Google Git
Sign in
boringssl / boringssl / 367115b056112ddedf7c97a319f53e3ef69064c6 / . / third_party / wycheproof_testvectors / ecdh_test.txt
blob: ae8221a6669536a46bc8da5f55c4229cf1d6c9a0 [file] [log] [blame]
# Imported from Wycheproof's ecdh_test.json.
# This file is generated by convert_wycheproof.go. Do not edit by hand.
#
# Algorithm: ECDH
# Generator version: 0.4.12
[curve = secp224r1]
[encoding = asn]
# tcId = 1
# normal case
private = 565577a49415ca761a0322ad54e4ad0ae7625174baf372c2816f5328
public = 304e301006072a8648ce3d020106052b81040021033a00047d8ac211e1228eb094e285a957d9912e93deee433ed777440ae9fc719b01d050dfbe653e72f39491be87fb1a2742daa6e0a2aada98bb1aca
result = valid
shared = b8ecdb552d39228ee332bafe4886dbff272f7109edf933bc7542bd4f
curve = secp224r1
# tcId = 2
# compressed public key
private = 565577a49415ca761a0322ad54e4ad0ae7625174baf372c2816f5328
public = 3032301006072a8648ce3d020106052b81040021031e00027d8ac211e1228eb094e285a957d9912e93deee433ed777440ae9fc71
result = acceptable
shared = b8ecdb552d39228ee332bafe4886dbff272f7109edf933bc7542bd4f
curve = secp224r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 3
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004e73a6ca72f3a2fae6e0a01a0ed03bfa3058b04576942eaf063095e62ca16fd31fa0f38eeb592cbeea1147751fdd2a5b6cc0ead404467a5b6
result = valid
shared = 00000000000000000000000000000000000000000000000000000003
curve = secp224r1
# tcId = 4
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a00045763fa2ae16367ad23d471cc9a52466f0d81d864e5640cefe384114594d9fecfbed4f254505ac8b41d2532055a07f0241c4818b552cbb636
result = valid
shared = 00000000000000000000000100000000000000000000000000000001
curve = secp224r1
# tcId = 5
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004142c1fd80fa2121a59aa898144084ec033f7a56a34eee0b499e29ae51c6d8c1bbb1ef2a76d565899fe44ffc1207d530d7f598fb77f4bb76b
result = valid
shared = 00000000000000ffffffffffffff0000000000000100000000000000
curve = secp224r1
# tcId = 6
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004ed6f793e10c80d12d871cf8988399c4898a9bf9ffd8f27399f63de25f0051cdf4eec7f368f922cfcd948893ceca0c92e540cc4367a99a66a
result = valid
shared = 00000000ffffffffffffffff00000000000000010000000000000000
curve = secp224r1
# tcId = 7
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a000408fcfc1a63c82860be12e4137433dfc40be9acdd245f9a8c4e56be61a385fc09f808383383f4b1d0d5365b6e5dcfacdc19bc7bcfed221274
result = valid
shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff
curve = secp224r1
# tcId = 8
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004d883ed77f1861e8712800d31df67888fe39f150c79a27aa88caeda6b180f3f623e2ff3ab5370cf8179165b085af3dd4502850c0104caed9a
result = valid
shared = 0003fffffff00000003fffffff00000003fffffff000000040000000
curve = secp224r1
# tcId = 9
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a00042b8b279b85ee3f3d2c0abeb36fdfc5aad6157d652d26489381a32cd73224bd757ef794acc92b0b3b9e7990618bb343a9a09bdb9d3616eff6
result = valid
shared = 01fffffffc00000007fffffff00000001fffffffc000000080000001
curve = secp224r1
# tcId = 10
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a00048bd5f03391eeeae1744e8fc53d314efffafa4d3fa4f1b95c3388a9cd7c86358b273119c537133eb55e79c6ac510b10980b379b919ccf2e2f
result = valid
shared = 0a15c112ff784b1445e889f955be7e3ffdf451a2c0e76ab5cb32cf41
curve = secp224r1
# tcId = 11
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004ce9631b6a16227778625c8e5421ae083cdd913abefde01dbe69f6c2b95386aff2b483b2c47151cfaabfd000614c683ce2e1778221ae42c1b
result = valid
shared = 62989eaaa26a16f07330c3c51e0a4631fd016bfcede26552816aee39
curve = secp224r1
# tcId = 12
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a00041f441c98eda956a6a7fdbfd8d21910860ab59d16c3e52f8e7fad6ca5df61a55fc508fc0499c55492f1e87bb2faa0cb4170b79f3a85ec2f3d
result = valid
shared = 661ac958c0febbc718ccf39cefc6b66c4231fbb9a76f35228a3bf5c3
curve = secp224r1
# tcId = 13
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004be74583cb9d3a05ae54923624e478a329a697d842dfae33141c844d7d9ba4fc96e0fe716ac0542e87368662fc2f0cb9b0ae57936ddec7190
result = valid
shared = 6d7e41821abe1094d430237923d2a50de31768ab51b12dce8a09e34c
curve = secp224r1
# tcId = 14
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004a281ad992b363597ac93ff0de8ab1f7e51a6672dcbb58f9d739ba430ce0192874038daefc3130eec65811c7255da70fea65c1003f6892faa
result = valid
shared = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff
curve = secp224r1
# tcId = 15
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004be3e22133f51203f631b81dde8c020cdea5daa1f99cfc05c88fad2dc0f243798d6e72d1de9e3cdca4144e0a6c0f2a584d07589006972c197
result = valid
shared = fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0008001
curve = secp224r1
# tcId = 16
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004af14547c20afbd91bfe64ea03d45a76a71241f23520ef897ff91eff1b54ca6ca8c25fd73852ec6654617434eff7f0225684d4dea7a4f8a97
result = valid
shared = ffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff
curve = secp224r1
# tcId = 17
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004b1e484925018729926acda56ff3e2f6c1e7e8f162b178d8e8afb45564fceaa6da5d998fe26b6b26a055169063a5ab6908852ca8b54e2de6c
result = valid
shared = fffff0000007fffffe000000ffffffc000001ffffff8000003ffffff
curve = secp224r1
# tcId = 18
# edge case for shared secret
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004937eb09fb145c8829cb7df20a4cbeed396791373de277871d6c5f9cc3b5b4fd56464a71fc4a2a6af3bd251952bffa829489e68a8d06f96b6
result = valid
shared = ffffffff00000000ffffffff00000000ffffffff00000000ffffffff
curve = secp224r1
# tcId = 19
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004000000000000000000000000000000000000000000000000000000037cac269c67bd55ea14efff4eadefe5e74978514af14c88fab46ec046
result = valid
shared = 3fa0b9ff70b884f9f57bb84f7a9532d93f6ba803f89dd8ff008177d7
curve = secp224r1
# tcId = 20
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004000000000000000000000001000000000000000000000000000000012ea2f4917bdfdb008306cc10a18e2557633ba861001829dcbfb96fba
result = valid
shared = be1ded8cb7ff8a585181f96d681e31b332fe27dcae922dca2310300d
curve = secp224r1
# tcId = 21
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000ffffffffffffff000000000000010000000000000073ca5f8f104997a2399e0c7f25e72a75ec29fc4542533d3fea89a33a
result = valid
shared = a2e86a260e13515918a0cafdd87855f231b5624c560f976159e06a75
curve = secp224r1
# tcId = 22
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000400000000ffffffffffffffff000000000000000100000000000000006fe6805f59b19b0dd389452a1d4a420bfeb6c369cf6fed5b12e6e654
result = valid
shared = 31ef7c8d10404a0046994f313a70574b027e87f9028eca242c1b5bf5
curve = secp224r1
# tcId = 23
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff77c5cfa4e2c384938d48bd8dd98f54c86b279f1df8c0a1f6692439c9
result = valid
shared = d1976a8ef5f54f24f5a269ad504fdca849fc9c28587ba294ef267396
curve = secp224r1
# tcId = 24
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00040003fffffff00000003fffffff00000003fffffff00000004000000001f0828136016bb97445461bc59f2175d8d23557d6b9381f26136e3d
result = valid
shared = ce7890d108ddb2e5474e6417fcf7a9f2b3bd018816062f4835260dc8
curve = secp224r1
# tcId = 25
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000401fffffffc00000007fffffff00000001fffffffc0000000800000012d8acca6f199d4a94b933ba1aa713a7debde8ac57b928f596ae66a66
result = valid
shared = 30b6ff6e8051dae51e4fe34b2d9a0b1879153e007eb0b5bdf1791a9c
curve = secp224r1
# tcId = 26
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00040a15c112ff784b1445e889f955be7e3ffdf451a2c0e76ab5cb32cf413d4df973c563c6decdd435e4f864557e4c273096d9941ca4260a266e
result = valid
shared = 77ec668a00f72d85aa527624abb16c039fe490d17dd6c455a1ed7fd8
curve = secp224r1
# tcId = 27
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000462989eaaa26a16f07330c3c51e0a4631fd016bfcede26552816aee39389ee9436d616cab90032931aa7fbbfcfc13309f61e2423cc8dab93c
result = valid
shared = a3f432f6aba9a92f49a5ea64ffe7059a9d9b487a0b5223ddc988208b
curve = secp224r1
# tcId = 28
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004661ac958c0febbc718ccf39cefc6b66c4231fbb9a76f35228a3bf5c3103b8040e3cb41966fc64a68cacb0c14053f87d27e8ed7bf2d7fe51b
result = valid
shared = 1530fd9caf03737af34a4ba716b558cbecbc35d18402535a0a142313
curve = secp224r1
# tcId = 29
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00046d7e41821abe1094d430237923d2a50de31768ab51b12dce8a09e34c276cf273d75d367820dd556182def0957af0a314f48fed227c298dc0
result = valid
shared = cfc39ccacb94ad0e0552b2e47112f60fbbe7ae0dc32230b9273dd210
curve = secp224r1
# tcId = 30
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00047fffffffffffffffffffffffffffffffffffffffffffffffffffffff7d8dbca36c56bcaae92e3475f799294f30768038e816a7d5f7f07d77
result = valid
shared = 73bd63bd384a0faafb75cfed3e95d3892cbacf0db10f282c3b644771
curve = secp224r1
# tcId = 31
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc000800174f1ff5ea7fbc72b92f61e06556c26bab84c0b082dd6400ca1c1eb6d
result = valid
shared = 85b079c62e1f5b0fd6841dfa16026e15b641f65e13a14042567166bb
curve = secp224r1
# tcId = 32
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004ffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0126fdd5fccd0b5aa7fd5bb5b1308584b30556248cec80208a2fe962
result = valid
shared = 8a834ff40e3fc9f9d412a481e18537ea799536c5520c6c7baaf12166
curve = secp224r1
# tcId = 33
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004fffff0000007fffffe000000ffffffc000001ffffff8000003ffffff20cfa23077acc9fbcb71339c65880cd0b966b8a9497e65abed17f0b5
result = valid
shared = a0887269766e6efcbc81d2b38f2d4638663f12377468a23421044188
curve = secp224r1
# tcId = 34
# edge cases for ephemeral key
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffff00000000ffffffff00000000ffffffff00000000ffffffff1c05ac2d4f10b69877c3243d51f887277b7bf735c326ab2f0d70da8c
result = valid
shared = c65d1911bc076a74588d8793ce7a0dcabf5793460cd2ebb02754a1be
curve = secp224r1
# tcId = 35
# edge case private key
private = 3
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = e71f2157bfe37697ea5193d4732dcc6e5412fa9d38387eacd391c1c6
curve = secp224r1
# tcId = 36
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffff
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = fa2664717c7fa0161ec2c669b2c0986cdc20456a6e5406302bb53c77
curve = secp224r1
# tcId = 37
# edge case private key
private = 1000000000000000000000000000000000000000000000000000000
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = af6e5ad34497bae0745f53ad78ce8b285d79f400d5c6e6a071f8e6bd
curve = secp224r1
# tcId = 38
# edge case private key
private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 12fd302ff8c13c55a9c111f8bb6b0a13ecf88299c0ae3032ce2bcaff
curve = secp224r1
# tcId = 39
# edge case private key
private = 080000000000000000000000000000000000000000000000000000000
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 73f1a395b842f1a6752ae417e2c3dc90cafc4476d1d861b7e68ad030
curve = secp224r1
# tcId = 40
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03d13dd29455c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = b329c20ddb7c78ee4e622bb23a984c0d273ba34b6269f3d9e8f89f8e
curve = secp224r1
# tcId = 41
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13cd29455c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 6f48345209b290ffc5abbe754a201479e5d667a209468080d06197b4
curve = secp224r1
# tcId = 42
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13d529455c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 9f6e30c1c9dad42a153aacd4b49a8e5c721d085cd07b5d5aec244fc1
curve = secp224r1
# tcId = 43
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29445c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 8cadfb19a80949e61bd5b829ad0e76d18a5bb2eeb9ed7fe2b901cecd
curve = secp224r1
# tcId = 44
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c29b7
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 475fd96e0eb8cb8f100a5d7fe043a7a6851d1d611da2643a3c6ae708
curve = secp224r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 45
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a37
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 41ef931d669d1f57d8bb95a01a92321da74be8c6cbc3bbe0b2e73ebd
curve = secp224r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 46
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3a
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = e71f2157bfe37697ea5193d4732dcc6e5412fa9d38387eacd391c1c6
curve = secp224r1
# tcId = 47
# edge case private key
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3b
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 11ff15126411299cbd49e2b7542e69e91ef132e2551a16ecfebb23a3
curve = secp224r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 48
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 49
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 50
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffff000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 51
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffff000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 52
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 53
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 54
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000000000000000000000000000000000000000000001ffffffffffffffffffffffffffffffff000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 55
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000000000000000000000000000000000000000000001ffffffffffffffffffffffffffffffff000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 56
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 57
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 58
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff000000000000000000000000ffffffffffffffffffffffffffffffff000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 59
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff000000000000000000000000ffffffffffffffffffffffffffffffff000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 60
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff00000000000000000000000100000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 61
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff00000000000000000000000100000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 62
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff000000000000000000000001ffffffffffffffffffffffffffffffff000000000000000000000000
result = invalid
shared =
curve = secp224r1
# tcId = 63
# point is not on curve
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffffffffffffffffffffffffffff000000000000000000000001ffffffffffffffffffffffffffffffff000000000000000000000001
result = invalid
shared =
curve = secp224r1
# tcId = 64
private = 0c6cafb74e2a5b5ed4b991cbbfbc28c18f6df208b6d05e7a2e6668014
public = 3015301006072a8648ce3d020106052b81040021030100
result = invalid
shared =
curve = secp224r1
# tcId = 65
# public point not on curve
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 304e301006072a8648ce3d020106052b81040021033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5d
result = invalid
shared =
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 66
# public point = (0,0)
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 67
# order = -26959946667150639794667015087019625940457807714424391721682722368061
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021dff0000000000000000000000000000e95d1f470fc1ec22d6baa3a3d5c3020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 68
# order = 0
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3081f73081b806072a8648ce3d02013081ac020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34020100020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 69
# order = 1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3081f73081b806072a8648ce3d02013081ac020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34020101020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 70
# order = 6277101735386680763835789423207665314073163949517624387909
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3082010f3081d006072a8648ce3d02013081c4020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021900ffffffffffffffffffffffffffff16a2e0b8f03e13dd2945020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 71
# generator = (0,0)
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb40439040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 72
# generator not on curve
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e36021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 73
# cofactor = -1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d0201ff033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 74
# cofactor = 0
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020100033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 75
# cofactor = 2
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020102033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 76
