1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
|
<!-- AUTO-GENERATED FILE; DO NOT MODIFY -->
# Test vector types
Version\: 0.8rc21
[TOC]
## AeadTestGroup
A test group for authenticated encryption with additional data.
Fields in AeadTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------
ivSize | int | The IV size in bits. All IV sizes are multiple of 8 bits. |
keySize | int | the keySize in bits |
tagSize | int | The expected size of the tag in bits. This is the size that should be used to initialize instance of the cipher. The actual tag in the test vector may have a different size. Such a test vector is always invalid and an implementation is expected to reject such tags. All tag sizes are multiples of 8 bits. |
type | str | the type of the test | '[AeadTest](files.md#aeadtest)'
tests | List of [AeadTestVector](types.md#aeadtestvector) | a list of test vectors |
## AeadTestVector
A test vector for authenticated encryption with additional data.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------
key | [HexBytes](formats.md#data-types) | the key
iv | [HexBytes](formats.md#data-types) | the nonce
aad | [HexBytes](formats.md#data-types) | additional authenticated data
msg | [HexBytes](formats.md#data-types) | the plaintext
ct | [HexBytes](formats.md#data-types) | the ciphertext (without iv and tag)
tag | [HexBytes](formats.md#data-types) | The authenticatian tag. Most encryption append the tag to the ciphertext. Encryption results in the concatenation ct \|\| tag and decryption expects ct \|\| tag as input. There are however some exceptions. For example AEAD-AES-SIV-CMAC (RFC 5297) computes a synthetic IV (SIV), which is used to initialize the counter for AES. The typical encoding here is to prepend the SIV. I.e. implementations would expect ciphertext of the form tag \|\| ct or iv \|\| tag \|\| ct.
Used in [AeadTestGroup](#aeadtestgroup).
## AsnSignatureTestVector
A test vector with an ASN.1 encoded public key signature. For example, ECDSA and
DSA signatures are a pair of integers (r,s). These integers can be encoded in
different ways. A popular encoding is to represent the integers as an ASN
Sequence. The expectation is that any library generates only DER encoded
signatures. Some libraries are also strict in the sense that only DER encoded
signautes are accepted. Other libraries accept some signatures where the pair
(r,s) uses an alternative BER encoding assuming of course that the encoded (r,s)
is valid.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------------------------------
msg | [HexBytes](formats.md#data-types) | The message to sign
sig | Asn | An ASN encoded signature for msg
Used in [DsaTestGroup](#dsatestgroup),
[EcdsaBitcoinTestGroup](#ecdsabitcointestgroup),
[EcdsaTestGroup](#ecdsatestgroup).
## DaeadTestGroup
Fields in DaeadTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | --------------------------------------------------- | ---------------------- | --------
keySize | int | the keySize in bits |
type | str | the type of the test | '[DaeadTest](files.md#daeadtest)'
tests | List of [DaeadTestVector](types.md#daeadtestvector) | a list of test vectors |
## DaeadTestVector
A test vector used for authenticated deterministic encryption with additional
data.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -----------------------------
key | [HexBytes](formats.md#data-types) | the key
aad | [HexBytes](formats.md#data-types) | additional authenticated data
msg | [HexBytes](formats.md#data-types) | the plaintext
ct | [HexBytes](formats.md#data-types) | the ciphertext including tag
Used in [DaeadTestGroup](#daeadtestgroup).
## DsaP1363TestGroup
A test group for DSA signatures using IEEE P1363 encoding. The test vectors in
this group are meant for signature verification. The test group contains the
same public key for the signatures in multiple representations. The public keys
are valid with the sole exception that they may use short keys and weak hash
functions such as SHA-1.
Fields in DsaP1363TestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------- | ------------------------------ | --------
key | DsaPublicKey | unencoded EC public key |
keyDer | [Der](formats.md#data-types) | DER encoded public key |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key |
sha | [MdName](formats.md#hash-functions) | the hash function used for DSA |
type | str | the type of the test | '[DsaP1363Verify](files.md#dsap1363verify)'
tests | List of [SignatureTestVector](types.md#signaturetestvector) | a list of test vectors |
## DsaPrivateKey
A DSA private key. This implementation of DSA must only be used for testing rsp.
for generating test vectors. It has not been checked for flaws and in some cases
may even avoid necessary checks so that it can be used for flawed test vectors.
**name** | **type** | **desc** | **enum**
-------- | ------------------------------- | -------------------------------------------- | --------
g | [BigInt](formats.md#data-types) | the generator of the multiplicative subgroup |
keySize | int | the key size in bits |
p | [BigInt](formats.md#data-types) | the modulus p |
q | [BigInt](formats.md#data-types) | the order of the generator g |
type | str | the key type | 'DsaPrivateKey'
x | [BigInt](formats.md#data-types) | the private key value |
y | [BigInt](formats.md#data-types) | the public key value |
## DsaPublicKey
The public key for DSA.
