the IV size in bits | |
| keySize | int | the key size in bits | |
| tagSize | int | the expected size of the tag in bits | |
| type | str | the type of the test | 'MacWithIvTest' |
| tests | List of MacWithIvTestVector | a list of test vectors |
MacWithIvTestVector
A test vector for message authentication codes (MAC) that use an IV.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| key | HexBytes | the key |
| iv | HexBytes | the initialization vector |
| msg | HexBytes | the plaintext |
| tag | HexBytes | the authentication tag |
Used in MacWithIvTestGroup.
PbkdfTestGroup
A test group for key derivation functions that take 4 arguments (password, salt, iteration count and output size) as input.
Fields in PbkdfTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| type | str | the type of the test | 'PbkdfTest' |
| tests | List of PbkdfTestVector | a list of test vectors |
PbkdfTestVector
A test vector for PBKDF (or any other key derivation function with input password, salt, iteration count, size.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| password | HexBytes | the password |
| salt | HexBytes | the salt |
| iterationCount | int | the iteration count |
| dkLen | int | the intended length of the output in bytes |
| dk | HexBytes | the derived key |
Used in PbkdfTestGroup.
PrimalityTestGroup
A test group for primality tests.
Fields in PrimalityTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| type | str | the type of the test | 'PrimalityTest' |
| tests | List of PrimalityTestVector | a list of test vectors |
PrimalityTestVector
A test vector for a primality test. The result is valid if value is prime and invalid if it is 0, 1, -1 or composite. The status of the negative of a prime is somewhat unlclear. Some libraries accept them as primes. Because of this the negative of a prime has result "acceptable".
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| value | BigInt | the integer to test |
Used in PrimalityTestGroup.
RsaPrivateKey
Describes an RSA private key. The data type is based on the RSAPrivateKey type defined in Section A.1.2 of RFC 8017.
| name | type | desc | enum |
|---|---|---|---|
| coefficient | BigInt | the CRT value q^(-1) % p | |
| exponent1 | BigInt | the value d % (p-1) | |
| exponent2 | BigInt | the value d % (q-1) | |
| modulus | BigInt | the modulus of the key | |
| otherPrimeInfos | list of list of BigInt | list of triples [prime, exponent, coefficient] | |
| prime1 | BigInt | p: a prime factor of the modulus | |
| prime2 | BigInt | q: a prime factor of the modulus | |
| privateExponent | BigInt | the private exponent | |
| publicExponent | BigInt | the public exponent | |
| version | int | The version of the private key. This is 0 for keys with no otherPrimeInfos and 1 for keys with otherPrimeInfos, i.e. multiprime keys. | 0, 1 |
RsaPublicKey
Describes an RSA private key. The data type is based on the RSAPublicKey type defined in Appendix C of RFC 8017.
| name | type | desc | enum |
|---|---|---|---|
| modulus | BigInt | the modulus of the key | |
| publicExponent | BigInt | the public exponent | |
| version | int | The version of the private key. This is 0 for keys with no otherPrimeInfos and 1 for keys with otherPrimeInfos, i.e. multiprime keys. | 0, 1 |
RsaPublicKeyAsnTestGroup
Fields in RsaPublicKeyAsnTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| privateKey | RsaPrivateKey | the private key | |
| privateKeyPkcs8 | Der | PKCS #8 encoded private key | |
| publicKeyAsn | Der | the X509 encoded public key | |
| type | str | the type of the test | 'RsaPublicKeyAsnTest' |
| tests | List of RsaPublicKeyAsnTestVector | a list of test vectors |
RsaPublicKeyAsnTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| encoded | Asn | a modified X509 encoded public key |
Used in RsaPublicKeyAsnTestGroup.
RsaPublicKeyPemTestGroup
Fields in RsaPublicKeyPemTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| privateKey | RsaPrivateKey | the private key | |
| privateKeyPem | Pem | PEM encoded private key | |
| publicKeyPem | Pem | the corresponding PEM encoded public key | |
| type | str | the type of the test | 'RsaPublicKeyPemTest' |
| tests | List of RsaPublicKeyPemTestVector | a list of test vectors |
RsaPublicKeyPemTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| encoded | Pem | a modified PEM encoded public key |
Used in RsaPublicKeyPemTestGroup.
RsaesOaepTestGroup
Fields in RsaesOaepTestGroup are:
| name | type | desc | since | optional | enum |
|---|---|---|---|---|---|
| d | BigInt | The private exponent | |||
| e | BigInt | The public exponent | |||
| keySize | int | key size in bits | |||
| mgf | str | the message generating function (e.g. MGF1) | |||
| mgfSha | MdName | The hash function used for the message generating function. | |||
| n | BigInt | The modulus of the key | |||
| privateKeyJwk | JwkRsaPrivateKey | JSON encoded private key | 0.7 | True | |
| privateKeyPem | Pem | Pem encoded private key | |||
| privateKeyPkcs8 | Der | Pkcs 8 encoded private key | |||
| sha | MdName | The hash function for hashing the label. | |||
| type | str | the type of the test | 'RsaesOaepDecrypt' | ||
| tests | List of RsaesOaepTestVector | a list of test vectors |
RsaesOaepTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| msg | HexBytes | The encrypted message |
| ct | HexBytes | An encryption of msg |
| label | HexBytes | The label used for the encryption |
Used in RsaesOaepTestGroup.