# cofactor =
# 26959946667150639794667015087019625940457807714424391721682722368061
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3082012f3081f006072a8648ce3d02013081e4020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 77
# cofactor = None
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201103081d106072a8648ce3d02013081c5020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 78
# modified prime
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00c123da0a46a971da9468161e61a5c71a02e6c9bdb3392f4016fb457b303c041c3edc25f5b9568e256b97e9e19e5a38e4fd1936424cc6d0bfe904ba83041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904000000000000000000285145f31ae4d40000000000000000000003387edad63d1a600740ce66b6f04d67ed06ea1a75c16294336ed05b3fa3021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004000000000000000000285145f31ae4d40000000000000000000003387edad63d1a600740ce66b6f04d67ed06ea1a75c16294336ed05b3fa3
result = invalid
shared = 3de0a5036fcde544c72cbe33cedb8709549bc3b6a4d750ee0de4c80d
curve = secp224r1
# The modulus of the public key has been modified. The public point of the
# public key has been chosen so that it is both a point on both the curve of the
# modified public key and the private key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 79
# using secp256r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39
result = invalid
shared =
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 80
# using secp256k1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838
result = invalid
shared =
curve = secp224r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 81
# a = 0
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3081f83081b906072a8648ce3d02013081ad020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff0000000000000000000000013021040100041cd0d5e347a38ce5b6e1f47edddd8a223bca45d2015de76ec835a4df57043904a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
curve = secp224r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 82
# public key of order 3
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041ce7a362cacbe0cc77d95c4868c22f1ce547191f4636f26b9d2f25b07e041c95053dc7ca44618c27cb0f0e3b954a5019d10d9f08bce793755d8468043904800163296bbe35f54a8166d8452f80597d896f35afba33534b910bc63cea6f440a6d313fd31252dfe2190188e99481950dc117d9a1aed088021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004800163296bbe35f54a8166d8452f80597d896f35afba33534b910bc6c31590bbf592cec02cedad201de6fe76166b7e6af23ee8265e512f79
result = invalid
shared = 67b3a42a01e4a4d6277d9348a280c0b5534c299908d9b10afb7365ab
curve = secp224r1
# The vector contains a weak public key. The curve is not a named curve, the
# public key point has order 3 and has been chosen to be on the same curve as
# the private key. This test vector is used to check ECC implementations for
# missing steps in the verification of the public key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 83
# Public key uses wrong curve: secp256r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ea36cf70fab75684eabe6569ce623db0deaa8c95f61c8be50b8b9f3eb7d4b9ec48d9e4814f4cb1c286589eaaa990d3f3238b2d6d6be964abfad964824b653376
result = invalid
shared =
curve = secp224r1
# tcId = 84
# Public key uses wrong curve: secp384r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3076301006072a8648ce3d020106052b81040022036200044b2470ad3d13269c10a17d222ebdffbd61fb04488db1b1d7caef8d4988b7bb8ba6d81857a05b255232b9e37a30e328bb9d9c42d86096f2bcee3d258cfe208d2fd03cbd5ccc6a3bb8ce4b0efa5b059b4afbd0377aa6e274721a57efe8ee85d86a
result = invalid
shared =
curve = secp224r1
# tcId = 85
# Public key uses wrong curve: secp521r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 30819b301006072a8648ce3d020106052b810400230381860004012841a2260f0f1f424865fef275374779bf0355720223f8ec6a9ba767b1603b492f58a6bba1705d882257bc6be1935de4411c5f1fdad44ec65ba8b97ce0e73e1ac90006937832a602147e37c1a42ca2a63629ffc9a35b31bfacb38c6242b42916125f7446b45c718f797259bc3011cb71e868560b331cf7d01139a0643443f9fd7306c1
result = invalid
shared =
curve = secp224r1
# tcId = 86
# Public key uses wrong curve: secp256k1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3056301006072a8648ce3d020106052b8104000a03420004c2199fecf75648c0e952dff143821fa4012b28f90435ce6ee54653687f969a76092a3844e17d478a594f43b28cc10a5c553b4f64906121031c3a79299c70dbd6
result = invalid
shared =
curve = secp224r1
# tcId = 87
# Public key uses wrong curve: brainpoolP224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3052301406072a8648ce3d020106092b2403030208010105033a00046caa3d6d86f792df7b29e41eb4203150f60f4fca10f57d0b2454abfb201f9f7e6dcbb92bdcfb9240dc86bcaeaf157c77bca22b2ec86ee8d6
result = invalid
shared =
curve = secp224r1
# tcId = 88
# Public key uses wrong curve: brainpoolP256r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 305a301406072a8648ce3d020106092b2403030208010107034200042750180012c3ba7489517d428e4826784e50b50ac42ef7991c61a396c03a52da5e74908ae8a89627a7c15e554b105b0ebaeebcfed10e3ea60223d0a8bc3b36ab
result = invalid
shared =
curve = secp224r1
# tcId = 89
# Public key uses wrong curve: brainpoolP320r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 306a301406072a8648ce3d020106092b2403030208010109035200045b523d3a8f20f6a569c6951e0b8de48d89e7549a184e8506820421c3e404473692cd248d7480843b911d87a87e401112fce0d3d2c36978cf6dd7f1d93bfaebe0827d4bf4006006d3202e842126fe1b68
result = invalid
shared =
curve = secp224r1
# tcId = 90
# Public key uses wrong curve: brainpoolP384r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 307a301406072a8648ce3d020106092b240303020801010b03620004449607c76c6dc7334c269a0ebab5beec83b6c263377ce06ef5c276f45a9916eff85f50438f5f32ced0210a6c414fe5e242c7c1070823f5395b35965bda6758acf84725f11ea836dda7d391fee91342026645241853224a437a6fb74e4cdc871f
result = invalid
shared =
curve = secp224r1
# tcId = 91
# Public key uses wrong curve: brainpoolP512r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 30819b301406072a8648ce3d020106092b240303020801010d038182000463e7a491240848e4f53ea5fb857d428c493053193e4b0b4f995ac8bf4c56276a507870131a384aa7e236c64cd7a049a1b37e40ad00c3b8a920dcbad6531616356ce1b6e6d96a7d1b693e25e5abd83ab560a3d764bcd49ec98a1b49421163bd5fc5a625f44c91eb4c2984d5a2e51e816ebdee8fbe08364bb14b7ac876990e64d9
result = invalid
shared =
curve = secp224r1
# tcId = 92
# Public key uses wrong curve: brainpoolP224t1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3052301406072a8648ce3d020106092b2403030208010106033a00047c592ecb8908355d1ebf8d59b3619275dbe3666209b72ced6a3c88740456ce61d6a84e0542d7cd10dd8804afb8c784d5dffd9480d8cfdc95
result = invalid
shared =
curve = secp224r1
# tcId = 93
# Public key uses wrong curve: brainpoolP256t1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 305a301406072a8648ce3d020106092b240303020801010803420004746226a3e005c37ede51828d3375ef91ebd0ff719a380af69d7dfd131b42a3e8917d4a4d573872935a74d1040f1c47d25d6b26f4156cccdcdc11833b9cde433a
result = invalid
shared =
curve = secp224r1
# tcId = 94
# Public key uses wrong curve: brainpoolP320t1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 306a301406072a8648ce3d020106092b240303020801010a035200043298b36825c7bd90ab5157b913d40bbfd732a0de0557e02a2c65a0c223e9a65d62c32462040dd6fe578103023c831caff122c1ed4b8ff7373fa2f08d11c9f4c7f85f81802262ffed9bb82cb6d92eed2d
result = invalid
shared =
curve = secp224r1
# tcId = 95
# Public key uses wrong curve: brainpoolP384t1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 307a301406072a8648ce3d020106092b240303020801010c036200043af2849b981f7e5e6ab936e6abb4f206c1fd5561998df8008bfe98d84173c9f2301cdbd5bffc569c0b5a57ce2a8f4d640f1816475fc6043baa8e5a3453bf327b54cb29c7e54a5f31348969aa94615094dbcd1a8e5c2d630465e45fc556c02194
result = invalid
shared =
curve = secp224r1
# tcId = 96
# Public key uses wrong curve: brainpoolP512t1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 30819b301406072a8648ce3d020106092b240303020801010e038182000453d2506047e72af6d98558e1633ecb7e6a05c37861cd3289455cf41bfbf1703f2e9a83052b8eca7d84cba2f001abd8b978f68b69ed6bd874755c44d347fe302c5760b2078c56b24ebd0dcd99f26b8f8a23044b3767a3d2a306587687a7b00668974674edbf18c3db2f3473a97ee77065fdcdd1a9aa053716a4c504f3d18b9170
result = invalid
shared =
curve = secp224r1
# tcId = 97
# invalid public key
private = 0fc28a0ca0f8e36b0d4f71421845135a22aef543b9fddf8c775b2d18f
public = 3032301006072a8648ce3d020106052b81040021031e00020ca753db5ddeca474241f8d2dafc0844343fd0e37eded2f0192d51b2
result = invalid
shared =
curve = secp224r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
[curve = secp256r1]
[encoding = asn]
# tcId = 98
# normal case
private = 612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000462d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f26ac333a93a9e70a81cd5a95b5bf8d13990eb741c8c38872b4a07d275a014e30cf
result = valid
shared = 53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285
curve = secp256r1
# tcId = 99
# compressed public key
private = 612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346
public = 3039301306072a8648ce3d020106082a8648ce3d0301070322000362d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f26
result = acceptable
shared = 53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 100
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000458fd4168a87795603e2b04390285bdca6e57de6027fe211dd9d25e2212d29e62080d36bd224d7405509295eed02a17150e03b314f96da37445b0d1d29377d12c
result = valid
shared = 0000000000000000000000000000000000000000000000000000000000000000
curve = secp256r1
# tcId = 101
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040f6d20c04261ecc3e92846acad48dc8ec5ee35ae0883f0d2ea71216906ee1c47c042689a996dd12830ae459382e94aac56b717af2e2080215f9e41949b1f52be
result = valid
shared = 00000000000000000000000000000000ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 102
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400c7defeb1a16236738e9a1123ba621bc8e9a3f2485b3f8ffde7f9ce98f5a8a1cb338c3912b1792f60c2b06ec5231e2d84b0e596e9b76d419ce105ece3791dbc
result = valid
shared = 0000000000000000ffffffffffffffff00000000000000010000000000000001
curve = secp256r1
# tcId = 103
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004e9b98fb2c0ac045f8c76125ffd99eb8a5157be1d7db3e85d655ec1d8210288cf218df24fd2c2746be59df41262ef3a97d986744b2836748a7486230a319ffec0
result = valid
shared = 00000000ffffffff00000000ffffffff00000000ffffffff0000000100000000
curve = secp256r1
# tcId = 104
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004e9484e58f3331b66ffed6d90cb1c78065fa28cfba5c7dd4352013d3252ee4277bd7503b045a38b4b247b32c59593580f39e6abfa376c3dca20cf7f9cfb659e13
result = valid
shared = 000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff
curve = secp256r1
# tcId = 105
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004767d7fbb84aa6a4db1079372644e42ecb2fec200c178822392cb8b950ffdd0c91c86853cafd09b52ba2f287f0ebaa26415a3cfabaf92c6a617a19988563d9dea
result = valid
shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010001
curve = secp256r1
# tcId = 106
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004c74d546f2fcc6dd392f85e5be167e358de908756b0c0bb01cb69d864ca083e1c93f959eece6e10ee11bd3934207d65ae28af68b092585a1509260eceb39b92ef
result = valid
shared = 085ec5a4af40176b63189069aeffcb229c96d3e046e0283ed2f9dac21b15ad3c
curve = secp256r1
# tcId = 107
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000434fc9f1e7a094cd29598d1841fa9613dbe82313d633a51d63fb6eff074cc9b9a4ecfd9f258c5c4d4210b49751213a24c596982bd1d54e0445443f21ef15492a5
result = valid
shared = 190c25f88ad9ae3a098e6cffe6fd0b1bea42114eb0cedd5868a45c5fe277dff3
curve = secp256r1
# tcId = 108
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004d5c96efd1907fd48de2ad715acf82eae5c6690fe3efe16a78d61c68d3bfd10df03eac816b9e7b776192a3f5075887c0e225617505833ca997cda32fd0f673c5e
result = valid
shared = 507442007322aa895340cba4abc2d730bfd0b16c2c79a46815f8780d2c55a2dd
curve = secp256r1
# tcId = 109
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004f475f503a770df72c45aedfe42c008f59aa57e72b232f26600bdd0353957cb20bdb8f6405b4918050a3549f44c07a8eba820cdce4ece699888c638df66f54f7c
result = valid
shared = 5f177bfe19baaaee597e68b6a87a519e805e9d28a70cb72fd40f0fe5a754ba45
curve = secp256r1
# tcId = 110
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004f3cb6754b7e2a86d064dfb9f903185aaa4c92b481c2c1a1ff276303bbc4183e49c318599b0984c3563df339311fe143a7d921ee75b755a52c6f804f897b809f7
result = valid
shared = 7fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff
curve = secp256r1
# tcId = 111
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cce13fbdc96a946dfb8c6d9ed762dbd1731630455689f57a437fee124dd54cecaef78026c653030cf2f314a67064236b0a354defebc5e90c94124e9bf5c4fc24
result = valid
shared = 8000000000000000000000000000000000000000000000000000000000000004
curve = secp256r1
# tcId = 112
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047633dfd0ad06765097bc11bd5022b200df31f28c4ff0625421221ac7eeb6e6f4cb9c67693609ddd6f92343a5a1c635408240f4f8e27120c12554c7ff8c76e2fe
result = valid
shared = 8000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000000
curve = secp256r1
# tcId = 113
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004a386ace573f87558a68ead2a20088e3fe928bdae9e109446f93a078c15741f0421261e6db2bf12106e4c6bf85b9581b4c0302a526222f90abc5a549206b11011
result = valid
shared = ff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff
curve = secp256r1
# tcId = 114
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048e7b50f7d8c44d5d3496c43141a502f4a43f153d03ad43eda8e39597f1d477b8647f3da67969b7f989ff4addc393515af40c82085ce1f2ee195412c6f583774f
result = valid
shared = ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff
curve = secp256r1
# tcId = 115
# edge case for shared secret
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004c827fb930fd51d926086191b502af83abb5f717debc8de29897a3934b2571ca05990c0597b0b7a2e42febd56b13235d1d408d76ed2c93b3facf514d902f6910a
result = valid
shared = ffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff
curve = secp256r1
# tcId = 116
# y-coordinate of the public key is small
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200043cbc1b31b43f17dc200dd70c2944c04c6cb1b082820c234a300b05b7763844c74fde0a4ef93887469793270eb2ff148287da9265b0334f9e2609aac16e8ad503
result = valid
shared = 7fffffffffffffffffffffffeecf2230ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 117
# y-coordinate of the public key is small
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200042830d96489ae24b79cad425056e82746f9e3f419ab9aa21ca1fbb11c7325e7d318abe66f575ee8a2f1c4a80e35260ae82ad7d6f661d15f06967930a585097ef7
result = valid
shared = 000000000000000000000000111124f400000000000000000000000000000000
curve = secp256r1
# tcId = 118
# y-coordinate of the public key is small
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004450b6b6e2097178e9d2850109518d28eb3b6ded2922a5452003bc2e4a4ec775c894e90f0df1b0e6cadb03b9de24f6a22d1bd0a4a58cd645c273cae1c619bfd61
result = valid
shared = 000000000000000000000001ea77d449ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 119
# y-coordinate of the public key is large
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200043cbc1b31b43f17dc200dd70c2944c04c6cb1b082820c234a300b05b7763844c7b021f5b006c778ba686cd8f14d00eb7d78256d9b4fccb061d9f6553e91752afc
result = valid
shared = 7fffffffffffffffffffffffeecf2230ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 120
# y-coordinate of the public key is large
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200042830d96489ae24b79cad425056e82746f9e3f419ab9aa21ca1fbb11c7325e7d3e754198fa8a1175e0e3b57f1cad9f517d528290a9e2ea0f96986cf5a7af68108
result = valid
shared = 000000000000000000000000111124f400000000000000000000000000000000
curve = secp256r1
# tcId = 121
# y-coordinate of the public key is large
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004450b6b6e2097178e9d2850109518d28eb3b6ded2922a5452003bc2e4a4ec775c76b16f0e20e4f194524fc4621db095dd2e42f5b6a7329ba3d8c351e39e64029e
result = valid
shared = 000000000000000000000001ea77d449ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 122
# y-coordinate of the public key has many trailing 1's
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200049a0f0e3dd31417bbd9e298bc068ab6d5c36733af26ed67676f410c804b8b2ca1b02c82f3a61a376db795626e9400557112273a36cddb08caaa43953965454730
result = valid
shared = 7fffffffffffffffffffffffca089011ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 123
# y-coordinate of the public key has many trailing 1's
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048e5d22d5e53ec797c55ecd68a08a7c3361cd99ca7fad1a68ea802a6a4cb58a918ea7a07023ef67677024bd3841e187c64b30a30a3750eb2ee873fbe58fa1357b
result = valid
shared = 0000000000000000000000001f6bd1e500000000000000000000000000000000
curve = secp256r1
# tcId = 124
# y-coordinate of the public key has many trailing 1's
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004293aa349b934ab2c839cf54b8a737df2304ef9b20fa494e31ad62b315dd6a53c118182b85ef466eb9a8e87f9661f7d017984c15ea82043f536d1ee6a6d95b509