**name** | **type** | **desc** | **enum**
-------- | ------------------------------- | -------------------------------------------- | --------
g | [BigInt](formats.md#data-types) | the generator of the multiplicative subgroup |
keySize | int | the key size in bits |
p | [BigInt](formats.md#data-types) | the modulus p |
q | [BigInt](formats.md#data-types) | the order of the generator g |
type | str | the key type | 'DsaPublicKey'
y | [BigInt](formats.md#data-types) | the public key value |
## DsaTestGroup
Fields in DsaTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------------- | ------------------------------ | --------
key | DsaPublicKey | unencoded DSA public key |
keyDer | [Der](formats.md#data-types) | DER encoded public key |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key |
sha | [MdName](formats.md#hash-functions) | the hash function used for DSA |
type | str | the type of the test | '[DsaVerify](files.md#dsaverify)'
tests | List of [AsnSignatureTestVector](types.md#asnsignaturetestvector) | a list of test vectors |
## EcPointTestGroup
Fields in EcPointTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ------------------------------------------------------- | ------------------------------ | --------
curve | [EcCurve](formats.md#elliptic-curves) | the name of the elliptic curve |
encoding | str | the encoding used | 'compressed', 'uncompressed'
type | str | the type of the test | '[EcPointTest](files.md#ecpointtest)'
tests | List of [EcPointTestVector](types.md#ecpointtestvector) | a list of test vectors |
## EcPointTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -------------------------------
encoded | [HexBytes](formats.md#data-types) | X509 encoded point on the curve
x | [BigInt](formats.md#data-types) | x-coordinate of the point
y | [BigInt](formats.md#data-types) | y-coordinate of the point
Used in [EcPointTestGroup](#ecpointtestgroup).
## EcPublicKey
An EC public key. The EC public key can specify the underlying curve parameters
in two ways. (1) as a named curve (2) as a structure containing the curve
parameters generator, order and cofactor.
**name** | **type** | **desc** | **enum**
------------ | --------------------------------- | --------------------------------------------------- | --------
curve | (EcUnnamedGroup or EcNamedGroup) | the EC group used by this public key |
keySize | int | the key size in bits |
type | str | the key type | 'EcPublicKey'
uncompressed | [HexBytes](formats.md#data-types) | X509 encoded public key point in hexadecimal format |
wx | [BigInt](formats.md#data-types) | the x-coordinate of the public key point |
wy | [BigInt](formats.md#data-types) | the y-coordinate of the public key point |
## EcPublicKeyOnNamedCurve
An EC public key. This data type allows only named curves to specify the
underlying EC parameters.
**name** | **type** | **desc** | **enum**
------------ | --------------------------------- | --------------------------------------------------- | --------
curve | EcNamedGroup | the EC group used by this public key |
keySize | int | the key size in bits |
type | str | the key type | 'EcPublicKey'
uncompressed | [HexBytes](formats.md#data-types) | X509 encoded public key point in hexadecimal format |
wx | [BigInt](formats.md#data-types) | the x-coordinate of the public key point |
wy | [BigInt](formats.md#data-types) | the y-coordinate of the public key point |
## EcPublicKeyTestGroup
Fields in EcPublicKeyTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | --------------------------------------------------------------- | -------------------------------- | --------
encoding | str | the encoding of the encoded keys | 'asn', 'pem', 'webcrypto'
type | str | the type of the test | '[EcPublicKeyVerify](files.md#ecpublickeyverify)'
tests | List of [EcPublicKeyTestVector](types.md#ecpublickeytestvector) | a list of test vectors |
## EcPublicKeyTestVector
Draft version for test vectors that test importing of EC public keys. The test
vectors contain modified EC public keys. The goal of the test is to recognize if
importing the EC public keys notices inconsistencies and bad formatting.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | ------------------------------- | --------
encoded | [Asn](formats.md#data-types) | Encoded EC public key over a prime order field
p | [BigInt](formats.md#data-types) | The order of underlying field
n | [BigInt](formats.md#data-types) | The order of the generator
a | [BigInt](formats.md#data-types) | The value a of the Weierstrass equation
b | [BigInt](formats.md#data-types) | The value b of the Weierstrass equation
gx | [BigInt](formats.md#data-types) | x-coordinate of the generator
gy | [BigInt](formats.md#data-types) | y-coordinate of the generator
h | (int or null) | [optional] the cofactor
wx | [BigInt](formats.md#data-types) | x-coordinate of the public point
wy | [BigInt](formats.md#data-types) | y-coordinate of the public point
Used in [EcPublicKeyTestGroup](#ecpublickeytestgroup).
## EcUnnamedGroup
An unamed EC group
**name** | **type** | **desc** | **enum**
-------- | ------------------------------- | ---------------------------------------------------------- | --------
a | [BigInt](formats.md#data-types) | coefficient a of the elliptic curve equation |
b | [BigInt](formats.md#data-types) | coefficient b of the elliptic curve equation |
gx | [BigInt](formats.md#data-types) | the x-coordinate of the generator |
gy | [BigInt](formats.md#data-types) | the y-coordinate of the generator |
h | int | the cofactor |
n | [BigInt](formats.md#data-types) | the order of the generator |
p | [BigInt](formats.md#data-types) | the order of the underlying field |
type | str | an unnamed EC group over a prime field in Weierstrass form | 'PrimeOrderCurve'
## EcdhEcpointTestGroup
Fields in EcdhEcpointTestGroup are\:
**name** | **type** | **desc** | **enum** | **optional**
-------- | --------------------------------------------------------------- | ------------------------------ | --------------------------------------------- | ------------
curve | [EcCurve](formats.md#elliptic-curves) | the curve of the private key | |
encoding | str | the encoding of the public key | 'ecpoint' | True
type | str | the type of the test | '[EcdhEcpointTest](files.md#ecdhecpointtest)' |
tests | List of [EcdhEcpointTestVector](types.md#ecdhecpointtestvector) | a list of test vectors | |
## EcdhEcpointTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc** | **ref**
-------- | --------------------------------- | ------------------------ | -------
public | [Asn](formats.md#data-types) | ASN encoded public point | X9.62, Section 4.3.6
private | [BigInt](formats.md#data-types) | The private exponent |
shared | [HexBytes](formats.md#data-types) | The shared secret key |
Used in [EcdhEcpointTestGroup](#ecdhecpointtestgroup).