RsaesPkcs1TestGroup
Fields in RsaesPkcs1TestGroup are:
| name | type | desc | since | optional | enum |
|---|---|---|---|---|---|
| d | BigInt | The private exponent | |||
| e | BigInt | The public exponent | |||
| keySize | int | The key size in bits | |||
| n | BigInt | The modulus of the key | |||
| privateKeyJwk | JwkRsaPrivateKey | JWK encoded private key | 0.7 | True | |
| privateKeyPem | Pem | Pem encoded private key | |||
| privateKeyPkcs8 | Der | Pkcs 8 encoded private key. | |||
| type | str | the type of the test | 'RsaesPkcs1Decrypt' | ||
| tests | List of RsaesPkcs1TestVector | a list of test vectors |
RsaesPkcs1TestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| msg | HexBytes | The encrypted message |
| ct | HexBytes | An encryption of msg |
Used in RsaesPkcs1TestGroup.
RsassaPkcs1GenTestGroup
Fields in RsassaPkcs1GenTestGroup are:
| name | type | desc | ref | since | optional | enum |
|---|---|---|---|---|---|---|
| d | BigInt | The private exponent | ||||
| e | BigInt | The public exponent | ||||
| keyAsn | Der | DER encoding of the sequence [n, e] | ||||
| keyDer | Der | DER encoding of the public key | ||||
| keyJwk | JwkRsaPublicKey | [Optional] public key in JWK format | RFC 7517 | 0.7 | True | |
| keyPem | Pem | Pem encoded public key | ||||
| keySize | int | the size of the modulus in bits | ||||
| n | BigInt | The modulus of the key | ||||
| privateKeyJwk | JwkRsaPrivateKey | [Optional] Private key in JWK format | RFC 7517 | 0.7 | True | |
| privateKeyPem | Pem | Pem encoded private key | ||||
| privateKeyPkcs8 | Der | PKCS8 encoded private key | ||||
| sha | MdName | the hash function used for the message | ||||
| type | str | the type of the test | 'RsassaPkcs1Generate' | |||
| tests | List of SignatureTestVector | a list of test vectors |
RsassaPkcs1TestGroup
Fields in RsassaPkcs1TestGroup are:
| name | type | desc | ref | since | optional | enum |
|---|---|---|---|---|---|---|
| e | BigInt | The public exponent | ||||
| keyAsn | Der | ASN encoding of the sequence [n, e] | ||||
| keyDer | Der | ASN encoding of the public key | ||||
| keyJwk | JwkRsaPublicKey | The public key in JWK format. The key is missing if the signature algorithm for the given hash is not defined. | RFC 7517 | 0.7 | True | |
| keyPem | Pem | Pem encoded public key | ||||
| keySize | int | the size of the modulus in bits | ||||
| n | BigInt | The modulus of the key | ||||
| sha | MdName | the hash function used for the message | ||||
| type | str | the type of the test | 'RsassaPkcs1Verify' | |||
| tests | List of SignatureTestVector | a list of test vectors |
RsassaPssTestGroup
Fields in RsassaPssTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| e | BigInt | The public exponent | |
| keyAsn | Der | ASN encoding of the sequence [n, e] | |
| keyDer | Der | ASN encoding of the public key | |
| keyPem | Pem | Pem encoded public key | |
| keySize | int | the size of the modulus in bits | |
| mgf | str | the message generating function (e.g. MGF1) | |
| mgfSha | MdName | The hash function used for the message generating function. | |
| n | BigInt | The modulus of the key | |
| sLen | int | The length of the salt in bytes | |
| sha | MdName | The hash function for hashing the message. | |
| type | str | the type of the test | 'RsassaPssVerify' |
| tests | List of RsassaPssTestVector | a list of test vectors |
RsassaPssTestVector
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| msg | HexBytes | The message to sign |
| sig | HexBytes | a signature for msg |
Used in RsassaPssTestGroup.
SignatureTestVector
A test vector with a public key signature. This structure is used for public key signatures where the primitive specifies the encoding as an array of bytes (e.g. P1363 encoded ECDSA signatures.) Public key signatures with additional formatting (e.g. ASN.1 encoded ECDSA signatures) have their separate types.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| msg | HexBytes | The message to sign |
| sig | HexBytes | A signature for msg |
Used in DsaP1363TestGroup, EcdsaP1363TestGroup, EddsaTestGroup, RsassaPkcs1GenTestGroup, RsassaPkcs1TestGroup.