result = valid
shared = 000000000000000000000002099f55d5ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 125
# y-coordinate of the public key has many trailing 0's
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200049a0f0e3dd31417bbd9e298bc068ab6d5c36733af26ed67676f410c804b8b2ca14fd37d0b59e5c893486a9d916bffaa8eedd8c5ca3224f73555bc6ac69abab8cf
result = valid
shared = 7fffffffffffffffffffffffca089011ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 126
# y-coordinate of the public key has many trailing 0's
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048e5d22d5e53ec797c55ecd68a08a7c3361cd99ca7fad1a68ea802a6a4cb58a9171585f8edc1098998fdb42c7be1e7839b4cf5cf6c8af14d1178c041a705eca84
result = valid
shared = 0000000000000000000000001f6bd1e500000000000000000000000000000000
curve = secp256r1
# tcId = 127
# y-coordinate of the public key has many trailing 0's
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004293aa349b934ab2c839cf54b8a737df2304ef9b20fa494e31ad62b315dd6a53cee7e7d46a10b99156571780699e082fe867b3ea257dfbc0ac92e1195926a4af6
result = valid
shared = 000000000000000000000002099f55d5ffffffffffffffffffffffffffffffff
curve = secp256r1
# tcId = 128
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000000000000000000000000000000000000000000000066485c780e2f83d72433bd5d84a06bb6541c2af31dae871728bf856a174f93f4
result = valid
shared = cfe4077c8730b1c9384581d36bff5542bc417c9eff5c2afcb98cc8829b2ce848
curve = secp256r1
# tcId = 129
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000ffffffffffffffffffffffffffffffff4f2b92b4c596a5a47f8b041d2dea6043021ac77b9a80b1343ac9d778f4f8f733
result = valid
shared = 49ae50fe096a6cd26698b78356b2c8adf1f6a3490f14e364629f7a0639442509
curve = secp256r1
# tcId = 130
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000ffffffffffffffff0000000000000001000000000000000138120be6ab31edfa34768c4387d2f84fb4b0be8a9a985864a1575f4436bb37b0
result = valid
shared = 5a1334572b2a711ead8b4653eb310cd8d9fd114399379a8f6b872e3b8fdda2d9
curve = secp256r1
# tcId = 131
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000ffffffff00000000ffffffff00000000ffffffff0000000100000000462c0466e41802238d6c925ecbefc747cfe505ea196af9a2d11b62850fce946e
result = valid
shared = c73755133b6b9b4b2a00631cbc7940ecbe6ec08f20448071422e3362f2556888
curve = secp256r1
# tcId = 132
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff1582fa32e2d4a89dfcfb3d0b149f667dba3329490f4d64ee2ad586c0c9e8c508
result = valid
shared = 06fa1059935e47a9fd667e13f469614eb257cc9a7e3fc599bfb92780d59b146d
curve = secp256r1
# tcId = 133
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010001684c8a9586ed6f9cbe447058a7da2108bab1e5e0a60d1f73e4e2e713f0a3dfe0
result = valid
shared = f237df4c10bd3e357971bb2b16b293566b7e355bdc8141d6c92cabc682983c45
curve = secp256r1
# tcId = 134
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004085ec5a4af40176b63189069aeffcb229c96d3e046e0283ed2f9dac21b15ad3c7859f97cb6e203f46bf3438f61282325e94e681b60b5669788aeb0655bf19d38
result = valid
shared = d874b55678d0a04d216c31b02f3ad1f30c92caaf168f34e3a743356d9276e993
curve = secp256r1
# tcId = 135
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004190c25f88ad9ae3a098e6cffe6fd0b1bea42114eb0cedd5868a45c5fe277dff321b8342ef077bc6724112403eaee5a15b4c31a71589f02ded09cd99cc5db9c83
result = valid
shared = 11a8582057463fc76fda3ab8087eb0a420b0d601bb3134165a369646931e52a6
curve = secp256r1
# tcId = 136
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004507442007322aa895340cba4abc2d730bfd0b16c2c79a46815f8780d2c55a2dd4619d69f9940f51663aa12381bc7cf678bd1a72a49fbc11b0b69cb22d1af9f2d
result = valid
shared = 4e173a80907f361fe5a5d335ba7685d5eba93e9dfc8d8fcdb1dcd2d2bde27507
curve = secp256r1
# tcId = 137
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200045f177bfe19baaaee597e68b6a87a519e805e9d28a70cb72fd40f0fe5a754ba4562ca1103f70a2006cd1f67f5f6a3580b29dc446abc90e0e910c1e05a9aa788cd
result = valid
shared = 73220471ec8bad99a297db488a34a259f9bc891ffaf09922e6b5001f5df67018
curve = secp256r1
# tcId = 138
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff2e2213caf03033e0fd0f7951154f6e6c3a9244a72faca65e9ce9eeb5c8e1cea9
result = valid
shared = 55d0a203e22ffb523c8d2705060cee9d28308b51f184beefc518cff690bad346
curve = secp256r1
# tcId = 139
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000480000000000000000000000000000000000000000000000000000000000000042be8789db81bb4870a9e60c5c18c80c83de464277281f1af1e640843a1a3148e
result = valid
shared = 2518d846e577d95e9e7bc766cde7997cb887fb266d3a6cb598a839fd54aa2f4f
curve = secp256r1
# tcId = 140
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000000722540f8a471c379083c600b58fde4d95c7dcad5095f4219fc5e9bdde3c5cd39
result = valid
shared = bdb49f4bdf42ac64504e9ce677b3ec5c0a03828c5b3efad726005692d35c0f26
curve = secp256r1
# tcId = 141
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff5df80fc6cae26b6c1952fbd00ed174ee1209d069335f5b48588e29e80b9191ad
result = valid
shared = f503ac65637e0f17cb4408961cb882c875e4c6ef7a548d2d52d8c2f681838c55
curve = secp256r1
# tcId = 142
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff2c63650e6a5d332e2987dd09a79008e8faabbd37e49cb016bfb92c8cd0f5da77
result = valid
shared = e3c18e7d7377dc540bc45c08d389bdbe255fa80ca8faf1ef6b94d52049987d21
curve = secp256r1
# tcId = 143
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff7a116c964a4cd60668bf89cffe157714a3ce21b93b3ca607c8a5b93ac54ffc0a
result = valid
shared = 516d6d329b095a7c7e93b4023d4d05020c1445ef1ddcb3347b3a27d7d7f57265
curve = secp256r1
# tcId = 144
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fffffffffffffffffffffffeecf2230ffffffffffffffffffffffffffffffff00000001c7c30643abed0af0a49fe352cb483ff9b97dccdf427c658e8793240d
result = valid
shared = 6fd26661851a8de3c6d06f834ef3acb8f2a5f9c136a985ffe10d5eeb51edcfa3
curve = secp256r1
# tcId = 145
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fffffffffffffffffffffffeecf2230fffffffffffffffffffffffffffffffffffffffd383cf9bd5412f50f5b601cad34b7c00746823320bd839a71786cdbf2
result = valid
shared = 6fd26661851a8de3c6d06f834ef3acb8f2a5f9c136a985ffe10d5eeb51edcfa3
curve = secp256r1
# tcId = 146
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fffffffffffffffffffffffca089011ffffffffffffffffffffffffffffffff267bfdf8a61148decd80283732dd4c1095e4bb40b9658408208dc1147fffffff
result = valid
shared = 44236c8b9505a19d48774a3903c0292759b0f826e6ac092ff898d87e53d353fc
curve = secp256r1
# tcId = 147
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fffffffffffffffffffffffca089011ffffffffffffffffffffffffffffffffd984020659eeb722327fd7c8cd22b3ef6a1b44c0469a7bf7df723eeb80000000
result = valid
shared = 44236c8b9505a19d48774a3903c0292759b0f826e6ac092ff898d87e53d353fc
curve = secp256r1
# tcId = 148
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000000111124f4000000000000000000000000000000000000000d12d381b0760b1c50be8acf859385052c7f53cde67ce13759de3123a0
result = valid
shared = f1f0e43b374feb7e7f96d4ffe7519fa8bb6c3cfd25f6f87dab2623d2a2d33851
curve = secp256r1
# tcId = 149
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000000111124f400000000000000000000000000000000fffffff1ed2c7e5089f4e3af4175307a6c7afad480ac3219831ec8a621cedc5f
result = valid
shared = f1f0e43b374feb7e7f96d4ffe7519fa8bb6c3cfd25f6f87dab2623d2a2d33851
curve = secp256r1
# tcId = 150
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000000000001f6bd1e5000000000000000000000000000000004096edd6871c320cb8a9f4531751105c97b4c257811bbc32963eaf39ffffffff
result = valid
shared = 3ebbace1098a81949d5605dd94a7aa88dc396c2c23e01a9c8cca5bb07bfbb6a1
curve = secp256r1
# tcId = 151
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000000000001f6bd1e500000000000000000000000000000000bf69122878e3cdf447560bace8aeefa3684b3da97ee443cd69c150c600000000
result = valid
shared = 3ebbace1098a81949d5605dd94a7aa88dc396c2c23e01a9c8cca5bb07bfbb6a1
curve = secp256r1
# tcId = 152
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000001ea77d449ffffffffffffffffffffffffffffffff000000007afbc0b325e820646dec622fb558a51c342aa257f4b6a8ec5ddf144f
result = valid
shared = 1b085213a9c89d353e1111af078c38c502b7b4771efba51f589b5be243417bdc
curve = secp256r1
# tcId = 153
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000001ea77d449fffffffffffffffffffffffffffffffffffffffe85043f4dda17df9b92139dd04aa75ae4cbd55da80b495713a220ebb0
result = valid
shared = 1b085213a9c89d353e1111af078c38c502b7b4771efba51f589b5be243417bdc
curve = secp256r1
# tcId = 154
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000002099f55d5ffffffffffffffffffffffffffffffff152c1a22d823a27855ed03f8e2ab5038bb1df4d87e43865f2daf6948ffffffff
result = valid
shared = 67cb63566c7ceb12fdd85ce9d2f77c359242bbaa0ea1bf3cf510a4a26591d1f1
curve = secp256r1
# tcId = 155
# edge cases for ephemeral key
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000002099f55d5ffffffffffffffffffffffffffffffffead3e5dc27dc5d88aa12fc071d54afc744e20b2881bc79a0d25096b700000000
result = valid
shared = 67cb63566c7ceb12fdd85ce9d2f77c359242bbaa0ea1bf3cf510a4a26591d1f1
curve = secp256r1
# tcId = 156
# edge case private key
private = 3
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 85a0b58519b28e70a694ec5198f72c4bfdabaa30a70f7143b5b1cd7536f716ca
curve = secp256r1
# tcId = 157
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = a329a7d80424ea2d6c904393808e510dfbb28155092f1bac284dceda1f13afe5
curve = secp256r1
# tcId = 158
# edge case private key
private = 100000000000000000000000000000000000000000000000000000000000000
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = bd26d0293e8851c51ebe0d426345683ae94026aca545282a4759faa85fde6687
curve = secp256r1
# tcId = 159
# edge case private key
private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = ea9350b2490a2010c7abf43fb1a38be729a2de375ea7a6ac34ff58cc87e51b6c
curve = secp256r1
# tcId = 160
# edge case private key
private = 08000000000000000000000000000000000000000000000000000000000000000
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 34eed3f6673d340b6f716913f6dfa36b5ac85fa667791e2d6a217b0c0b7ba807
curve = secp256r1
# tcId = 161
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e83f3b9cac2fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 1354ce6692c9df7b6fc3119d47c56338afbedccb62faa546c0fe6ed4959e41c3
curve = secp256r1
# tcId = 162
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3a9cac2fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = fe7496c30d534995f0bf428b5471c21585aaafc81733916f0165597a55d12cb4
curve = secp256r1
# tcId = 163
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b1cac2fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 348bf8042e4edf1d03c8b36ab815156e77c201b764ed4562cfe2ee90638ffef5
curve = secp256r1
# tcId = 164
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac1fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 6e4ec5479a7c20a537501700484f6f433a8a8fe53c288f7a25c8e8c92d39e8dc
curve = secp256r1
# tcId = 165
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6324f3
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = f7407d61fdf581be4f564621d590ca9b7ba37f31396150f9922f1501da8c83ef
curve = secp256r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 166
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632533
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 82236fd272208693e0574555ca465c6cc512163486084fa57f5e1bd2e2ccc0b3
curve = secp256r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 167
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632543
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 06537149664dba1a9924654cb7f787ed224851b0df25ef53fcf54f8f26cd5f3f
curve = secp256r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 168
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254b
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = f2b38539bce995d443c7bfeeefadc9e42cc2c89c60bf4e86eac95d51987bd112
curve = secp256r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 169
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 85a0b58519b28e70a694ec5198f72c4bfdabaa30a70f7143b5b1cd7536f716ca
curve = secp256r1
# tcId = 170
# edge case private key
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 027b013a6f166db655d69d643c127ef8ace175311e667dff2520f5b5c75b7659
curve = secp256r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 171
# CVE-2017-8932
private = 2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882eaf93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad
result = valid
shared = 4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3
curve = secp256r1
# tcId = 172
# CVE-2017-8932
private = 313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031
result = valid
shared = 831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991
curve = secp256r1
# tcId = 173
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp256r1
# tcId = 174
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp256r1
# tcId = 175
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000000000000000000000000000000000000000000000000000ffffffff00000001000000000000000000000000fffffffffffffffffffffffe
result = invalid
shared =
curve = secp256r1
# tcId = 176
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000000000000000000000000000000000000000000000000000ffffffff00000001000000000000000000000000ffffffffffffffffffffffff
result = invalid
shared =
curve = secp256r1
# tcId = 177
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp256r1
# tcId = 178
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp256r1
# tcId = 179
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000000000000000000000000000000000000000000000000001ffffffff00000001000000000000000000000000fffffffffffffffffffffffe
result = invalid
shared =
curve = secp256r1
# tcId = 180
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000000000000000000000000000000000000000000000000001ffffffff00000001000000000000000000000000ffffffffffffffffffffffff
result = invalid
shared =
curve = secp256r1
# tcId = 181
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000fffffffffffffffffffffffe0000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp256r1
# tcId = 182
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000fffffffffffffffffffffffe0000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp256r1
# tcId = 183
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000fffffffffffffffffffffffeffffffff00000001000000000000000000000000fffffffffffffffffffffffe
result = invalid
shared =
curve = secp256r1
# tcId = 184
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000fffffffffffffffffffffffeffffffff00000001000000000000000000000000ffffffffffffffffffffffff
result = invalid
shared =
curve = secp256r1
# tcId = 185
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000ffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp256r1
# tcId = 186
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000ffffffffffffffffffffffff0000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp256r1
# tcId = 187
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000001000000000000000000000000fffffffffffffffffffffffe
result = invalid
shared =
curve = secp256r1
# tcId = 188
# point is not on curve
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000ffffffffffffffffffffffffffffffff00000001000000000000000000000000ffffffffffffffffffffffff
result = invalid
shared =
curve = secp256r1
# tcId = 189
private = 7e4aa54f714bf01df85c50269bea3a86721f84afe74f7b41ea58abcf3474e88d
public = 3018301306072a8648ce3d020106082a8648ce3d030107030100
result = invalid
shared =
curve = secp256r1
# tcId = 190
# public point not on curve
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764c
result = invalid
shared =
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 191
# public point = (0,0)
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 192
# order =
# -115792089210356248762697446949407573529996955224135760342422259061068512044369
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f50221ff00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 193
# order = 0
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5020100020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 194
# order = 1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5020101020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 195
# order = 26959946660873538060741835960514744168612397095220107664918121663170
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5021d00ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 196
# generator = (0,0)
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b04410400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 197
# generator not on curve
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f7022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 198
# cofactor = -1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510201ff034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 199
# cofactor = 0
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020100034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 200