## EcdhPemTestGroup
Fields in EcdhPemTestGroup are\:
**name** | **type** | **desc** | **enum** | **optional**
-------- | ------------------------------------------------------- | ---------------------------- | ------------------------------------- | ------------
curve | [EcCurve](formats.md#elliptic-curves) | the curve of the private key | |
encoding | str | the encoding of the keys | 'pem' | True
type | str | the type of the test | '[EcdhPemTest](files.md#ecdhpemtest)' |
tests | List of [EcdhPemTestVector](types.md#ecdhpemtestvector) | a list of test vectors | |
## EcdhPemTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------
public | [Pem](formats.md#data-types) | Pem encoded public key. The test vectors check against invalid curve attacks. Hence some test vectors contain keys that are not on the curve, test vectors that use different curve or even public keys from different primitives.
private | [Pem](formats.md#data-types) | Pem encoded private key. The key is always valid.
shared | [HexBytes](formats.md#data-types) | The shared secret key
Used in [EcdhPemTestGroup](#ecdhpemtestgroup).
## EcdhTestGroup
Fields in EcdhTestGroup are\:
**name** | **type** | **desc** | **enum** | **optional**
-------- | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | ------------
curve | [EcCurve](formats.md#elliptic-curves) | the curve of the private key | |
encoding | str | the encoding of the keys. There are test vector files for a number of encodings (raw, asn, pem, ...) to simplify testing libraries that only allow keys with certain encodings. This field however, has become somewhat redundant, since the schema defines the format. | 'asn' | True
type | str | the type of the test | '[EcdhTest](files.md#ecdhtest)' |
tests | List of [EcdhTestVector](types.md#ecdhtestvector) | a list of test vectors | |
## EcdhTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------
public | [Asn](formats.md#data-types) | X509 encoded public key. The encoding of the public key contains the type of the public key, the curve and possibly the curve parameters. The test vectors contain cases where these fields do not match the curve in the testGroup.
private | [BigInt](formats.md#data-types) | the private key
shared | [HexBytes](formats.md#data-types) | The shared secret key. Some invalid test vectors contain a shared secret, which is computed using the curve of the private key. This allows to distinguish between implementations ignoring public key info and implementations using the curve of the public key.
Used in [EcdhTestGroup](#ecdhtestgroup).
## EcdhWebcryptoTestGroup
Fields in EcdhWebcryptoTestGroup are\:
**name** | **type** | **desc** | **enum** | **optional**
-------- | ------------------------------------------------------------------- | ---------------------------- | ------------------------------------------------- | ------------
curve | [EcCurve](formats.md#elliptic-curves) | the curve of the private key | |
encoding | str | the encoding of the keys | 'webcrypto' | True
type | str | the type of the test | '[EcdhWebcryptoTest](files.md#ecdhwebcryptotest)' |
tests | List of [EcdhWebcryptoTestVector](types.md#ecdhwebcryptotestvector) | a list of test vectors | |
## EcdhWebcryptoTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------
public | Json | Valid or invalid public key in webcrypto format
private | JwkEcPrivateKey | Private key in webcrypto format
shared | [HexBytes](formats.md#data-types) | The shared secret key
Used in [EcdhWebcryptoTestGroup](#ecdhwebcryptotestgroup).
## EcdsaBitcoinTestGroup
A test group for the bitcoin variant of ECDSA signatures. The test vectors in
this group are meant for signature verification. The test group contains the
same public key for the signatures in multiple representations. The public keys
are valid.
Fields in EcdsaBitcoinTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------------- | -------------------------------- | --------
key | EcPublicKey | unencoded EC public key |
keyDer | [Der](formats.md#data-types) | DER encoded public key |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key |
sha | [MdName](formats.md#hash-functions) | the hash function used for ECDSA | 'SHA-256'
type | str | the type of the test | '[EcdsaBitcoinVerify](files.md#ecdsabitcoinverify)'
tests | List of [AsnSignatureTestVector](types.md#asnsignaturetestvector) | a list of test vectors |
## EcdsaP1363TestGroup
A test group for ECDSA signatures using IEEE P1363 encoding. The test vectors in
this group are meant for signature verification. The test group contains the
same public key for the signatures in multiple representations. The public keys
are valid with the sole exception that they may use short keys and weak hash
functions such as SHA-1.
Fields in EcdsaP1363TestGroup are\:
**name** | **type** | **desc** | **optional** | **enum**
-------- | ----------------------------------------------------------- | ---------------------------------- | ------------ | --------
jwk | JwkEcPublicKey | the public key in webcrypto format | True |
key | EcPublicKey | unencoded EC public key | |
keyDer | [Der](formats.md#data-types) | DER encoded public key | |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key | |
sha | [MdName](formats.md#hash-functions) | the hash function used for ECDSA | |
type | str | the type of the test | | '[EcdsaP1363Verify](files.md#ecdsap1363verify)'
tests | List of [SignatureTestVector](types.md#signaturetestvector) | a list of test vectors | |
## EcdsaTestGroup
A test group for ECDSA signatures. The test vectors in this group are meant for
signature verification. The test group contains the same public key for the
signatures in multiple representations. The public keys are valid with the sole
exception that they may use short keys and weak hash functions such as SHA-1.