Test
The root type of each JSON file with tests. Each file contains one or more test groups. Each test group contains one or more test vectors. All test vectors in the same file have the same type and test the same cryptographic primitive.
| name | type | desc | since |
|---|---|---|---|
| algorithm | str | The primitive tested in the test file. This is mainly a brief description of the algorithm used. So far there is no formal definition of this field and its description may change. | |
| generatorVersion | str | The version of the test vectors. The version number has the format major.minor (or major.minor[release candidate]). The plan is to change the format of the test vectors in major versions only, once version 1.0 has been reached. Conversely, version 1.0 will be published once we think the format for the test vectors are sufficiently stable. | |
| header | list of str | additional documentation | |
| notes | JSON | A description of the labels used in the test vectors. Some test vectors contain labels that formally describe the test vector. It can be helpful to make test more precise. For example libraries differ in whether they accept ASN encodings different from DER. Hence many of the test vectors with alternative BER encoding are rated as acceptable. Labels allow to decide whether tests with alternative BER encoding should be rejected or accepted when testing a particular library. | |
| numberOfTests | int | The number of test vectors in this test. Each test vector has a unique tcId in the range 1 .. tcId. | |
| schema | str | The filename of the JSON schema that defines the format of the test vectors in this file. If the format of the test vectors changes then a new schema will be generate, so that comparing the name of the schema with an expected name can be used to check for compatibility between test vectors and test code. | 0.7 |
| testGroups | list of JSON | a list of test groups |
TestGroup
TestGroup is a base class for all test groups. Each test group contains a list of test vectors of the same type. The test group describes parameters that are common for all the test vectors. Often some parameters are given in multiple formats to simplify testing. For example, asymmetric private key are typically given in a raw format, PKCS #8 encoded and in PEM format. All fields in a test group are correctly formatted. Incorrectly formatted inputs are always in the test vectors. The list below describes the fields that are common to all test groups, though generally a test group contains additional fields depending on the test for which the test vectors are intended for.
Fields in TestGroup are:
| name | type | desc |
|---|---|---|
| tests | List | a list of test vectors |
| type | str | the type of the test |
TestVector
| name | type | desc | enum |
|---|---|---|---|
| comment | str | A brief description of the test case | |
| flags | list of str | A list of flags for a test case. Flags are described in the header of the test file. | |
| result | str | The test result. The value determines whether the test case is valid, invalid or undefined. The value "acceptable" is typically used for legacy cases, weak parameters (such as key sizes not reaching 112-bit security) or BER encoding that are frequent. Eventually, all test vectors with "result" : "acceptable" will have flags describing the reason and allowing testers to decide how to treat these test vectors. | 'valid', 'invalid', 'acceptable' |
| tcId | int | A unique identifier of the test case in a test file. The identifiers are continuous integers. The identifiers of test vectors change between versions of the test file. Hence, the triple (filename, version, tcId) uniquely identifies a test vector. |
XdhAsnTestGroup
Fields in XdhAsnTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| curve | EcCurve | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. | |
| type | str | the type of the test | 'XdhAsnComp' |
| tests | List of XdhAsnTestVector | a list of test vectors |
XdhAsnTestVector
A test vector for a key exchange using XDH. Public and private keys are ASN encoded.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| public | Asn | X.509 encoded the public key |
| private | Der | PKCS #8 encoded private key |
| shared | HexBytes | the shared secret |
Used in XdhAsnTestGroup.
XdhJwkTestGroup
Fields in XdhJwkTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| curve | EcCurve | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. | |
| type | str | the type of the test | 'XdhJwkComp' |
| tests | List of XdhJwkTestVector | a list of test vectors |
XdhJwkTestVector
A test vector for a key exchange using XDH. XDH is a Diffie-Hellman key exchange defined in RFC 7748. Both public and private key in this test vector are using the jwk format.
Fields additional to the fields in TestVector are:
| name | type | desc | ref |
|---|---|---|---|
| public | JSON | valid or invalid public key in jwk format | RFC 8037 |
| private | JwkXdhPrivateKey | the private key in jwk format | RFC 8037 |
| shared | HexBytes | the shared secret |
Used in XdhJwkTestGroup.
XdhPemTestGroup
Fields in XdhPemTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| curve | EcCurve | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. | |
| type | str | the type of the test | 'XdhPemComp' |
| tests | List of XdhPemTestVector | a list of test vectors |
XdhPemTestVector
A test vector for a key exchange using XDH. Public and private keys are pem encoded.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| public | Pem | PEM encoded public key |
| private | Pem | PEM encoded private key |
| shared | HexBytes | the shared secret |
Used in XdhPemTestGroup.
XdhTestGroup
Fields in XdhTestGroup are:
| name | type | desc | enum |
|---|---|---|---|
| curve | EcCurve | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. | |
| type | str | the type of the test | 'XdhComp' |
| tests | List of XdhTestVector | a list of test vectors |
XdhTestVector
A test vector for a key exchange using XDH. XDH is a Diffie-Hellman key exchange defined in RFC 7748. Both public and private key in this test vector are just raw bytes. That is valid public keys and valid private keys are 32 bytes each for X25519 and 56 bytes for X448.
Fields additional to the fields in TestVector are:
| name | type | desc |
|---|---|---|
| public | HexBytes | the raw bytes of the public key |
| private | HexBytes | the raw bytes of private key |
| shared | HexBytes | the shared secret |
Used in XdhTestGroup.