# cofactor = 2
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020102034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 201
# cofactor =
# 115792089210356248762697446949407573529996955224135760342422259061068512044369
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201553082010d06072a8648ce3d020130820100020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 202
# cofactor = None
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 203
# modified prime
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200e8bbc1453044042002f6efa55976c9cb06ff16bb629c0a8d4d5143b40084b1a1cc0e4dff17443eb704205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441040000000000000000000006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200040000000000000000000006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414
result = invalid
shared = cea0fbd8f20abc8cf8127c132e29756d25ff1530a88bf5c9e22dc1c137c36be9
curve = secp256r1
# The modulus of the public key has been modified. The public point of the
# public key has been chosen so that it is both a point on both the curve of the
# modified public key and the private key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 204
# using secp224r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf
result = invalid
shared =
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 205
# using secp256k1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838
result = invalid
shared =
curve = secp256r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 206
# a = 0
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201143081cd06072a8648ce3d02013081c1020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff302504010004201b95c2f46065dbf0f3ff09153e4748ed71595e0774ba8e25c364ff1e6be039b70441041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
curve = secp256r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 207
# public key of order 3
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff3044042088f968f8b8adf746eae719daaf7f0be1fc5d667dfb46ea9a27f07439dc16dbca04203dc16cfd72abe9f378c266bdbb025f9e8bd6d190d1ad2b49cf5119898cc9b7d7044104a02ae980056ae0bc81f8d227199342e8b041b4d6da0a439d15f565ee0e3306a5057b711931020c3e733d16ae731d452bbe420fde1306cf66c9f1f50cae9bc3f4022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63255102010103420004a02ae980056ae0bc81f8d227199342e8b041b4d6da0a439d15f565ee0e3306a5fa848ee5cefdf3c28cc2e9518ce2bad441bdf022ecf93099360e0af351643c0b
result = invalid
shared = 71814dea44408d67199600f603e6ec814dad46383b21af98d4dcb9ff2326721c
curve = secp256r1
# The vector contains a weak public key. The curve is not a named curve, the
# public key point has order 3 and has been chosen to be on the same curve as
# the private key. This test vector is used to check ECC implementations for
# missing steps in the verification of the public key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 208
# Public key uses wrong curve: secp224r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 304e301006072a8648ce3d020106052b81040021033a00042af270d2a6030e3dd38cc46e7d719f176c2ca4eb04d7e8b84290c8edbcaed964ebe226b2d7ce17251622804c0d3b7adce020a3cdc97cac6c
result = invalid
shared =
curve = secp256r1
# tcId = 209
# Public key uses wrong curve: secp384r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3076301006072a8648ce3d020106052b81040022036200041f17901e731b06f349b6e9d7d17d45e8a2b46115a47485be16197932db87b39405b5c941b36fd61b9ef7dd20878e129e55a2277099c601dcdb3747f80ad6e166116378e1ebce2c95744a0986128cfeeaac7f90b71787d9a1cfe417cd4c8f6af5
result = invalid
shared =
curve = secp256r1
# tcId = 210
# Public key uses wrong curve: secp521r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 30819b301006072a8648ce3d020106052b81040023038186000400ed76e5888428fad409ff203ab298b0f24827c091939ae0f9b1245d865ac5fbcd2749f9ae6c90fa8e29414d1bc7dc7b3c4aca904cd824484421cc66fe6af43bdfd200c1f790a0b3ae994937f91b6bdb9778b08c83ecadb8cba22a78c37bf565dac164f18e719be0ef890ee5cbf20e17fcfc9a5585e5416470b9862f82fb769339994f4e
result = invalid
shared =
curve = secp256r1
# tcId = 211
# Public key uses wrong curve: secp256k1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3056301006072a8648ce3d020106052b8104000a034200048028d16082b07696d4aa4aab9d6b1f1463435ac097900631108f9888e13da67c4841fd8dd3ced6e7ad8c6fc656621c2f93d3db0eb29d48d1423154519865dbc1
result = invalid
shared =
curve = secp256r1
# tcId = 212
# Public key uses wrong curve: brainpoolP224r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3052301406072a8648ce3d020106092b2403030208010105033a0004a6bae3d155c1f9ca263928c986ede69acefd0dd9b3a19d2b9f4b0a3a66bea5d167318dcc028945fc1b40c60ce716ba2d414a743c6b856a6f
result = invalid
shared =
curve = secp256r1
# tcId = 213
# Public key uses wrong curve: brainpoolP256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 305a301406072a8648ce3d020106092b2403030208010107034200045d3ddbbb9bc071d8b59855c74bdf3541ae4cb6c1a24ec439034df7abde16a346523edf6a67896b304cb2cd2a083eec2b16935bbc910e85ec6eae38b50230bf70
result = invalid
shared =
curve = secp256r1
# tcId = 214
# Public key uses wrong curve: brainpoolP320r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 306a301406072a8648ce3d020106092b240303020801010903520004a43c6ef2500723d54c1fc88f8844d83445ca5a0f585c10b8eb3f022d47d0e84862b7f5cbf97d352d4348ca730f600f2258d1d192da223f6ba83a7cc0d6da598d55c2b77824d326c8df000b8fff156d2c
result = invalid
shared =
curve = secp256r1
# tcId = 215
# Public key uses wrong curve: brainpoolP384r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 307a301406072a8648ce3d020106092b240303020801010b036200042391c062833d1e6d89ec256cf4a3989534c1ead5e1e14ffae933a53f962857e4713087e1b3d65ac79634c71577af24698b5ce959183835551f7b08aef7853378c299930b360813fd58d5e4da8b37d5a7473e891ee11cb02881bd848b364fb7d5
result = invalid
shared =
curve = secp256r1
# tcId = 216
# Public key uses wrong curve: brainpoolP512r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 30819b301406072a8648ce3d020106092b240303020801010d038182000484beae85096640953c1fd6ebbc32697263d53f89943cbaf14432061aea8c0318acbd9389ab1d2e904fa0e081d08cfabb614ed9bca618211142d94623c14b476a25e47abf98fd3b1da1417dfc2e2cfc8424b16ea14dd45e1422be7d4e0a5cc7f4d4ab5f198cdbaaa3f642ec6361842cbe869382ee78cd596ff5e740d9ec2c3ad6
result = invalid
shared =
curve = secp256r1
# tcId = 217
# Public key uses wrong curve: brainpoolP224t1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3052301406072a8648ce3d020106092b2403030208010106033a00042b0a1a858ffc44e7752940731d378f96570837e279ea3948fe00cff8b5f89adb4e2fe6f8781ba6426364f4590b34dd79fc80629de4a86084
result = invalid
shared =
curve = secp256r1
# tcId = 218
# Public key uses wrong curve: brainpoolP256t1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 305a301406072a8648ce3d020106092b2403030208010108034200043037c01b4a5ac53742e3f5528dffb0f010ab6ebeb08d792b32e19e9006ca331a024b67698d7cf4b575ccd9389441d5c640b77c63771cef1bd85675361c6602a4
result = invalid
shared =
curve = secp256r1
# tcId = 219
# Public key uses wrong curve: brainpoolP320t1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 306a301406072a8648ce3d020106092b240303020801010a035200040f0fd972a495a140124a4019291a20f5b39fb755c126bf268643bb3091eca44f2a3cda1dead6ab1f4fe08a4b3872423f71e5bf96b1c20bc0ca73b7e2c134cc14a5f77bc838ebcf01084da3bf15663536
result = invalid
shared =
curve = secp256r1
# tcId = 220
# Public key uses wrong curve: brainpoolP384t1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 307a301406072a8648ce3d020106092b240303020801010c0362000403b65faf5a6bf74bd5c166278a4b566c6c705ac6363e61f3b0699e116d3c5b19e8b7021b75b005f78a8cea8de34c49397f9b3b2bfc8706eb8163c802371eff7dfc825c40aa84dd9d1c4b34615ee5ae28c6c05d58d2a8ccc3786382b712d3bcda
result = invalid
shared =
curve = secp256r1
# tcId = 221
# Public key uses wrong curve: brainpoolP512t1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 30819b301406072a8648ce3d020106092b240303020801010e03818200047504d660943a69ab043378e44c034896534a346e0e95f35fcaad3503b490856bfb20a753ecabc6d7bfeec28d057f919923b7d3c086953eb16c5bd287b59788db72dbb7c273854294c927ea7eca205aae2f0830e5faaddad8316231bfc3572c85c33cb7054e04c8936e3ce059c907e59f40593444e590b31820bc1f514ed0ec8a
result = invalid
shared =
curve = secp256r1
# tcId = 222
# invalid public key
private = 6f953faff3599e6c762d7f4cabfeed092de2add1df1bc5748c6cbb725cf35458
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002fd4bf61763b46581fd9174d623516cf3c81edd40e29ffa2777fb6cb0ae3ce535
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 223
# public key is a low order point on twist
private = 0d27edf0ff5b6b6b465753e7158370332c153b468a1be087ad0f490bdb99e5f02
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220003efdde3b32872a9effcf3b94cbf73aa7b39f9683ece9121b9852167f4e3da609b
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 224
# public key is a low order point on twist
private = 0d27edf0ff5b6b6b465753e7158370332c153b468a1be087ad0f490bdb99e5f03
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002efdde3b32872a9effcf3b94cbf73aa7b39f9683ece9121b9852167f4e3da609b
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 225
# public key is a low order point on twist
private = 095ead84540c2d027aa3130ff1b47888cc1ed67e8dda46156e71ce0991791e835
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002c49524b2adfd8f5f972ef554652836e2efb2d306c6d3b0689234cec93ae73db5
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 226
# public key is a low order point on twist
private = 0a8681ef67fb1f189647d95e8db00c52ceef6d41a85ba0a5bd74c44e8e62c8aa4
public = 3039301306072a8648ce3d020106082a8648ce3d0301070322000318f9bae7747cd844e98525b7ccd0daf6e1d20a818b2175a9a91e4eae5343bc98
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 227
# public key is a low order point on twist
private = 0a8681ef67fb1f189647d95e8db00c52ceef6d41a85ba0a5bd74c44e8e62c8aa5
public = 3039301306072a8648ce3d020106082a8648ce3d0301070322000218f9bae7747cd844e98525b7ccd0daf6e1d20a818b2175a9a91e4eae5343bc98
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 228
# public key is a low order point on twist
private = 095ead84540c2d027aa3130ff1b47888cc1ed67e8dda46156e71ce0991791e834
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220003c49524b2adfd8f5f972ef554652836e2efb2d306c6d3b0689234cec93ae73db5
result = invalid
shared =
curve = secp256r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
[curve = secp384r1]
[encoding = asn]
# tcId = 229
# normal case
private = 766e61425b2da9f846c09fc3564b93a6f8603b7392c785165bf20da948c49fd1fb1dee4edd64356b9f21c588b75dfd81
public = 3076301006072a8648ce3d020106052b8104002203620004790a6e059ef9a5940163183d4a7809135d29791643fc43a2f17ee8bf677ab84f791b64a6be15969ffa012dd9185d8796d9b954baa8a75e82df711b3b56eadff6b0f668c3b26b4b1aeb308a1fcc1c680d329a6705025f1c98a0b5e5bfcb163caa
result = valid
shared = 6461defb95d996b24296f5a1832b34db05ed031114fbe7d98d098f93859866e4de1e229da71fef0c77fe49b249190135
curve = secp384r1
# tcId = 230
# compressed public key
private = 766e61425b2da9f846c09fc3564b93a6f8603b7392c785165bf20da948c49fd1fb1dee4edd64356b9f21c588b75dfd81
public = 3046301006072a8648ce3d020106052b8104002203320002790a6e059ef9a5940163183d4a7809135d29791643fc43a2f17ee8bf677ab84f791b64a6be15969ffa012dd9185d8796
result = acceptable
shared = 6461defb95d996b24296f5a1832b34db05ed031114fbe7d98d098f93859866e4de1e229da71fef0c77fe49b249190135
curve = secp384r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 231
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004490e96d17f4c6ceccd45def408cea33e9704a5f1b01a3de2eaaa3409fd160d78d395d6b3b003d71fd1f590fad95bf1c9d8665efc2070d059aa847125c2f707435955535c7c5df6d6c079ec806dce6b6849d337140db7ca50616f9456de1323c4
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
curve = secp384r1
# tcId = 232
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200040161328909675213e32098d35a6b8308a8d500cca39dcee5e804e73bdb8deaf06fe417291fd9793b231ef5fe86945444a97a01f3ae3a8310c4af49b592cb291ef70ee5bc7f5534d3c23dc9eefde2304842c7737ae937ccf9bd215c28103e9fe2
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002
curve = secp384r1
# tcId = 233
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004af4ae964e3bcbd923accda5da3175d411fd62d17dd3c3a1c410bef1730985a6265d90e950ac0fc50743b1ed771906ff33b68cf4d3d83a885a87097fdd329ce83b189f98cec5be44c31d1a3a2bba10f471963232b8ba7610fa8c72179050eb86d
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003
curve = secp384r1
# tcId = 234
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200041478ab6e032b9545eda9ac2c264e57a11f08acbc76d16a0ab77b04dbdaf20f215c4183437b32afc471eaa603d14c7c5d8a4c84ee0e895bec5c37f0a1ca075e106ff6bf38801b5c697409d39675231108d33c4a5ea65aaa8c03e939c95d96c4c4
result = valid
shared = 0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff00000000000000010000000000000001
curve = secp384r1
# tcId = 235
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004f63208e34e7e90bb5fb036432467a89981444010663b8533b47bfa94bd2bc16f38aa516b930a4726e3876d3091bfb72ec783ed4da0cac06320817dc8bc64f59ccf06f48abc4386a150913fa95743a7b4601190e1c6ee8f8bf6354b254ecace45
result = valid
shared = 00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff
curve = secp384r1
# tcId = 236
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004033271ef42d92ad47b273b09ea2f45401161baa52696590d0e175ff2d1c0dfa3fea40e4266d446546c05e480d57fabec7889f16a8bcc176602f6d46561614a2f4284abe697b7cb9ce79f7e2e71b155cb1f155ce925d16391a680eda23152e6e1
result = valid
shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff
curve = secp384r1
# tcId = 237
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004737e8437e18683de2455b68945bba31daec3e754d72f0a0776d3192b2f9298bb95ca1464baa6687aabb679f804cf6ec6c2b4d47d61a60404df63b1e9ac0954b3419bbc2ad52a0409aeeb82f4703758588059165b20367dcb4b235b0caf71d727
result = valid
shared = 007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0008000
curve = secp384r1
# tcId = 238
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b810400220362000437f9004983156bbd9c47891e75237bb13016bd7fe6f4e0f71cef0e63f16a672f0d3b0e20165c33407e146b6a4ae6962dd3b57ccb99e7aaf1303240516d0ebe08e585513e3695d42c467dcab5340ef761990cadc8d8840aacc944481415c07feb
result = valid
shared = 3b5eed80727bcbc5113b8a9e4db1c81b1dddc2d99ff56d9c3c1054348913bde296311c4bd2fa899b4d0e66aaa1b6a0dd
curve = secp384r1
# tcId = 239
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200049655d8e5622718b317cfbc09894357f75a6b13fa516bcd6630721b869a620196cf0c3dec8860b32d27ed9bac2cf263af17321698116d7d811ae8da9b9cbbf9382c1e36e2b67d6c6af9bcea7d9de00ca72b398606c098a0a0f0c4b8941943ed65
result = valid
shared = 6a99a5acd4a7edb1c707d7f8be12e81140338e3e14ba563c703c681a319a3f9ce1f90f032bf840f3758e89cb852ceca6
curve = secp384r1
# tcId = 240
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004ccb13d427b3c4bb33dd4f20cddabc68600eaf97eeb2c81e8c218ae90743e74ff38ca56f0c0224379db464dcf4a40f04350cd7a659b2c4851a5dcf8c990fc920c07d4d5aa50a2185750e6b84c42e83cff635050482decb4780f812e4c49fc7404
result = valid
shared = 7c25a4f57f76ab13b25cab3c265db9d9bd925fecbf7bf93bef1308778646628decab067ed988a9755cd88e88de367104
curve = secp384r1
# tcId = 241
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200042664624307c02ef487030a632162c515f841d15ea3152d98ff2364232d7aab39343d5f703a4d5a31092aa7356c3a2f671c1cd603addfd8b5477552a3b32a18edaf3e33bec22ee2167f9da729636002a7974eaeb5ff082b2aabf8c7056b84c3ab
result = valid
shared = 7fffffe000000ffffffc000001ffffff8000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000002
curve = secp384r1
# tcId = 242
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004665f1f320b6ab1c1b52d144e52d87a154c2b4489838c9119de622c2d1b52b65b0a3955e44e0d4859175360c0f63dee813f14f69972f18caed7916c94a4d20ec344591e7536a4a7a4d8c9832818c96d60b1a81fabe64ea02c5f647e361bf5b60f
result = valid
shared = 800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002
curve = secp384r1
# tcId = 243
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b810400220362000491357ca87dbb08e85d7b1acecfd1e086078a82d19f81474da389364a39fe2543eb934b440173c38e61a1d9407855b5d89ef0d9e920764b6d7765b084cf9541dacc43d1dabaa390b0fb856097b0c00a8556f4e3848568ab4ae790c3d346ca01b6
result = valid
shared = fff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff
curve = secp384r1
# tcId = 244
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004d5a833bae33b2d10fdff6db7c5477adb614b191c70d97c6f130a14e93931cc1dc058053fee54a264a00fdd16d3166fdc42992276b79925bafcd183b03ed18235350980abfe67b814c6c11074c38f74cd4e734ad58cdb49d9fcd2181d1b8f1119
result = valid
shared = fffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000004000000
curve = secp384r1
# tcId = 245
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b810400220362000467547cda7fbe8f16be5a4477cbb02979f1af72fc0f39302773552fbcf4667a8e23abc0e12856ee6234deeca5f22ae0503a4df7c068e7432417260cb9fe0d68b9c7fcf7e16a2ada05687d8f8900b84723103edbff0a42b27517da2760b7d38843
result = valid
shared = ffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff
curve = secp384r1