Fields in EcdsaTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------------- | -------------------------------- | --------
key | EcPublicKey | unencoded EC public key |
keyDer | [Der](formats.md#data-types) | DER encoded public key |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key |
sha | [MdName](formats.md#hash-functions) | the hash function used for ECDSA |
type | str | the type of the test | '[EcdsaVerify](files.md#ecdsaverify)'
tests | List of [AsnSignatureTestVector](types.md#asnsignaturetestvector) | a list of test vectors |
## EddsaTestGroup
Fields in EddsaTestGroup are\:
**name** | **type** | **desc** | **since** | **ref** | **enum**
-------- | ----------------------------------------------------------- | ----------------------------------- | --------- | ------------------ | --------
jwk | Json | the private key in webcrypto format | 0.7 | RFC 8037 Section 2 |
key | Json | unencoded key pair | | |
keyDer | [Der](formats.md#data-types) | Asn encoded public key | | |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key | | |
type | str | the type of the test | | | '[EddsaVerify](files.md#eddsaverify)'
tests | List of [SignatureTestVector](types.md#signaturetestvector) | a list of test vectors | | |
## HkdfTestGroup
A test group for key derivation functions that take 4 arguments (ikm, salt,
info, size) as input.
Fields in HkdfTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ------------------------------------------------- | --------------------------- | --------
keySize | int | the size of the ikm in bits |
type | str | the type of the test | '[HkdfTest](files.md#hkdftest)'
tests | List of [HkdfTestVector](types.md#hkdftestvector) | a list of test vectors |
## HkdfTestVector
A test vector for HKDF (or any other key derivation function with input ikm,
salt, info, size
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------
ikm | [HexBytes](formats.md#data-types) | the key (input key material)
salt | [HexBytes](formats.md#data-types) | the salt for the key derivation
info | [HexBytes](formats.md#data-types) | additional information used in the key derivation
size | int | the size of the output in bytes
okm | [HexBytes](formats.md#data-types) | the generated bytes (output key material)
Used in [HkdfTestGroup](#hkdftestgroup).
## IndCpaTestGroup
Fields in IndCpaTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------- | ---------------------- | --------
ivSize | int | the IV size in bits |
keySize | int | the keySize in bits |
type | str | the type of the test | '[IndCpaTest](files.md#indcpatest)'
tests | List of [IndCpaTestVector](types.md#indcpatestvector) | a list of test vectors |
## IndCpaTestVector
A test vector that is used for symmetric primitives that are indistinguishable
under chosen plaintext attacks. These primitives are without an integrity check
and hence without additional authenticated data. For example AES using cipher
block chaining (CBC) is tested using this format.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -------------------------------
key | [HexBytes](formats.md#data-types) | the key
iv | [HexBytes](formats.md#data-types) | the initialization vector
msg | [HexBytes](formats.md#data-types) | the plaintext
ct | [HexBytes](formats.md#data-types) | the raw ciphertext (without IV)
Used in [IndCpaTestGroup](#indcpatestgroup).
## JwkEcPrivateKey
**name** | **type** | **desc** | **enum**
-------- | ---------------------------------- | ------------------------------------ | --------
crv | str | the curve | 'P-256', 'P-384', 'P-521', 'P-256K'
d | [Base64Url](formats.md#data-types) | The private multiplier |
kid | str | the key id |
kty | str | the algorithm | 'EC'
use | str | the purpose of the key |
x | [Base64Url](formats.md#data-types) | The x-coordinate of the public point |
y | [Base64Url](formats.md#data-types) | The y-coordinate of the public point |
## JwkEcPublicKey
**name** | **type** | **desc** | **enum**
-------- | ---------------------------------- | ------------------------------------ | --------
crv | str | the curve | 'P-256', 'P-384', 'P-521', 'P-256K'
kid | str | the key id |
kty | str | the algorithm | 'EC'
use | str | the purpose of the key |
x | [Base64Url](formats.md#data-types) | The x-coordinate of the public point |
y | [Base64Url](formats.md#data-types) | The y-coordinate of the public point |
## JwkRsaPrivateKey
**name** | **type** | **desc** | **enum**
-------- | ---------------------------------- | ----------------------------- | --------
d | [Base64Url](formats.md#data-types) | the private exponent |
dp | [Base64Url](formats.md#data-types) | the value d % (p-1) |
dq | [Base64Url](formats.md#data-types) | the value d % (q-1) |
e | [Base64Url](formats.md#data-types) | the public exponent |
kid | str | the key identifier |
kty | str | the algorithm | 'RSA'
n | [Base64Url](formats.md#data-types) | the modulus of the key |
p | [Base64Url](formats.md#data-types) | a prime factor of the modulus |
q | [Base64Url](formats.md#data-types) | a prime factor of the modulus |
qi | [Base64Url](formats.md#data-types) | the CRT value q^(-1) % p |
use | str | the purpose of the key | 'sig', 'enc'
## JwkRsaPublicKey
**name** | **type** | **desc** | **enum**
-------- | ---------------------------------- | ---------------------- | --------
e | [Base64Url](formats.md#data-types) | the public exponent |
kid | str | the key identifier |
kty | str | the algorithm | 'RSA'
n | [Base64Url](formats.md#data-types) | the modulus of the key |
use | str | the purpose of the key | 'sig', 'enc'
## JwkXdhPrivateKey
**name** | **type** | **desc** | **enum**
-------- | ---------------------------------- | --------------------- | --------
crv | str | the DH function | 'X25519', 'X448'
d | [Base64Url](formats.md#data-types) | the private key value |
kid | str | the key identifier |
kty | str | the key type | 'OKP'
x | [Base64Url](formats.md#data-types) | the public key value |
## JwkXdhPublicKey
**name** | **type** | **desc** | **enum**
-------- | ---------------------------------- | -------------------- | --------
crv | str | the DH function | 'X25519', 'X448'
kid | str | the key identifier |
kty | str | the key type | 'OKP'
x | [Base64Url](formats.md#data-types) | the public key value |
## KdfTestGroup
A test group for key derivation functions that take 2 arguments (seed, size) as
input.