# tcId = 246
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200041363e3b99008e09bb3f085949b9b6ea26a318f496de568a96630fdb9d4c72c2814df3087a1741f32f24989b428167f93c653cb3ae8c3ecfaec57efd54bb8ce9d79c7bf6cc70fb1114f939be8f1a99bf1e42b97431124ef9fa33450faa4e76839
result = valid
shared = ffffffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff0000000000000100000000000001
curve = secp384r1
# tcId = 247
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004ba2be8d7147e2417c2ec80b24b4c1aa94464ffd0aae1fa2e078b3afbc77c144489ca9d064acbb7a9cfa6196d0f467b7e65ee1ca1eb1351ff9968f553dfe2e4c59ff8ba34c22a42b3baa13a9a1adc7f13abd40f1fd25d46bc5330852b9371966a
result = valid
shared = ffffffffffffffffffffffffffffffff00000000000000000000000000000000ffffffffffffffffffffffffffffffff
curve = secp384r1
# tcId = 248
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004d69850ccbacc4736ea200ff2f8488f26247945a2ab48dd3708f494b293d8cba83417f48974881c7fb03854089bbf66cc1c773ec03cb8cd5f007ec3b03bdd05a409b352103f0decf25b41673ab8ca3d04334babee01219f15701f2bca22d40b37
result = valid
shared = fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe
curve = secp384r1
# tcId = 249
# y-coordinate of the public key has many trailing 0's
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200046fcaf82d982d222d6096ba83e55b1c7dcb71a41e88f323333f44284d95c4bd3616da7a1bef928f31c26f885ba7adb487826fde2ed9f5649c11cf8465f8bf8ad50f68914936fc39666f68219d066506bea4001fdc816c9a90e7e2afb19bea085f
result = valid
shared = 000000000000000000000000000000000000000000000000000000001f03123b00000000000000000000000000000000
curve = secp384r1
# tcId = 250
# y-coordinate of the public key has many trailing 1's
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b81040022036200046fcaf82d982d222d6096ba83e55b1c7dcb71a41e88f323333f44284d95c4bd3616da7a1bef928f31c26f885ba7adb4877d9021d1260a9b63ee307b9a0740752af0976eb6c903c6999097de62f99af9405bffe0227e93656f181d504f6415f7a0
result = valid
shared = 000000000000000000000000000000000000000000000000000000001f03123b00000000000000000000000000000000
curve = secp384r1
# tcId = 251
# y-coordinate of the public key is small
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004bfeb47fb40a65878e6b642f40b8e15022ade9ecfa8cb618043063494e2bc5d2df10d36f37869b58ef12dcc35e3982835fd2e55ec41fdfe8cabbbb7bcd8163645a19e9dac59630f3fe93b208094ff87cd461b53cef53482e70e2e8ea87200cc3f
result = valid
shared = 0000000000000000000000000000000000000000000000000000000036a2907c00000000000000000000000000000000
curve = secp384r1
# tcId = 252
# y-coordinate of the public key is large
private = 0a2b6442a37f8a3759d2cb91df5eca75b14f5a6766da8035cc1943b15a8e4ebb6025f373be334080f22ab821a3535a6a7
public = 3076301006072a8648ce3d020106052b8104002203620004bfeb47fb40a65878e6b642f40b8e15022ade9ecfa8cb618043063494e2bc5d2df10d36f37869b58ef12dcc35e398283502d1aa13be0201735444484327e9c9ba5e616253a69cf0c016c4df7f6b007831b9e4ac300acb7d18f1d171588dff33c0
result = valid
shared = 0000000000000000000000000000000000000000000000000000000036a2907c00000000000000000000000000000000
curve = secp384r1
# tcId = 253
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003cf99ef04f51a5ea630ba3f9f960dd593a14c9be39fd2bd215d3b4b08aaaf86bbf927f2c46e52ab06fb742b8850e521e
result = valid
shared = 6092a1757ddd43a04e185ff9472a0d18c7f7a7dc802f7e059e0c69ae16c802651719406e04de27652ff83da4a780ef2f
curve = secp384r1
# tcId = 254
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002732152442fb6ee5c3e6ce1d920c059bc623563814d79042b903ce60f1d4487fccd450a86da03f3e6ed525d02017bfdb3
result = valid
shared = 89c804cb81443386b185bcd9e2e6c35ee6177c3b90298985c4e81a89d520cceb17d729540e56ecc343c26bf314f2d052
curve = secp384r1
# tcId = 255
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000036660041b1c7984620e8d7fd7ccdb50cc3ba816da14d41a4d8affaba8488867f0ca5a24f8d42dd7e44b530a27dc5b58da
result = valid
shared = 35513157e804bd918d04de202778b81a6fc7ad8aa541ee94116a0f18466725d75e71c6942bf044b1b0ecba19db33e0de
curve = secp384r1
# tcId = 256
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200040000000000000000ffffffffffffffff0000000000000000ffffffffffffffff00000000000000010000000000000001141b9ee5310ea8170131b604484a6d677ed42576045b7143c026710ae92b277afbbea0c4458c220d561e69404dc7d888
result = valid
shared = 102080c047881d19aefb01c29c82a4fb328a8ea6e6d6c914af73100507c8ee499799aaa646de0ea8c2727c0b5ed2439b
curve = secp384r1
# tcId = 257
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b810400220362000400000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff70370385413d3eff6fa3407ba24f682c2b01b51445dbdf5ef7b0dd0979f17e713e09081571f1e94dfb66bf282002f39f
result = valid
shared = f689f6e475b4e15162521acab4637a3cdb9cb42aa92f9114b0ee300ddae89d5eafff3463a1f5004a2a1bd4aeffa47b78
curve = secp384r1
# tcId = 258
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff112e191f1f78bbc54b6cc4f0b1e59ae8c6ff1a07f5128e41dfa2828e1b6538d4fa2ca2394c6aab3449dcb3fc4eb44c09
result = valid
shared = f3486244119b3632fd55be9e6951eb5d9c8c62f6a27042f94b924155ecfd4ff8744ba3d25bcf85a7b925bd28a12b897f
curve = secp384r1
# tcId = 259
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0008000028a4c8da5a05112fe6025ef41908969de20d05d9668e5c852ef2d492172ddc2a0a622fc488164fcc1a076b872942af2
result = valid
shared = 8171b7c80d4c90bb58ae54393921ab9c5c0b3196f045e9fe5c8b168f0e5f6a77e1aa34ecedc5481ce55ab34c14e0f2e8
curve = secp384r1
# tcId = 260
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200043b5eed80727bcbc5113b8a9e4db1c81b1dddc2d99ff56d9c3c1054348913bde296311c4bd2fa899b4d0e66aaa1b6a0dd7b7f0f28d55e2f3a50f1f1bef3976834a05b43418e979303bc0363ed16d2d0b4011cc37b3c06ad73154faeab7915cd87
result = valid
shared = 1fe6fea5f00d3005abaae2267ff18e430915838d87909ab503885edf38be7618ecb321f0a4df71b0913fbf12c76fc1f0
curve = secp384r1
# tcId = 261
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200046a99a5acd4a7edb1c707d7f8be12e81140338e3e14ba563c703c681a319a3f9ce1f90f032bf840f3758e89cb852ceca63cf99ef04f51a5ea630ba3f9f960dd593a14c9be39fd2bd215d3b4b08aaaf86bbf927f2c46e52ab06fb742b8850e521e
result = valid
shared = f58adc13ff997d38383910db7befb17670393a33d95b049c2aa19d760c8e728ecedd32168476b90b26a3742dcc121b07
curve = secp384r1
# tcId = 262
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200047c25a4f57f76ab13b25cab3c265db9d9bd925fecbf7bf93bef1308778646628decab067ed988a9755cd88e88de367104562ee0c57e71d96cefe31b4c4045bd4086a38e8ab9adf2d5567be318051d70f3aa68b753f271ab032b6abcce919e2962
result = valid
shared = 56299684ec5ceb09ba4d94d1231005a826c9c08a5219c757e0136cbe8b6430badd4925172f2939891da7c7893850512f
curve = secp384r1
# tcId = 263
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200047fffffe000000ffffffc000001ffffff8000003ffffff0000007fffffe000000ffffffc000001ffffff80000040000024480ab33cb4bf7cb79c024eeade3fd641e2f3003698400e8986a7343a5da59a3b26eea4b4176e53239371437d834a1a7
result = valid
shared = 1911a0ee6aebe263fdcf3db073f2598cdafabec2123a2f24a28c3d9151c871f32d6dc2f31d25af9c498fd68da23e5bef
curve = secp384r1
# tcId = 264
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200048000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020797da4c0751ced16de80d16ab7c654a5dc27d092626d0865a192a1c5ea7c1b88c9fcab057946741e41cc28c80ec0b9a
result = valid
shared = 15900643e2e0583976974b05f83c7a96611425f7c4a6eb51916ab958a037fd9cc172bdcfff4540a2ff3ce64e6505557e
curve = secp384r1
# tcId = 265
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004fff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff6c70898ae6fb31fa2f086562af2d10486ba4c6fd5e41dfe4aa61598b4707a3bc276a62feb1b98557e3b17c025f7adf4e
result = valid
shared = 88a544a769d5c34a051416bd509dfac911863f604c83ea844bf0e4c5c272dec86d057a88b152a9274701938c705900c3
curve = secp384r1
# tcId = 266
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004fffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff00000040000000eb1592858b6e6e3a199c0f3e7c5f0b4a92915936efb8bc0407680eb7274be7422156ce8cfc8b505b2d902c39992380f
result = valid
shared = b7db26b286e7527cb1f454782fe541862ff0f8d7eed960e22855deb7ac2a69611668c777c53bb74c2bcd40edfbf7944d
curve = secp384r1
# tcId = 267
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004ffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff4987abae412809c2fa48fd23b1bdf9e622f5a606c44117215ffa61b18ef46e54a7fbbf11f9a6ba59c991b4ae501fedce
result = valid
shared = b1e8aab1aa633d98dc6b768594e1e3edb801a9ef483f287c83e19744d2ad343ad3debdc4dc178213ad6876b52284f552
curve = secp384r1
# tcId = 268
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004ffffffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff00000000000001000000000000013691fe493d4d28bf8ee1dfec812d6c306eae0842919eda6dc525f0d49ac2d26a992251912139a2936849f9d6fa949a68
result = valid
shared = b0de006f80f6f89e4eea6e46dfe305153005612d1e903171ec2886230971961b5202a9f3187bdac413ac24c836adf7a0
curve = secp384r1
# tcId = 269
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004ffffffffffffffffffffffffffffffff00000000000000000000000000000000ffffffffffffffffffffffffffffffff615842aa06b06f78f0a66f7bea88d4b6ee59653eeaa00dc5e0a2b658f969b71af90c9b4e96bd3ca33846955bdccbd359
result = valid
shared = ca8cfa42c5e374914c14d6402b1a99208e47e02ec49818913694ea0822a2cc6c310259a8f3ab7559b9974bc4c2fa337e
curve = secp384r1
# tcId = 270
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe732152442fb6ee5c3e6ce1d920c059bc623563814d79042b903ce60f1d4487fccd450a86da03f3e6ed525d02017bfdb3
result = valid
shared = edf040bace18d90bf9ce720df2a3b31d76d95b7ed9530a159ac0b24e82a871033eada40552f9e606f7115e6a78927511
curve = secp384r1
# tcId = 271
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000001f03123b0000000000000000000000000000000071bd1e700c34075c3cade8ce29d33724af68a7672b265a4e157055360440ab7c461b8e9ac8024e63a8b9c17c00000000
result = valid
shared = ea817dff44f1944a38444498f1b6c1a70a8b913aa326bc2acc5068805d8ddd7a5e41b8ee5b8371a1cf3f7a094258e3a6
curve = secp384r1
# tcId = 272
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000001f03123b000000000000000000000000000000008e42e18ff3cbf8a3c3521731d62cc8db50975898d4d9a5b1ea8faac9fbbf5482b9e4716437fdb19c57463e84ffffffff
result = valid
shared = ea817dff44f1944a38444498f1b6c1a70a8b913aa326bc2acc5068805d8ddd7a5e41b8ee5b8371a1cf3f7a094258e3a6
curve = secp384r1
# tcId = 273
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200040000000000000000000000000000000000000000000000000000000036a2907c00000000000000000000000000000000000000007f57b69a014783dbfa4967b2f9cfa678a6f0b6e9cfd41648cec5b3c498e72152da3f82d3da2e8e9f8ef37b11
result = valid
shared = bfa93e184f76279fd707d53ddcb3628855cfafb111bcbd0b4df6ef77aee624924d681626a153fa4e59c923b71fc090b3
curve = secp384r1
# tcId = 274
# edge cases for ephemeral key
private = 2bc15cf3981eab6102c39f9a925aa1309db59c2c02a54411928d73c3945d157848dc36959efef7495c8528ea284c1c97
public = 3076301006072a8648ce3d020106052b81040022036200040000000000000000000000000000000000000000000000000000000036a2907c00000000000000000000000000000000ffffffff80a84965feb87c2405b6984d06305987590f4916302be9b7313a4c3a6718deac25c07d2c25d17161710c84ee
result = valid
shared = bfa93e184f76279fd707d53ddcb3628855cfafb111bcbd0b4df6ef77aee624924d681626a153fa4e59c923b71fc090b3
curve = secp384r1
# tcId = 275
# edge case private key
private = 3
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 455aea9924330bd6d2d6403478327900e172e93598e254cf6d8eb13f0a3d21be51a46107333844e61dfa3d80df6928e9
curve = secp384r1
# tcId = 276
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = db1d8ef1117282870db8113aa4f58723c756ce598686eb8ea531aa4d39abb1b982b1e7bb2648a6c268d2d351204db8d5
curve = secp384r1
# tcId = 277
# edge case private key
private = 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = e98062df47ef884c9411e16466af84ad271d586008b1fbc50aeb3b36836a35a770dd42e0db84d39b26f4dcd2dc03d90b
curve = secp384r1
# tcId = 278
# edge case private key
private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 898aae0ebf1cb49fb6b1234d60f59006325421049a8a320820e1ad6af6593cdc2229a08c500aa55ca05999d12829db9c
curve = secp384r1
# tcId = 279
# edge case private key
private = 0800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 83f862f496ab8af12b82a8a0c047d836bdfa36281324b3a1eb2e9c1d46699d81cb125cbe4b93939fd84e1ae86d8a83cb
curve = secp384r1
# tcId = 280
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a779ecec196accc52973
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 9a26894887a0342ca559a74a4d4a8e1d6b2084f02e1c65b3097121a9a9af047d8810fb945dc25bbf02222b3b625f1e0a
curve = secp384r1
# tcId = 281
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecdc196accc52973
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 8a8d9dc194a26910cbdae7908d185b6ad04b620c94c5ee331e584ed804e495bebc2290a2d7006a06e65b9bcace86c6f6
curve = secp384r1
# tcId = 282
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aece4196accc52973
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = d57f6aa12d3f07e8958499f249e52cfbe5be58482e146c5414dbbf984fc5333710350e2ce96b33beb7678381f40f1dcb
curve = secp384r1
# tcId = 283
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec1969ccc52973
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 188e8041d9a5f0b6cfdad315ada4823beda0146774fad65b500e6ef94376ebf8af7a40ff6f6b45019a09dde7d7fb5552
curve = secp384r1
# tcId = 284
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52959
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 2ecf9dc47e8b07ae61ddbd1680ead02698e9e8469f78d5a28328e48d0c9d7a2ac787e50cba58cc44a32fb1235d2d7027
curve = secp384r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 285
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52969
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 06ee9f55079d3d3c18c683ba33e0d2521be97c4fbf7917bf3b6287d58ffcde2df88842e3f5530b39549ac20974b1b60e
curve = secp384r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 286
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52970
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 455aea9924330bd6d2d6403478327900e172e93598e254cf6d8eb13f0a3d21be51a46107333844e61dfa3d80df6928e9
curve = secp384r1
# tcId = 287
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52971
public = 3076301006072a8648ce3d020106052b8104002203620004e9dfaaab808b3aac1ccca7cc6242a7ee583249afe8ee8f66b904cc8eec34ad334456e00f33a94de8b5169cf0199550c020156e9651734ff999c5f3ea62b83d0083a6093f234457251ecf72c41e4df7cea2420b5454a7f690034380bac981e92e
result = valid
shared = 024c5281487216058270cd1cfe259e948310e4adc263a9edaa4da0bc3f5f8ce8ffc88ae41b2c050bf6dd9c8c66857237
curve = secp384r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 288
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp384r1
# tcId = 289
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp384r1
# tcId = 290
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe
result = invalid
shared =
curve = secp384r1
# tcId = 291
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff
result = invalid
shared =
curve = secp384r1
# tcId = 292
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp384r1
# tcId = 293
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp384r1
# tcId = 294
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe
result = invalid
shared =
curve = secp384r1
# tcId = 295
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff
result = invalid
shared =
curve = secp384r1
# tcId = 296
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp384r1
# tcId = 297
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp384r1
# tcId = 298
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffefffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe
result = invalid
shared =
curve = secp384r1
# tcId = 299
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffefffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff
result = invalid
shared =
curve = secp384r1
# tcId = 300
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp384r1
# tcId = 301
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp384r1
# tcId = 302
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe
result = invalid
shared =
curve = secp384r1
# tcId = 303
# point is not on curve
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3076301006072a8648ce3d020106052b8104002203620004fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff
result = invalid
shared =
curve = secp384r1
# tcId = 304
private = 0c6cafb74e2a50c82c7a63d13294bfea13d0bc504ba2b08a392c9081bf3815d9e44d969ed7f05ffd1d8594355053c6147
public = 3015301006072a8648ce3d020106052b81040022030100
result = invalid
shared =
curve = secp384r1
# tcId = 305
# public point not on curve
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 3076301006072a8648ce3d020106052b81040022036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c8
result = invalid
shared =
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 306
# public point = (0,0)
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 3076301006072a8648ce3d020106052b8104002203620004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 307
# order =
# -39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f0231ff000000000000000000000000000000000000000000000000389cb27e0bc8d220a7e5f24db74f58851313e695333ad68d020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = invalid
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 308
# order = 0
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201853082011d06072a8648ce3d020130820110020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f020100020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = invalid
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 309
# order = 1
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201853082011d06072a8648ce3d020130820110020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f020101020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 310
# order =
# 9173994463960286046443283581208347763186259956673124494950032159599396260248791326163093631191247821216106
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b13082014906072a8648ce3d02013082013c020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f022d00ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196a020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 311
# generator = (0,0)
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 312
# generator not on curve
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e61023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 313
# cofactor = -1
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc529730201ff036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = invalid
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 314
# cofactor = 0
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973020100036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = invalid
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 315
# cofactor = 2
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973020102036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 316
# cofactor =
# 39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201e53082017d06072a8648ce3d020130820170020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = invalid
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 317
# cofactor = None
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b23082014a06072a8648ce3d02013082013d020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff30640430fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef046104aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab73617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 318
# modified prime
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100f47e533e4e43e4bf04e901db0eea6efba14bbcdc3b1c5753a7c141487e4f43784e57a72310202323361f44760c8368bf306404300b81acc1b1bc1b40fb16fe24f11591045eb44323c4e3a8ac583ebeb781b0bc86b1a858dbefdfdcdcc9e0bb8af37c973d0430b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef04610400000000000000000000000000000000fffffffffffd38000000000000000000000000000000000000000000000001cf3646298bba2f24e84189cf0d1e75188fc4fcf5b0844281822e789e3d534b159f4c419342260197625ad924a2c72c4d0f023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc529730201010362000400000000000000000000000000000000fffffffffffd38000000000000000000000000000000000000000000000001cf3646298bba2f24e84189cf0d1e75188fc4fcf5b0844281822e789e3d534b159f4c419342260197625ad924a2c72c4d0f
result = invalid
shared = 5df0762488bc0a7be1121508949382861f781c331676048c2d45d245be6f476c872113e6710bc746c3d06970510193ce
curve = secp384r1
# The modulus of the public key has been modified. The public point of the
# public key has been chosen so that it is both a point on both the curve of the
# modified public key and the private key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 319
# using secp224r1
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf
result = invalid
shared =
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 320
# using secp256r1
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39
result = invalid
shared =
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 321
# using secp256k1
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838
result = invalid
shared =
curve = secp384r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 322
# a = 0
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201863082011e06072a8648ce3d020130820111020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff303504010004304fcc45ccf5e23ee407b9291d2e85523962a2a79a50da3facca04b7267ad316db202cb07c24905740d201ded3028881090461042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973020101036200042121a348f9743855859c496f91d0f39fe728fc46e48d007713051b22f1c0257fe20dd85b21df7e1ec82bf8b39b2138a2ae74f80e6257778f8cca9f279b57d25eeeb155960642972f0567e204514f0ac1eb1e27db5115053211914961d09644c6
result = acceptable
shared = 455cf3c0b0090688599825522ef3312878201514f6330ccc7f42ec1945204adfe419b2dbbfb942dc98b16d8323150cf6
curve = secp384r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 323
# public key of order 3
private = 0de44e63fd924f177340d780af6aaaea271f52d2cb9a5c519b6020e06c3cf0baafbc0b801c6508c2e1483b15cfef7afc2
public = 308201b53082014d06072a8648ce3d020130820140020101303c06072a8648ce3d0101023100fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff3064043072b3656874104b18a53149d3f2eb372f2569f3639e90d8a720cd240a2dfb8102731a7158f093a41c394020346bbf1335043037250f23c44a0cd5d2f4bc5c4b961d4aa4c3d0b3de9152212325ac17ea696a8c3f38a1f1b5249ed2d4befcbdf39659ab046104e6adb603e0fdf32aa11eaf97ddff6ce802ec2aae39a37c980fe4cd12da5bc51a7f71cad00068ada13922958a70b5cef94110ec8f85947c796e5ab0a2c1844673ac6d979fd2456fb7c5715fbbf87273079dfb83886357b434cb400b0b711ffa13023100ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc5297302010103620004e6adb603e0fdf32aa11eaf97ddff6ce802ec2aae39a37c980fe4cd12da5bc51a7f71cad00068ada13922958a70b5cef9beef13707a6b838691a54f5d3e7bb98c539268602dba90483a8ea044078d8cf762047c769ca84bcb34bff4f58ee005ec
result = invalid
shared = 22a50194a6b08255b20b998db62c86a097d2c03d9bc1e76d337364c8e7a3bac82680c5aa4d58be543378ab5a3876abc7
curve = secp384r1
# The vector contains a weak public key. The curve is not a named curve, the
# public key point has order 3 and has been chosen to be on the same curve as
# the private key. This test vector is used to check ECC implementations for
# missing steps in the verification of the public key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 324
# Public key uses wrong curve: secp224r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 304e301006072a8648ce3d020106052b81040021033a00040710b0c6f4675459f3df2bdf7ca02819f8086198d15c69b8abda37639e6031caca8a0121894d2491d8b3dce093703c70705bc5dbc8fa17c8
result = invalid
shared =
curve = secp384r1
# tcId = 325
# Public key uses wrong curve: secp256r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200045fa4fa0b235c21e5c9f3baea9303bf86eccb7d31d0b998e141bc54b5dc43b23eef7fc5cf56308ed595eee99ade6aaf74d591c3d00aa1b438abc59c9607c22c36
result = invalid
shared =
curve = secp384r1
# tcId = 326
# Public key uses wrong curve: secp521r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 30819b301006072a8648ce3d020106052b810400230381860004005bce61fe27c440fedbad47d88bccf645db9c1d30daa086e592e8b6a0a173b87991b619801907b420fa558c7953ab97badd9c6c1d85859d9ebef7441a088ff57ed5008d7638de703faabeb5a78e83e8fcd4eb786144a75d79bd4cc8cfa8be66612d756c7b65c67f72c6acbade6f0d59e9752e845205b2a560d4f8d6a9e84bf812f94d18
result = invalid
shared =
curve = secp384r1
# tcId = 327
# Public key uses wrong curve: secp256k1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 3056301006072a8648ce3d020106052b8104000a03420004a69ced11a8bf7a907bfa47cba3368f2498b465a2407c90649c8da224d2a85bf445ad2df3d0113e72aedccf92ba6b8529ed6faa154bc27aba25f49371981e3b38
result = invalid
shared =
curve = secp384r1
# tcId = 328
# Public key uses wrong curve: brainpoolP224r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 3052301406072a8648ce3d020106092b2403030208010105033a0004a9b0f90e49a57fbe508847bf16e4a7b565dfe870a50164bc2862fe6e4d54bd8b109939f7dbbf800522722b9c0b309ace3884abb69c927ad0
result = invalid
shared =
curve = secp384r1
# tcId = 329
# Public key uses wrong curve: brainpoolP256r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 305a301406072a8648ce3d020106092b240303020801010703420004512fe17172db1125a49f9dbb85e387869adf015e4899c06f66ef870d72092d4d195e1d21b4a4647bf734468bee802ddad5449202eba1041df2fd8cde04697237
result = invalid
shared =
curve = secp384r1
# tcId = 330
# Public key uses wrong curve: brainpoolP320r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 306a301406072a8648ce3d020106092b240303020801010903520004c391dc7a817d47a3961ea1857895e101c0f5a8767d3a9c7cad49f7af8029f24c67309373cedd0831ccc0a0f45d344f3ab5923d2452507a980301a283848ae31574a57db51ce5e61d35aee483f1bb8e66
result = invalid
shared =
curve = secp384r1
# tcId = 331
# Public key uses wrong curve: brainpoolP384r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 307a301406072a8648ce3d020106092b240303020801010b0362000419d3c811c04c5c0990d0258386195b2e29fdaba58d3f12b0bac8d3d53828c66c7a35e3d1eb0bdf2c08f23d0e4ab6a3246e456bf0fb863d03423dbe431baf799657c7816a619662fe5b900b754107ba5cc06b1d62c9a927891efee1a1fd404d7e
result = invalid
shared =
curve = secp384r1
# tcId = 332
# Public key uses wrong curve: brainpoolP512r1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 30819b301406072a8648ce3d020106092b240303020801010d0381820004216eb619457f1168ac873f5b560a75df80749f2bdf9abac31d6580e521ad70368013c3db74f663263b61eb12d4dcd597ad6c77cef6a5d6d2240b1e244d76403f693fb317ffc602a7ac313991b0a62f7bf469bbc95b3ff35003d972eb8ebcc8d4833e6c24ad52d49c1ce6244c7889ab67a8818232e192944542763fc667e5799d
result = invalid
shared =
curve = secp384r1
# tcId = 333
# Public key uses wrong curve: brainpoolP224t1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 3052301406072a8648ce3d020106092b2403030208010106033a0004691b24004380a599770214d0c60ab37cfc804cfaa7aedd11cbf0a05467ebec5e33322cda707b848086fd740244f62cdeb867fc057207fde2
result = invalid
shared =
curve = secp384r1
# tcId = 334
# Public key uses wrong curve: brainpoolP256t1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 305a301406072a8648ce3d020106092b24030302080101080342000422bf69f3a81dfa1ed8a97301943626e20377b78f7e7d714b880deb5a4a9c63a11591c2e47b777488990771855768b9a4050d61bf02d84cc6aa40447a07507285
result = invalid
shared =
curve = secp384r1
# tcId = 335
# Public key uses wrong curve: brainpoolP320t1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 306a301406072a8648ce3d020106092b240303020801010a0352000476568300e2b4c68861589b4966e67bc414811e4011260cb8be5f884869fa179ca8af40f80009e0a58b17ac3e551a772e76683c32e6e09112572542d7c1fe3d49abb56da56d669186e2623dc797129dc0
result = invalid
shared =
curve = secp384r1
# tcId = 336
# Public key uses wrong curve: brainpoolP384t1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 307a301406072a8648ce3d020106092b240303020801010c036200043345dffded3c33f7dcc19bb8997a39f2d6230abcb765d6142c30bf320c1fadff535feafd8505eb3e614db71826c1e258077a1e6057add7474f6d35dce68417812e7b919b1c673032b28c45d0a9251c43a2a73ab152f64ff8eba4eab312fa73bd
result = invalid
shared =
curve = secp384r1
# tcId = 337
# Public key uses wrong curve: brainpoolP512t1
private = 0d6331a5a968e4d3bd7336a423b41055b68edd100b8b998d00eb9ed93881c21e3912bb2ee08e71327be205898675ef7a4
public = 30819b301406072a8648ce3d020106092b240303020801010e0381820004a3677c646cd887685940c28076f55cda7469032845f2cb2af51c61492dc435aaa5b771d8e1528417cdeb89b5f629e06b234e21236b9edf46c7025177ee65a8e940f670d10c722cea355bd3a5c8847a38324b9a06a50a95da4e70bb492cd00194a8830975dd1e115e19315575ff841b30fd4a3f8a44725dfe280d0af57fc80cc3
result = invalid
shared =
curve = secp384r1
# tcId = 338
# invalid public key
private = 2b9e57572da6cf4fb58cb94eab8df19383a136f219f2a515776a8bf48e1538dd1d811946c16d9f0184c9ce5cdf1dac51
public = 3046301006072a8648ce3d020106052b81040022033200024424530ea70bace90601f8d5869e4179a6cd689b6a18fdfec50cecf17cb836d24820211ada67815b42c2c2606303f69e
result = invalid
shared =
curve = secp384r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
[curve = secp521r1]
[encoding = asn]
# tcId = 339
# normal case
private = 1939982b529596ce77a94bc6efd03e92c21a849eb4f87b8f619d506efc9bb22e7c61640c90d598f795b64566dc6df43992ae34a1341d458574440a7371f611c7dcd
public = 30819b301006072a8648ce3d020106052b8104002303818600040064da3e94733db536a74a0d8a5cb2265a31c54a1da6529a198377fbd38575d9d79769ca2bdf2d4c972642926d444891a652e7f492337251adf1613cf3077999b5ce00e04ad19cf9fd4722b0c824c069f70c3c0e7ebc5288940dfa92422152ae4a4f79183ced375afb54db1409ddf338b85bb6dbfc5950163346bb63a90a70c5aba098f7
result = valid
shared = 01f1e410f2c6262bce6879a3f46dfb7dd11d30eeee9ab49852102e1892201dd10f27266c2cf7cbccc7f6885099043dad80ff57f0df96acf283fb090de53df95f7d87
curve = secp521r1
# tcId = 340
# compressed public key
private = 1939982b529596ce77a94bc6efd03e92c21a849eb4f87b8f619d506efc9bb22e7c61640c90d598f795b64566dc6df43992ae34a1341d458574440a7371f611c7dcd
public = 3058301006072a8648ce3d020106052b81040023034400030064da3e94733db536a74a0d8a5cb2265a31c54a1da6529a198377fbd38575d9d79769ca2bdf2d4c972642926d444891a652e7f492337251adf1613cf3077999b5ce
result = acceptable
shared = 01f1e410f2c6262bce6879a3f46dfb7dd11d30eeee9ab49852102e1892201dd10f27266c2cf7cbccc7f6885099043dad80ff57f0df96acf283fb090de53df95f7d87
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 341
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b810400230381860004014c643329691ba27459a40dfe7c4ce17b3ea14d0cd7aa47b01f1315404db51436fbbfe6de0842e0f7e1265f6ff3aca28750677d3370b2fb2a6ef497356f4b95811201051b14178639a09a41465c72d3743436ee1c191ff7388a40140b34d5317de5911ea03cdbb0329fdeb446695a3b92d437271a9f3c318b02dec4d473908158140e97
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
curve = secp521r1
# tcId = 342
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b8104002303818600040029cd32125c23a41af24fd4b729da0faacbc35516ef0ba59096602571693cd282e26d67e18ef4643d0f6f158d7370d3394ca9a8de7938032ac178c6fd34e3702b8d008649834e2b41be3a8b7510bfe570f4c67075943cd0cbb9d9e1d1da52618b5b96d6aec9b650daf1ca6624c13e5116302b9c79c8c4d3d351915d1e8e1ab6ad76098e
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
curve = secp521r1
# tcId = 343
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b8104002303818600040032c6f06ce6a15ea064464d35aa368d299c9a9e1e368f694aefb603876248f898f223ce0217bef37d61eb09b27c93187cf8e61ba7b14e3c9bee692b06ac6d95f836019fd19f8480e21c63211d48d45f96f6365cf55f958e1a0fe7ea6b6b9ff230a87b70bb1b14d3a5fb6669a91641c6acf4570c1d3a9e709913b7fe6b35ff81c394d6a7
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002
curve = secp521r1
# tcId = 344
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b81040023038186000401f7eb96e64b1a62daf9e0801bfd96a0b15b68e5f5cb3e90b434495a473907338e53098e1c2e493335d09c6aae6fdda0345b98aaed588f2abe82910713fb6c20252901396b17cf250bc018f4cead097e7e09863f14cf1239b065e57d884949eee141926f7e7c9f7f34cf0536368767bc0e1ab5142877293a4c722693a73fe14a5390af93
result = valid
shared = 000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000
curve = secp521r1
# tcId = 345
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b810400230381860004006ddf9b10965d5fc129e96f7a37667ccf66cc44384772906fedb21f9de4629e01aaa09ac7c9866112064bbc9bd58ebc123ab2fe19d8fed1a056d27bfef0630509c7001c441311ef20a16346332ea42d5c65788d68f6817b0267fcab11ea9c948ed108115dda8e823a380b601460742d3772d6424c67b240da24772ff0d2ccd9a1e0cea6
result = valid
shared = 000000ffffffffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff0000000000000100000000000000
curve = secp521r1
# tcId = 346
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b810400230381860004007a8c547268c948b626da636cf54428ea2ab23861d499a84ad7be1cf691b92872a06e26c6dba08ca9ed386f83d396156d5fa023f57d5ea6440ec7401dad2c08ad70018c3815b1b9a2e42555419a6c19043fa2b0ddcc4b5a6e372fee9fcb227d85bad704687e7e1a818b612d5c046cd75972f7a2dd5c9a200ac5582cd59fec47ac525ecf
result = valid
shared = 00003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff
curve = secp521r1
# tcId = 347
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b8104002303818600040029153cf062f88f303e5d6f9aac968bd901076d5994ea7f831833b1e69b67e9e9fe20cf9c5623e00e0b9e3592fca2a03324b5df7c93186aff697aca864600d44ecc002801a62e2f4106f34106da23dc93d50e3e975a1d47510021835290649b7a4125109f656b6b0b5bd00b24d84ea1ba4e1ed49e61c526fb1011005131caee7ee0501e
result = valid
shared = 010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
curve = secp521r1
# tcId = 348
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b81040023038186000400a61eb994e28722c59b3c6007dfdf8b37893f6350f461b26a00e1a45104314aae9989da87e4facb2c4ef721185b7d96d9a45a28a102756501a1acc5d329a21bbf73010e8d0e12f5a9a40e0d59c90ce73043d39730aeadd3788e31d7c2bb62a1166161994664afa658ce2e60a13f45f27f914307c8d6f8d4ed16ab041b8f69908a62782f
result = valid
shared = 010000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff
curve = secp521r1
# tcId = 349
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b810400230381860004011dd497b30c73709906b164a9a79dc7f2a98c0148ed63016bb95243834fbcdf8eb74b0ff652d54f59f31aef51da6e8974d363655b1da138dc4de0f2a8d800f475ae0057bd4b84607400d863ffbf45a3cf58999ee24ba05e93eca7b0e4ae760eb1733559a45d15579d3370d716ffa3ec4bfdae418e32fb06138dfca213720a938577610e