Fields in KdfTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------- | ---------------------------- | --------
keySize | int | the size of the seed in bits |
type | str | the type of the test | '[KdfTest](files.md#kdftest)'
tests | List of [KdfTestVector](types.md#kdftestvector) | a list of test vectors |
## KdfTestVector
A test vector for key derivation functions. I.e., these are deterministic
functions that take a seed and a size as input and generate a pseudorandom
output depending on the seed. (The size may simply determine the length of the
pseudorandom output or may change the pseudorandom stream).
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | --------
seed | [HexBytes](formats.md#data-types) | the seed
size | int | the size of the output in bytes
okm | [HexBytes](formats.md#data-types) | the generated bytes (output key material)
Used in [KdfTestGroup](#kdftestgroup).
## KeywrapTestGroup
Fields in KeywrapTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ------------------------------------------------------- | ---------------------- | --------
keySize | int | the keySize in bits |
type | str | the type of the test | '[KeywrapTest](files.md#keywraptest)'
tests | List of [KeywrapTestVector](types.md#keywraptestvector) | a list of test vectors |
## KeywrapTestVector
A test vector for key wrap primitives. Key wrap primitives are typically
symmetric encryptions that were specifically desigend for encrypting key
material. In some cases the input size is restricted to typical key sizes e.g. a
multiple of 8 bytes. The encryption may assume that the wrapped bytes have high
entropy. Hence some of the key wrap primitives are deterministic.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | ---------------------
key | [HexBytes](formats.md#data-types) | the wrapping key
msg | [HexBytes](formats.md#data-types) | the key bytes to wrap
ct | [HexBytes](formats.md#data-types) | the wrapped key
Used in [KeywrapTestGroup](#keywraptestgroup).
## MacTestGroup
Fields in MacTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------- | ------------------------------------ | --------
keySize | int | the keySize in bits |
tagSize | int | the expected size of the tag in bits |
type | str | the type of the test | '[MacTest](files.md#mactest)'
tests | List of [MacTestVector](types.md#mactestvector) | a list of test vectors |
## MacTestVector
A test vector for message authentication codes (MAC).
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | ----------------------
key | [HexBytes](formats.md#data-types) | the key
msg | [HexBytes](formats.md#data-types) | the plaintext
tag | [HexBytes](formats.md#data-types) | the authentication tag
Used in [MacTestGroup](#mactestgroup).
## MacWithIvTestGroup
Fields in MacWithIvTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------- | ------------------------------------ | --------
ivSize | int | the IV size in bits |
keySize | int | the key size in bits |
tagSize | int | the expected size of the tag in bits |
type | str | the type of the test | '[MacWithIvTest](files.md#macwithivtest)'
tests | List of [MacWithIvTestVector](types.md#macwithivtestvector) | a list of test vectors |
## MacWithIvTestVector
A test vector for message authentication codes (MAC) that use an IV.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -------------------------
key | [HexBytes](formats.md#data-types) | the key
iv | [HexBytes](formats.md#data-types) | the initialization vector
msg | [HexBytes](formats.md#data-types) | the plaintext
tag | [HexBytes](formats.md#data-types) | the authentication tag
Used in [MacWithIvTestGroup](#macwithivtestgroup).
## PbkdfTestGroup
A test group for key derivation functions that take 4 arguments (password, salt,
iteration count and output size) as input.
Fields in PbkdfTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | --------------------------------------------------- | ---------------------- | --------
type | str | the type of the test | '[PbkdfTest](files.md#pbkdftest)'
tests | List of [PbkdfTestVector](types.md#pbkdftestvector) | a list of test vectors |
## PbkdfTestVector
A test vector for PBKDF (or any other key derivation function with input
password, salt, iteration count, size.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------------- | --------------------------------- | --------
password | [HexBytes](formats.md#data-types) | the password
salt | [HexBytes](formats.md#data-types) | the salt
iterationCount | int | the iteration count
dkLen | int | the intended length of the output in bytes
dk | [HexBytes](formats.md#data-types) | the derived key
Used in [PbkdfTestGroup](#pbkdftestgroup).
## PrimalityTestGroup
A test group for primality tests.
Fields in PrimalityTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------- | ---------------------- | --------
type | str | the type of the test | '[PrimalityTest](files.md#primalitytest)'
tests | List of [PrimalityTestVector](types.md#primalitytestvector) | a list of test vectors |
## PrimalityTestVector
A test vector for a primality test. The result is valid if value is prime and
invalid if it is 0, 1, -1 or composite. The status of the negative of a prime is
somewhat unlclear. Some libraries accept them as primes. Because of this the
negative of a prime has result "acceptable".
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | ------------------------------- | -------------------
value | [BigInt](formats.md#data-types) | the integer to test
Used in [PrimalityTestGroup](#primalitytestgroup).
## RsaPrivateKey
Describes an RSA private key. The data type is based on the RSAPrivateKey type
defined in Section A.1.2 of RFC 8017.
**name** | **type** | **desc** | **enum**
--------------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | --------
coefficient | [BigInt](formats.md#data-types) | the CRT value q^(-1) % p |
exponent1 | [BigInt](formats.md#data-types) | the value d % (p-1) |
exponent2 | [BigInt](formats.md#data-types) | the value d % (q-1) |
modulus | [BigInt](formats.md#data-types) | the modulus of the key |
otherPrimeInfos | list of list of [BigInt](formats.md#data-types) | list of triples [prime, exponent, coefficient] |
prime1 | [BigInt](formats.md#data-types) | p: a prime factor of the modulus |
prime2 | [BigInt](formats.md#data-types) | q: a prime factor of the modulus |
privateExponent | [BigInt](formats.md#data-types) | the private exponent |
publicExponent | [BigInt](formats.md#data-types) | the public exponent |
version | int | The version of the private key. This is 0 for keys with no otherPrimeInfos and 1 for keys with otherPrimeInfos, i.e. multiprime keys. | 0, 1
## RsaPublicKey
Describes an RSA private key. The data type is based on the RSAPublicKey type
defined in Appendix C of RFC 8017.