result = valid
shared = 01ff00000000000000000000000000000000ffffffffffffffffffffffffffffffff0000000000000000000000000000000100000000000000000000000000000000
curve = secp521r1
# tcId = 350
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b81040023038186000401283eb93fa369fe7012b647d21e0a97cf9950e5fbed819ef56158f20c8a9473a418eccbca4dc2b47f4cb6d322f917005859bf221e84ac9827cab82a801c627fb1ec0075c480cbafb352fcaf93baf23a1405fd81febe09729a908d1077e177dd8993d94b251a0d52652da3edb6fdf864e80cd51540e73d0b5107e3433576dcaa4e18db43
result = valid
shared = 01ff0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff
curve = secp521r1
# tcId = 351
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b81040023038186000400173beefe35ee868d497ff6601628f65ce18a1591f7e4a3a406622f3f508e2da68f101ed02febc38418c6ddfc26a5ec9848c42792463b1e945f9e167db34bdf2d660053070647aba7cd60eb295ab81a268a3903f393c5d28bbc5e022351c377cd84f02c19deb36442372cae1332e92f95ba60b6c852e0de0718e89d24e43cd479c9fb11
result = valid
shared = 01ff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff
curve = secp521r1
# tcId = 352
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b810400230381860004009829cd5432687739ab6ae10af8ea73d2cb53b81ebb06b5961b7badc1676b3ef7b00454f7cde56774a01312d574a9193c1a5fe5336fbe62623ad9bf81143789f9f90012f955697ed578207197bf9aac3896521615dbacc8dc665d4f1715b08439f49c2aa6ed337023ffccc5075a85944936826db92f919737ca3afeadba1847084bdef7
result = valid
shared = 01ff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010000
curve = secp521r1
# tcId = 353
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b8104002303818600040126e3c959cd41120bb83693b1d6a034b385137c1bb3213b776122fed96056e329885718a73bee639c0ba4b68818682f498ce5496925002bd7652516405fcc4fecad0073a9c6e3b0c694bf7cc8ccbbd09800e81e3548ba44a0c2381cef0b07bf702a19054bb5d717a1b79294609cbdafd4e2018064f7b2c4c204d818eb7ce521c3268ce5
result = valid
shared = 01ffc000001ffffff8000003ffffff0000007fffffe000000ffffffc000001ffffff8000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000001
curve = secp521r1
# tcId = 354
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b8104002303818600040153dc481ab3c5dc8decd24ceaee1bec77f59f21f7f31c19538af047d281ac9e2567933fd3d21096b185d4098919571931bb9b0be7197995e2fbaf21c8a10007ade001ad69f08fcae164390be826256b50fae47502ce0e9ca46af0c490cb4033c886f88661a99ff2bd3c9c8e7da30faf2b4c769edc5831810ac05054c97e41063f496e1f
result = valid
shared = 01ffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff
curve = secp521r1
# tcId = 355
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b81040023038186000401f586611c87150288c3e86116c5db94a26718978829d701ddac05e9b0ce22dee4b18e95f60cba783ed3384da373deaefc57b8265d3a34eeb458bf24b9d82be32819008456e0f1d80492ef0078cc246d32fc7c7fb6720b4d458b51b2098d35746752b0ef0345bd0d342dfee6dd2f12ed12b34bd95d058c2811fd479d2dde32180e6c9ef2
result = valid
shared = 01ffffff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff00000001fffffffc000000080000002
curve = secp521r1
# tcId = 356
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b810400230381860004015edc87fd499a73eabffd14d2b6a70a8fb69b6a39d0d9c4dda2337b53cc72e49a9e3d5a2d9e8930cfa11852dac33443227fba6684bd74732e6879884b6ef9dae98f010eeb8d2e3360ea9726628085268af3f2a05ad41235d0a892098bd661b636f7ef0a820282906eda3f1ff1980b98fb5937228e9edcd6332e3641216c7307e7f3f452
result = valid
shared = 01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd
curve = secp521r1
# tcId = 357
# edge case for shared secret
private = 0a2b6442a37f8a3759d2cb91df5eca75af6b89e27baf2f6cbf971dee5058ffa9d8dac805c7bc72f3718489d6a9cb2787af8c93a17ddeb1a19211ab23604d47b7646
public = 30819b301006072a8648ce3d020106052b8104002303818600040131b43002f7e687eec1ecf6a253c2ccc9e48f04d86fccd18fee0d2d22191f1ea539c40d521970b4709dc03986f647e0e8bb3340cf8a3e643a3541035437cf25f01500b27a55ac45f0296f8c9656bcfd52b5cea9f4115c06e4c64319609847d45e92418400e7868672c0d3e6e5e6e004a7190476ed77cfc33ad19a4bd2c615ad9950f374
result = valid
shared = 01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
curve = secp521r1
# tcId = 358
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d20ec9fea6b577c10d26ca1bb446f40b299e648b1ad508aad068896fee3f8e614bc63054d5772bf01a65d412e0bcaa8e965d2f5d332d7f39f846d440ae001f4f87
result = valid
shared = 0053bf137fee8922769f8d0fe279caa4dac9c6054ad0460995588a845d0a959e24bc0fc2391a2b92f7bd400f50a11a9db37f07bef7fa8dad2a903fcf534abc8736f7
curve = secp521r1
# tcId = 359
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b8104002303818600040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010010e59be93c4f269c0269c79e2afd65d6aeaa9b701eacc194fb3ee03df47849bf550ec636ebee0ddd4a16f1cd9406605af38f584567770e3f272d688c832e843564
result = valid
shared = 01c95ac417c90a520149b29105cdab36f528a23efb5621520dbdafea95a7d43499c4c8be02cd1c2de000da18104fa84a1e9ece6386f0e0efa5234a24595d7c4c96f4
curve = secp521r1
# tcId = 360
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200d9254fdf800496acb33790b103c5ee9fac12832fe546c632225b0f7fce3da4574b1a879b623d722fa8fc34d5fc2a8731aad691a9a8bb8b554c95a051d6aa505acf
result = valid
shared = 01b47ec41e3a5abd9dd9808fc04d9078cbed72b9eba98d3c1ded70a29938f0efd5a27a7113ff721f122cb17411de307a355c685074f5766b6d1a033d2fa188c945b6
curve = secp521r1
# tcId = 361
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b810400230381860004000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000005f880f50ec94bfac6658fa2fce05945c6a36b266407b6fbd5437a83e2f2f9b9c50a734872e48e70df65457f13e47d06c6b8b29f4735acf105ea63e051904d18aea
result = valid
shared = 013aefe3245728a08c904fe7d61cd9c2fdac63f29cf664d8f161bebacb93f8a710e9692f9689480ad498de00f00061e40e46e76e4754c1130ef4217a58933e0b1dc6
curve = secp521r1
# tcId = 362
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b810400230381860004000000ffffffffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff000000000000010000000000000000f33ffc45da3eac1baab727ab8fd355cfa134c42047d55262651654fb50df7e9a5a75f179c8c86c4388213b5687dc43dfebb37f30128703c44ccd5c3284833b8717
result = valid
shared = 0168df272d53e3161926168c4aeab5f355b8d2a6689cfd567f2b6eb2011a18c775ac2a21f8dd497f6957217020b3b1afcb7021f24fccc2523be76a2bff44596e5a14
curve = secp521r1
# tcId = 363
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000400003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff00cd2839d857b4699f5c8e8a0194786e26a862f086b4ba80746ae5225ed3aa68f96b7aaec55225830bb98f52d75221141897ba49d7a31ebbf0b6d7d31352e5266190
result = valid
shared = 013db1b9241b23d33860d32dec37a79e4546a41afdfdd9c438d04e1f8b566ac8d9d3f572c293e96943722a4ee290e113fffaa82a61867d9ca28d349982354c9b256f
curve = secp521r1
# tcId = 364
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b810400230381860004010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000813d9829119f42ffa95fea8ba9e81e4cd6a6ca97fb0778e12e5f5dfe35201dd4cca8eca0d2e395555997041381e6ac1f18ddf4c74e0b6e9041cfdca1d1c103091
result = valid
shared = 01d2bbe9f754584ebbc7c7ad74136d1c8a144948948aa8be49989dd9b4c514db2e2ab1e0713ad1699f632dd2cea53da218ed549f030a113e282fd9e3be462d9aba84
curve = secp521r1
# tcId = 365
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b810400230381860004010000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff00878ad597d290db2cf660594aeed0f9b7c8dd68451d2d1b2cbc816b1ec4f35465b3964aff2edf1255163f5fca580132f85cade2887a017e7cd0b37196ad85221107
result = valid
shared = 000f37a2e2caef54fff4126c0fa96e7c47f0cad74626ef91e589e12d2e1e8c221be7295be9dc2712b87bb0aa0f5880b738bc1242f2ba773bf9eb2a54e3c1ca4758d7
curve = secp521r1
# tcId = 366
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ff00000000000000000000000000000000ffffffffffffffffffffffffffffffff000000000000000000000000000000010000000000000000000000000000000000b5e1191b449fa1ebdbd677daa48f90e2d1d6c058c877087cafd9364d99dbb283c68402e6e6c5f5411b2ed42824d8b280ceb910aba6847883a7e3780e2132af41c1
result = valid
shared = 017aeb254d9c8c8ee06215ff33811357da73bf7f6dd6d7f8f176d62c065a88a9005f680c630e9f2763585ea2ee76b6e4ab45e673f814ebfa95947c0c63fb24fa6e9b
curve = secp521r1
# tcId = 367
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ff0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff00207513d615656a1cc7505c18aa21b08e2b1d5a841de0816cc29c004efdb2d902ac1a7bb05e20722b576b64a3ddf4d2486421ac706bf4a424f252386368a5340fb6
result = valid
shared = 0061bed42248a37b4625ef04c4f9c7ef69ee3c6f9503378351fcab1b8ce1343206997eec1b88449eb6f7355711ea1a818a486ee30a24126241a7e2289267cf5dd61f
curve = secp521r1
# tcId = 368
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff001fe800c50e54012b75a33e4be7d07c8d60f29680a395e951a6a31c5096b0ea928fc2cbf327dd784dc0a7ca46ea73992b758b5641364b4aba39e93798a4d925a008
result = valid
shared = 001067d9104e296ef42b944587de11b10df05d2d959ed44cac9e7ef1c7a05d90819c43bc79c7397918f957cc98db931763bbeb1bdfc35865e8a359a013f13d60c433
curve = secp521r1
# tcId = 369
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010000008dd18a1f5e482140be79bb65a21ad60c8987e532c84345f0135affd46ec71ef02b1ca3ad56f301d955fa306c122d441d6fedcf8b855ef256350bf69d23a7207ad9
result = valid
shared = 00b779d83035cf7bb0bb04c7b2f46d08f6791f0d1542c9bcce7250e772b12ad8e38fce1d2b063a06f0fa3a1b072dd976f5f8542979903075162f1f5c6ba3b76cc45d
curve = secp521r1
# tcId = 370
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffc000001ffffff8000003ffffff0000007fffffe000000ffffffc000001ffffff8000003ffffff0000007fffffe000000ffffffc000001ffffff800000400000100566203dd325a081c4441f001f780365874fd3d0c9bc47227481afe76a93ae1bfde63af972203abfe22c63b80e83f7cc2184c3cb8cfd0152c54324c4759fd1f9a50
result = valid
shared = 01afe5d23733728b79c743933b9ba7dfec5ed19b7737e393908a1d000918aa795d1ce0ad533983d018f927b35d2af6463356573f387febd75911a49486202ca69d3a
curve = secp521r1
# tcId = 371
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff00b11c668fbd549f36889f7b63434051da26f15705839136b1b14a09152d7a182ea7806c35478a32d3aa3c9c1627a61519ebec71b36fa77449025b8829e27f307834
result = valid
shared = 019612aeb386febb1a28096fe5b2f682dead02389785225b80a27df439510d08349a193839525f248b7f9bcabfd3dc8da8cc1724022299b7b5e72399d89464b82e44
curve = secp521r1
# tcId = 372
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffffff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff00000001fffffffc00000008000000200aa75efc0a8daac1d73f32c9c552414bccf44af8e74331b47439e7dcc49a135b3ee61e9f69717d89b4bba3567a195aeda13fbec634bf2984b5ec6b6f80f5978ed5a
result = valid
shared = 00570673f87adcef49c1f011e8b9f1e11f7fd3b3c93114d08d3f515aa4a895a6c701c523063bdc13ad1db0a54f6e7b476fe10db2070441befc58c8cff3c08ef76e59
curve = secp521r1
# tcId = 373
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd0010e59be93c4f269c0269c79e2afd65d6aeaa9b701eacc194fb3ee03df47849bf550ec636ebee0ddd4a16f1cd9406605af38f584567770e3f272d688c832e843564
result = valid
shared = 0016aaf228b0aec190d4e4e5b8138ff9cc46d705da1bf002901c6ab420f59314d5b641712b14ef3e4fb125652c47888676804fb5575b741a8408c5625bfccff4fdda
curve = secp521r1
# tcId = 374
# edge cases for ephemeral key
private = 12bc15cf3981eab6102c39f9a925aa130763d01ed6edaf14306eb0a14dd75dff504070def7b88d8b165082f69992de0ffa5ee922cb3ab39917da8524cac73f0a09c
public = 30819b301006072a8648ce3d020106052b81040023038186000401fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe00d9254fdf800496acb33790b103c5ee9fac12832fe546c632225b0f7fce3da4574b1a879b623d722fa8fc34d5fc2a8731aad691a9a8bb8b554c95a051d6aa505acf
result = valid
shared = 00a5d6dfda2b269f4ab895a41c3b71b6ba10d5c9f0d9b3e730275345e4721594abfd39464c227716ded8ef3e60bb1ca0b551716e3f6eebb48d5ce8e0ab58cb1b73c9
curve = secp521r1
# tcId = 375
# edge case private key
private = 3
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 00f2246431b597930f2eae61e9aabbd39f8f6ae97c3cf2521a6aeecedda10b5ef5f3b2eb3a8906d02f51d244710aa9e19cc0be21db920132be1c91deb85e466c28df
curve = secp521r1
# tcId = 376
# edge case private key
private = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 00347c51f587c726070bdeb9173d0a547427ead3f2c8de62d9ecc3013285f645d220931520bcef85d08cfb6786045745fbfbfb1924c44a89d06676131a965677272a
curve = secp521r1
# tcId = 377
# edge case private key
private = 200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 01c41dc4437c2f2b94a940711b3a691723397a1f83d6bc0c67ddc7a657160925c7f85bb4eb3842b60b2610ddb7c0b8676267710e58359a8750843c6d8e25d48d1cd9
curve = secp521r1
# tcId = 378
# edge case private key
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 006a239cdb7a783840658d5f314bfe5c51e806a4bf1236f8421265bcc503c673eb16c5c2b38b5717fa04ee7dbcdeb15c871711507abb7557a8a8c7b3250141e854d5
curve = secp521r1
# tcId = 379
# edge case private key
private = 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 0112dbf9713aadd478e4f2ebcb058f05b512b1959c7da1994f851f373ce8c341d39c6843373f6fe559905953e1147640159437953c571961c09bad157a8e1a5bf476
curve = secp521r1
# tcId = 380
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47adbb6fb71e91386409
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 003eca2210c8623105085aa284d119f3d716730595c6291aa89bf32a95e8a5fdc64f3d76e92494a43a9dced12d05b6dca4ffe649b32ac12cb0202e702dc83a2cb277
curve = secp521r1
# tcId = 381
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb5fb71e91386409
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 01c4cae9fbfdd45de51d8525e8447a7553c35cf358f1346f1d79666887bb749a3ba0de62e1866b47a447d53b6f1ca5a33ec94507e2cfb65544f5a1195fc6b4dc5810
curve = secp521r1
# tcId = 382
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb67b71e91386409
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 008073b4796e748f3d0de5e85b22aed463f1a6aecdb336bc287b50d139e3591ef5f86b78c3f6051467755f059f295d758075347d657aaae02383838bb96071eacbd4
curve = secp521r1
# tcId = 383
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71d91386409
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 01f11ff8983792d4a790d0de4b56d078b9033ad6318a440e8119342937cc48a39375150ab2cf98273b0fe35d5a3af5d84322a685e89f2cb378a99b9b7bac87e44952
curve = secp521r1
# tcId = 384
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e9138631b
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 00286cefaaf38ca4c6657eb9b187d8614d51775fd71c1a79b4c0ef1a0d4ce72b6f5b2bc854a4e78283530942a3f4fd2a8586d5ea51513c89d3d29de5de06321e118e
curve = secp521r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 385
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e9138639b
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 014790de14c481f1336fcb7d33a8bf8e23eb594cc48608e9edfe0e326e106b67e7eaa3f04ec9985599178f632a5ee6419e11217060e9fcd5958a43882bf8cd3be6ba
curve = secp521r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 386
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913863db
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 01ae775dbc4096a3aea7977b1a0af4b2830ecf9ca927a6247fba4cccb46b3f71d0e7abb8dda72d1c1ee7bb5b875b4773cc8df40f732819c4147da330775d1742ea35
curve = secp521r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 387
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913863fb
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 01979fb05e068a12a3f20cfdfb9eaee9f22b356edcc7655383ed38124b86814f86a6f2216a34f3fc2299d403ee42408f95d08c5c6cd11db72cbf299a4a3c2545be25
curve = secp521r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 388
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386403
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 0197ebe26798bf67f06ff0282773af75115531f41d94c093d87481b76bef707bc222f2d6672f84a00fa20c5ed27027ab4006b68d93ee2151016c9ddbe014346272e2
curve = secp521r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 389
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386406
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 00f2246431b597930f2eae61e9aabbd39f8f6ae97c3cf2521a6aeecedda10b5ef5f3b2eb3a8906d02f51d244710aa9e19cc0be21db920132be1c91deb85e466c28df
curve = secp521r1
# tcId = 390
# edge case private key
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386407
public = 30819b301006072a8648ce3d020106052b81040023038186000401ad5043591dbe81657fe3d1c3d7a516606ad9d320a35fce8aaec8a950fb53f95388f3fc48be998e99334ad9e9234cded14471fe86caccaa07d058ee8771733ac3b900854de36366590b9ee4d0370ea6b00f7ebd8156ccf14e99f1a5344a9b4964fbb8348b081a8840c6b64be77997ad8bebfea5e7d9f7a6a7fa6d7655c50b2b7835f314
result = valid
shared = 01c168314cdc85757ade34a52a9e5379ffa5968f084b7e404939a8033a0fc698e26211754b9b2c04cf8a1420abe6e986ef1a238bbb91dd402b72e0ed50a876f1a83e
curve = secp521r1
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 391
# CVE-2017-10176: Issue with elliptic curve addition
private = 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913863f7
public = 30819b301006072a8648ce3d020106052b81040023038186000400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650
result = valid
shared = 01bc33425e72a12779eacb2edcc5b63d1281f7e86dbc7bf99a7abd0cfe367de4666d6edbb8525bffe5222f0702c3096dec0884ce572f5a15c423fdf44d01dd99c61d