**name** | **type** | **desc** | **enum**
-------------- | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | --------
modulus | [BigInt](formats.md#data-types) | the modulus of the key |
publicExponent | [BigInt](formats.md#data-types) | the public exponent |
version | int | The version of the private key. This is 0 for keys with no otherPrimeInfos and 1 for keys with otherPrimeInfos, i.e. multiprime keys. | 0, 1
## RsaPublicKeyAsnTestGroup
Fields in RsaPublicKeyAsnTestGroup are\:
**name** | **type** | **desc** | **enum**
--------------- | ----------------------------------------------------------------------- | --------------------------- | --------
privateKey | RsaPrivateKey | the private key |
privateKeyPkcs8 | [Der](formats.md#data-types) | PKCS #8 encoded private key |
publicKeyAsn | [Der](formats.md#data-types) | the X509 encoded public key |
type | str | the type of the test | '[RsaPublicKeyAsnTest](files.md#rsapublickeyasntest)'
tests | List of [RsaPublicKeyAsnTestVector](types.md#rsapublickeyasntestvector) | a list of test vectors |
## RsaPublicKeyAsnTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | ---------------------------- | ----------------------------------
encoded | [Asn](formats.md#data-types) | a modified X509 encoded public key
Used in [RsaPublicKeyAsnTestGroup](#rsapublickeyasntestgroup).
## RsaPublicKeyPemTestGroup
Fields in RsaPublicKeyPemTestGroup are\:
**name** | **type** | **desc** | **enum**
------------- | ----------------------------------------------------------------------- | ---------------------------------------- | --------
privateKey | RsaPrivateKey | the private key |
privateKeyPem | [Pem](formats.md#data-types) | PEM encoded private key |
publicKeyPem | [Pem](formats.md#data-types) | the corresponding PEM encoded public key |
type | str | the type of the test | '[RsaPublicKeyPemTest](files.md#rsapublickeypemtest)'
tests | List of [RsaPublicKeyPemTestVector](types.md#rsapublickeypemtestvector) | a list of test vectors |
## RsaPublicKeyPemTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | ---------------------------- | ---------------------------------
encoded | [Pem](formats.md#data-types) | a modified PEM encoded public key
Used in [RsaPublicKeyPemTestGroup](#rsapublickeypemtestgroup).
## RsaesOaepTestGroup
Fields in RsaesOaepTestGroup are\:
**name** | **type** | **desc** | **since** | **optional** | **enum**
--------------- | ----------------------------------------------------------- | ----------------------------------------------------------- | --------- | ------------ | --------
d | [BigInt](formats.md#data-types) | The private exponent | | |
e | [BigInt](formats.md#data-types) | The public exponent | | |
keySize | int | key size in bits | | |
mgf | str | the message generating function (e.g. MGF1) | | |
mgfSha | [MdName](formats.md#hash-functions) | The hash function used for the message generating function. | | |
n | [BigInt](formats.md#data-types) | The modulus of the key | | |
privateKeyJwk | JwkRsaPrivateKey | JSON encoded private key | 0.7 | True |
privateKeyPem | [Pem](formats.md#data-types) | Pem encoded private key | | |
privateKeyPkcs8 | [Der](formats.md#data-types) | Pkcs 8 encoded private key | | |
sha | [MdName](formats.md#hash-functions) | The hash function for hashing the label. | | |
type | str | the type of the test | | | '[RsaesOaepDecrypt](files.md#rsaesoaepdecrypt)'
tests | List of [RsaesOaepTestVector](types.md#rsaesoaeptestvector) | a list of test vectors | | |
## RsaesOaepTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | ---------------------------------
msg | [HexBytes](formats.md#data-types) | The encrypted message
ct | [HexBytes](formats.md#data-types) | An encryption of msg
label | [HexBytes](formats.md#data-types) | The label used for the encryption
Used in [RsaesOaepTestGroup](#rsaesoaeptestgroup).
## RsaesPkcs1TestGroup
Fields in RsaesPkcs1TestGroup are\:
**name** | **type** | **desc** | **since** | **optional** | **enum**
--------------- | ------------------------------------------------------------- | --------------------------- | --------- | ------------ | --------
d | [BigInt](formats.md#data-types) | The private exponent | | |
e | [BigInt](formats.md#data-types) | The public exponent | | |
keySize | int | The key size in bits | | |
n | [BigInt](formats.md#data-types) | The modulus of the key | | |
privateKeyJwk | JwkRsaPrivateKey | JWK encoded private key | 0.7 | True |
privateKeyPem | [Pem](formats.md#data-types) | Pem encoded private key | | |
privateKeyPkcs8 | [Der](formats.md#data-types) | Pkcs 8 encoded private key. | | |
type | str | the type of the test | | | '[RsaesPkcs1Decrypt](files.md#rsaespkcs1decrypt)'
tests | List of [RsaesPkcs1TestVector](types.md#rsaespkcs1testvector) | a list of test vectors | | |
## RsaesPkcs1TestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | ---------------------
msg | [HexBytes](formats.md#data-types) | The encrypted message
ct | [HexBytes](formats.md#data-types) | An encryption of msg
Used in [RsaesPkcs1TestGroup](#rsaespkcs1testgroup).
## RsassaPkcs1GenTestGroup
Fields in RsassaPkcs1GenTestGroup are\:
**name** | **type** | **desc** | **ref** | **since** | **optional** | **enum**
--------------- | ----------------------------------------------------------- | -------------------------------------- | -------- | --------- | ------------ | --------
d | [BigInt](formats.md#data-types) | The private exponent | | | |
e | [BigInt](formats.md#data-types) | The public exponent | | | |
keyAsn | [Der](formats.md#data-types) | DER encoding of the sequence [n, e] | | | |
keyDer | [Der](formats.md#data-types) | DER encoding of the public key | | | |
keyJwk | JwkRsaPublicKey | [Optional] public key in JWK format | RFC 7517 | 0.7 | True |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key | | | |
keySize | int | the size of the modulus in bits | | | |
n | [BigInt](formats.md#data-types) | The modulus of the key | | | |
privateKeyJwk | JwkRsaPrivateKey | [Optional] Private key in JWK format | RFC 7517 | 0.7 | True |
privateKeyPem | Pem | Pem encoded private key | | | |
privateKeyPkcs8 | [Der](formats.md#data-types) | PKCS8 encoded private key | | | |
sha | [MdName](formats.md#hash-functions) | the hash function used for the message | | | |
type | str | the type of the test | | | | '[RsassaPkcs1Generate](files.md#rsassapkcs1generate)'
tests | List of [SignatureTestVector](types.md#signaturetestvector) | a list of test vectors | | | |
## RsassaPkcs1TestGroup
Fields in RsassaPkcs1TestGroup are\:
**name** | **type** | **desc** | **ref** | **since** | **optional** | **enum**
-------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | -------- | --------- | ------------ | --------
e | [BigInt](formats.md#data-types) | The public exponent | | | |
keyAsn | [Der](formats.md#data-types) | ASN encoding of the sequence [n, e] | | | |
keyDer | [Der](formats.md#data-types) | ASN encoding of the public key | | | |
keyJwk | JwkRsaPublicKey | The public key in JWK format. The key is missing if the signature algorithm for the given hash is not defined. | RFC 7517 | 0.7 | True |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key | | | |
keySize | int | the size of the modulus in bits | | | |
n | [BigInt](formats.md#data-types) | The modulus of the key | | | |
sha | [MdName](formats.md#hash-functions) | the hash function used for the message | | | |
type | str | the type of the test | | | | '[RsassaPkcs1Verify](files.md#rsassapkcs1verify)'
tests | List of [SignatureTestVector](types.md#signaturetestvector) | a list of test vectors | | | |
## RsassaPssTestGroup
Fields in RsassaPssTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------------- | ----------------------------------------------------------- | --------
e | [BigInt](formats.md#data-types) | The public exponent |
keyAsn | [Der](formats.md#data-types) | ASN encoding of the sequence [n, e] |
keyDer | [Der](formats.md#data-types) | ASN encoding of the public key |
keyPem | [Pem](formats.md#data-types) | Pem encoded public key |
keySize | int | the size of the modulus in bits |
mgf | str | the message generating function (e.g. MGF1) |
mgfSha | [MdName](formats.md#hash-functions) | The hash function used for the message generating function. |
n | [BigInt](formats.md#data-types) | The modulus of the key |
sLen | int | The length of the salt in bytes |
sha | [MdName](formats.md#hash-functions) | The hash function for hasing the message. |
type | str | the type of the test | '[RsassaPssVerify](files.md#rsassapssverify)'
tests | List of [RsassaPssTestVector](types.md#rsassapsstestvector) | a list of test vectors |
## RsassaPssTestVector
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -------------------
msg | [HexBytes](formats.md#data-types) | The message to sign
sig | [HexBytes](formats.md#data-types) | a signature for msg
Used in [RsassaPssTestGroup](#rsassapsstestgroup).
## SignatureTestVector
A test vector with a public key signature. This structure is used for public key
signatures where the primitive specifies the encoding as an array of bytes (e.g.
P1363 encoded ECDSA signatures.) Public key signatures with additional
formatting (e.g. ASN.1 encoded ECDSA signatures) have their separate types.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -------------------
msg | [HexBytes](formats.md#data-types) | The message to sign
sig | [HexBytes](formats.md#data-types) | A signature for msg
Used in [DsaP1363TestGroup](#dsap1363testgroup),
[EcdsaP1363TestGroup](#ecdsap1363testgroup), [EddsaTestGroup](#eddsatestgroup),
[RsassaPkcs1GenTestGroup](#rsassapkcs1gentestgroup),
[RsassaPkcs1TestGroup](#rsassapkcs1testgroup).
## Test
The root type of each JSON file with tests. Each file contains one ore more test
groups. Each test group contains one ore more test vectors. All test vectors in
the same file have the same type and test the same cryptographic primitive.
**name** | **type** | **desc** | **since**
---------------- | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------
algorithm | str | The primitive tested in the test file. This is mainly a brief description of the algorithm used. So far there is no formal definition of this field and its description may change. |
generatorVersion | str | The version of the test vectors. The version number has the format major.minor (or major.minor[release candidate]). The plan is to change the format of the test vectors in major versions only, once version 1.0 has been reached. Conversely, version 1.0 will be published once we think the format for the test vectors are sufficiently stable. |
header | list of str | additional documentation |
notes | JSON | A description of the labels used in the test vectors. Some test vectors contain labels that formally describe the test vector. It can be helpful to make test more precise. For example libraries differ in whether they accept ASN encodings different from DER. Hence many of the test vectors with alternative BER encoding are rated as acceptable. Labels allow to decide whether tests with alternatve BER encoding should be rejected or accepted when testing a particular library. |
numberOfTests | int | The number of test vectors in this test. Each test vector has a unique tcId in the range 1 .. tcId. |
schema | str | The filename of the JSON schema that defines the format of the test vectors in this file. If the format of the test vectors changes then a new schema will be generate, so that comparing the name of the schema with an expected name can be used to check for compatibility between test vectors and test code. | 0.7
testGroups | list of JSON | a list of test groups |
## TestGroup
TestGroup is a base class for all test groups. Each test group contains a list
of test vectors of the same type. The test group describes parameters that are
common for all the test vectors. Often some parameters are given in multiple
formats to simplify testing. For example, asymmetric private key are typically
given in a raw format, PKCS #8 encoded and in PEM format. All fields in a test
group are corretly formatted. Incorrectly formatted inputs are always in the
test vectors. The list below describes the fields that are common to all test
groups, though generally a test group contains additional fields depending on
the test for which the test vectors are intended for.
Fields in TestGroup are\:
**name** | **type** | **desc**
-------- | -------- | ----------------------
tests | List | a list of test vectors
type | str | the type of the test
## TestVector
**name** | **type** | **desc** | **enum**
-------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------
comment | str | A brief description of the test case |
flags | list of str | A list of flags for a test case. Flags are described in the header of the test file. |
result | str | The test result. The value determines whether the test case is valid, invalid or undefined. The value "acceptable" is typically used for legacy cases, weak parameters (such as key sizes not reaching 112-bit security) or BER encoding that are frequent. Eventually, all test vectors with "result" : "acceptable" will have flags describing the reason and allowing testers to decide how to treat these test vectors. | 'valid', 'invalid', 'acceptable'
tcId | int | A unique identifier of the test case in a test file. The identifiers are continuous integers. The identifiers of test vectors change between versions of the test file. Hence, the triple (filename, version, tcId) uniquely identifies a test vector. |
## XdhAsnTestGroup
Fields in XdhAsnTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------
curve | [EcCurve](formats.md#elliptic-curves) | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. |
type | str | the type of the test | '[XdhAsnComp](files.md#xdhasncomp)'
tests | List of [XdhAsnTestVector](types.md#xdhasntestvector) | a list of test vectors |
## XdhAsnTestVector
A test vector for a key exchange using XDH. Public and private keys are ASN
encoded.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | ----------------------------
public | [Asn](formats.md#data-types) | X.509 encoded the public key
private | [Der](formats.md#data-types) | PKCS #8 encoded private key
shared | [HexBytes](formats.md#data-types) | the shared secret
Used in [XdhAsnTestGroup](#xdhasntestgroup).
## XdhJwkTestGroup
Fields in XdhJwkTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------
curve | [EcCurve](formats.md#elliptic-curves) | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. |
type | str | the type of the test | '[XdhJwkComp](files.md#xdhjwkcomp)'
tests | List of [XdhJwkTestVector](types.md#xdhjwktestvector) | a list of test vectors |
## XdhJwkTestVector
A test vector for a key exchange using XDH. XDH is a Diffie-Hellman key exchange
defined in RFC 7748. Both public and private key in this test vector are using
the jwk format.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc** | **ref**
-------- | --------------------------------- | ----------------------------------------- | -------
public | JSON | valid or invalid public key in jwk format | RFC 8037
private | JwkXdhPrivateKey | the private key in jwk format | RFC 8037
shared | [HexBytes](formats.md#data-types) | the shared secret |
Used in [XdhJwkTestGroup](#xdhjwktestgroup).
## XdhPemTestGroup
Fields in XdhPemTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------
curve | [EcCurve](formats.md#elliptic-curves) | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. |
type | str | the type of the test | '[XdhPemComp](files.md#xdhpemcomp)'
tests | List of [XdhPemTestVector](types.md#xdhpemtestvector) | a list of test vectors |
## XdhPemTestVector
A test vector for a key exchange using XDH. Public and private keys are pem
encoded.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -----------------------
public | [Pem](formats.md#data-types) | PEM encoded public key
private | [Pem](formats.md#data-types) | PEM encoded private key
shared | [HexBytes](formats.md#data-types) | the shared secret
Used in [XdhPemTestGroup](#xdhpemtestgroup).
## XdhTestGroup
Fields in XdhTestGroup are\:
**name** | **type** | **desc** | **enum**
-------- | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------
curve | [EcCurve](formats.md#elliptic-curves) | The name of the curve. If test vectors encode the curve as part of the public and private key then this field describes the curve of the private key. Test vectors with such encoding can contain distinct curves. Such test vectors are of course invalid and an attempt to compute a shared secret is expected to fail. |
type | str | the type of the test | '[XdhComp](files.md#xdhcomp)'
tests | List of [XdhTestVector](types.md#xdhtestvector) | a list of test vectors |
## XdhTestVector
A test vector for a key exchange using XDH. XDH is a Diffie-Hellman key exchange
defined in RFC 7748. Both public and private key in this test vector are just
raw bytes. That is valid public keys and valid private keys are 32 bytes each
for X25519 and 56 bytes for X448.
Fields additional to the fields in TestVector are\:
**name** | **type** | **desc**
-------- | --------------------------------- | -------------------------------
public | [HexBytes](formats.md#data-types) | the raw bytes of the public key
private | [HexBytes](formats.md#data-types) | the raw bytes of private key
shared | [HexBytes](formats.md#data-types) | the shared secret
Used in [XdhTestGroup](#xdhtestgroup).
|