curve = secp521r1
# This test vector leads to an EC point multiplication where an intermediate
# result can be the point at infinity, if addition-subtraction chains are used
# to speed up the point multiplication.
# tcId = 392
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b810400230381860004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp521r1
# tcId = 393
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b810400230381860004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp521r1
# tcId = 394
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
result = invalid
shared =
curve = secp521r1
# tcId = 395
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
result = invalid
shared =
curve = secp521r1
# tcId = 396
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b810400230381860004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp521r1
# tcId = 397
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b810400230381860004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp521r1
# tcId = 398
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
result = invalid
shared =
curve = secp521r1
# tcId = 399
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
result = invalid
shared =
curve = secp521r1
# tcId = 400
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp521r1
# tcId = 401
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp521r1
# tcId = 402
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
result = invalid
shared =
curve = secp521r1
# tcId = 403
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
result = invalid
shared =
curve = secp521r1
# tcId = 404
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp521r1
# tcId = 405
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001
result = invalid
shared =
curve = secp521r1
# tcId = 406
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
result = invalid
shared =
curve = secp521r1
# tcId = 407
# point is not on curve
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 30819b301006072a8648ce3d020106052b81040023038186000401ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
result = invalid
shared =
curve = secp521r1
# tcId = 408
private = 1c6cafb74e2a50c82c7a63d13294bfea113f271e01ae305f79af43203cd32115ecdf2fee5fedba2ad3126783db0c3c4d3029a14369e8f80dbd15d512f13e51c503c
public = 3015301006072a8648ce3d020106052b81040023030100
result = invalid
shared =
curve = secp521r1
# tcId = 409
# public point not on curve
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30819b301006072a8648ce3d020106052b81040023038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fe1
result = invalid
shared =
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 410
# public point = (0,0)
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30819b301006072a8648ce3d020106052b810400230381860004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared =
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 411
# order =
# -6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820245308201b806072a8648ce3d0201308201ab020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd166500242fe000000000000000000000000000000000000000000000000000000000000000005ae79787c40d069948033feb708f65a2fc44a36477663b851449048e16ec79bf7020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = invalid
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 412
# order = 0
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 308202043082017706072a8648ce3d02013082016a020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650020100020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = invalid
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 413
# order = 1
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 308202043082017706072a8648ce3d02013082016a020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650020101020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 414
# order =
# 1598335257761788022467377781654101148543282249044465229239888363328190330275719844327554513312228302828260696579553960150541916632196023208175974174
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820241308201b406072a8648ce3d0201308201a7020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650023e01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 415
# generator = (0,0)
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820245308201b806072a8648ce3d0201308201ab020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f0004818504000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 416
# generator not on curve
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820245308201b806072a8648ce3d0201308201ab020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16652024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 417
# cofactor = -1
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820245308201b806072a8648ce3d0201308201ab020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913864090201ff038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = invalid
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 418
# cofactor = 0
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820245308201b806072a8648ce3d0201308201ab020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409020100038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = invalid
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 419
# cofactor = 2
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820245308201b806072a8648ce3d0201308201ab020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409020102038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 420
# cofactor =
# 6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820286308201f906072a8648ce3d0201308201ec020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = invalid
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 421
# cofactor = None
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820242308201b506072a8648ce3d0201308201a8020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff308187044201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f000481850400c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 422
# modified prime
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820244308201b706072a8648ce3d0201308201aa020101304d06072a8648ce3d0101024201e99d17d498f3c68ed8e50430ec4f36c14dbeeaf7652e985636bf0548ffb981e9e011607fd0059cd4fe51e882f19a3839ebe7f1d7376cb761431b214ed76970cc0130818604411662e82b670c3971271afbcf13b0c93eb24115089ad167a9c940fab700467e161fee9f802ffa632b01ae177d0e65c7c614180e28c893489ebce4deb128968f33fb044151953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f0004818504000000000000000000000000000000000000000000000a14517cc6b91f8000000000000000000000000000000000000000000000000000000000000000000000032c006b0f530bec5bed532357d436727699f0e3c5b9366f1a435be640b97cd43d937655b1f157c7d0c7df25011fef7c3ab7d8e556e6125b59b847fcdd89a4051796a797024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e913864090201010381860004000000000000000000000000000000000000000000000a14517cc6b91f8000000000000000000000000000000000000000000000000000000000000000000000032c006b0f530bec5bed532357d436727699f0e3c5b9366f1a435be640b97cd43d937655b1f157c7d0c7df25011fef7c3ab7d8e556e6125b59b847fcdd89a4051796a797
result = invalid
shared = 00ebef6771455911ee573c183e990f7086650f9bafdb722c896751bd2c0f87959c78a39382d10fdfb46fd3515c8feb590943dd79778b13adbc7f670ba2a009753483
curve = secp521r1
# The modulus of the public key has been modified. The public point of the
# public key has been chosen so that it is both a point on both the curve of the
# modified public key and the private key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 423
# using secp224r1
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf
result = invalid
shared =
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 424
# using secp256r1
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39
result = invalid
shared =
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 425
# using secp256k1
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838
result = invalid
shared =
curve = secp521r1
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# tcId = 426
# a = 0
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 308202033082017606072a8648ce3d020130820169020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3046040100044109a88e6f050cfefa0b49fac45689b6b93ad4fa3b65db7d2f4cb31b67fe056a100066dd80dc5f785d27f82e3369eb22ab2c5729a9e5d9906a1dc31e02f84026484a0481850400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409020101038186000400c2a43ac3742b09e006c2dfc9c36444d7e699f567a73f674ce257330b312dd7a8a04fbe92d1d9acbcc65f6184711ada5bf39f6e11e0cbde98f1640d099eb90dfce701802d7755c2fe3180848d4a70b170096ec64eba99b478ba7f6fc129b0566279b8e1ab7962fa912fc4ae53b5202a03520617843dc63e5cb5f956ec7f1453d0865fdf
result = acceptable
shared = 00fb8542487cbd45e609632f681db6b48fdabed9b97a2467a34205eadadad9dedb54a2a647d23dca68e929a2041888b091f4bb4023a0517be669a6c9f9c847ef89de
curve = secp521r1
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 427
# public key of order 3
private = 1396a99a337821d8c92d75f562793c70afa4074ae5e6dad2bd2cc6aea8f36f6c45ddde73931440d229f340093ab8c6fb3f20d20999a37371fe92104692136d019b7
public = 30820244308201b706072a8648ce3d0201308201aa020101304d06072a8648ce3d0101024201ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff30818604417af4d9fe89294169daf9b160f39a91e120a861b73b3b76e7dc745fb0db95f971ee0ccd362449d3802622e716c7a8252adbdaddbccd2c623bb0c97f437490317df2044111a7799ad8e7166fa74133f989d562e50415238e23c826974fdfa7a72251416b496215439ba73718ccb0616ff9f843550900acb6af5c15d30a7e92c59c1a638c0c0481850401583fa37fa9816eb3cfdcf0dea0b50d09bfd22bff366051f05de03daa4efdbd85a01af7e490d24ad2f1d1f58b1f8f0619ac48c2f46cd4497de599c1aa546b6408d2006bc40579920af44644406cce075c2f0d71534b5a090a208d1324cc360932b1a5a98a3c3144c3b713ce0625365a926c2fc43f578a15e82cb6eb7923ce2b4ddad062024201fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409020101038186000401583fa37fa9816eb3cfdcf0dea0b50d09bfd22bff366051f05de03daa4efdbd85a01af7e490d24ad2f1d1f58b1f8f0619ac48c2f46cd4497de599c1aa546b6408d201943bfa866df50bb9bbbf9331f8a3d0f28eacb4a5f6f5df72ecdb33c9f6cd4e5a5675c3cebb3c48ec31f9dac9a56d93d03bc0a875ea17d3491486dc31d4b2252f9d
result = invalid
shared = 01bca56f9c0ade0485006f1bcfc7a95a95dcad50e8768483cf97de9ecc89de4f0abae22895b3deb6b088bd7f2596fd7d1c0d5ea84789d3e110e1e4c3de75b0b92750
curve = secp521r1
# The vector contains a weak public key. The curve is not a named curve, the
# public key point has order 3 and has been chosen to be on the same curve as
# the private key. This test vector is used to check ECC implementations for
# missing steps in the verification of the public key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key if the public point is on the curve of the private key.
# Generating a shared secret other than the one with the original key likely
# indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 428
# Public key uses wrong curve: secp224r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 304e301006072a8648ce3d020106052b81040021033a0004af6dd5b71a8c1cf921e36854ae091aaa589d337e740e8579f816eb9e36b03eec5cf956d0fdd2fc1687335507fc1c4a5717d3b5b8ea8340d1
result = invalid
shared =
curve = secp521r1
# tcId = 429
# Public key uses wrong curve: secp256r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000453366db79b320781936df61bb55d4499949d813ee5abaa5dda70da4f97f68228ccc69d7cd0b7266cfc28d0dcafdf3e83738cc611acb08f8b896c4ecf82dd65ae
result = invalid
shared =
curve = secp521r1
# tcId = 430
# Public key uses wrong curve: secp384r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 3076301006072a8648ce3d020106052b8104002203620004aa45c13ce3cfea8538422712903edc0ce56df74ede0776e843555a786f9738de1943dffd729addfd4772169751d7765a45b5bb540a47d198f4c8c7c21e67560c1e12f70b64520109bb8858a3f8d6bb4012003431db0778633313fdb9464c47ec
result = invalid
shared =
curve = secp521r1
# tcId = 431
# Public key uses wrong curve: secp256k1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 3056301006072a8648ce3d020106052b8104000a0342000475e01a1555380be188d69aac340a4675e4a6f73d63976a1075249827d8ecc2a31e65ed1eb591954e33a38f68ef8aa6c930229d8755e53257602b3eaa87de6f02
result = invalid
shared =
curve = secp521r1
# tcId = 432
# Public key uses wrong curve: brainpoolP224r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 3052301406072a8648ce3d020106092b2403030208010105033a0004905a06d5bc093697155aaff67305976a769b904d8db9573c4be361626def2ffe1d5ec14462c02e5ffb24fb3edb2b6c77a5cfee2492db757b
result = invalid
shared =
curve = secp521r1
# tcId = 433
# Public key uses wrong curve: brainpoolP256r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 305a301406072a8648ce3d020106092b2403030208010107034200042b87df1b6a5cbc4c4a184b7eec9b6c0483f7b80e6477b29649630c37481876bb0e3423f7a00d469320b7e60c88370979064efb9ceb8b387aa87a7c6941ccd9ed
result = invalid
shared =
curve = secp521r1
# tcId = 434
# Public key uses wrong curve: brainpoolP320r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 306a301406072a8648ce3d020106092b24030302080101090352000470df62394ee036eefbc8ef11a9a5f3a8af659016f29e7125e52cfda0a74e52c7b21d18ac4375f5e4164c5338fa2f545a3fb2022f0e0686d5b4882958f72b1bb626e37093e3f19673968c237823327fd6
result = invalid
shared =
curve = secp521r1
# tcId = 435
# Public key uses wrong curve: brainpoolP384r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 307a301406072a8648ce3d020106092b240303020801010b03620004808dc7b1c6d3ec470a7fe5d6144c9c3a8c92b116103aa2edbfce0b2c827312eebcd1350d09a739eac901af341487861b195270f671e0a758deb23222db4fe7983d42a785b35fd158344cd6483c4da5b409e77d0a284dfa9c3e0d91a4d275fce9
result = invalid
shared =
curve = secp521r1
# tcId = 436
# Public key uses wrong curve: brainpoolP512r1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 30819b301406072a8648ce3d020106092b240303020801010d0381820004aa11b560dc1e572f2374e5869210304d66d95b1d8ce40940157f5f5b4a7dc8a340f7c305d6bea289f5c430eb888e2a03528336aaf4680d9d153cd162e2229df330425025df2625b147568927f6acf704e4936f8989ff9d44f33ee22196e70dfd8711e8934d8d42abb4b67afcfee213c3ad5e5c83fcf4283d253d6c5c0e581970
result = invalid
shared =
curve = secp521r1
# tcId = 437
# Public key uses wrong curve: brainpoolP224t1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 3052301406072a8648ce3d020106092b2403030208010106033a00048d7a746de095728a8d83219e587040cb6e794d088ab6eab426638202579850b0f235edcf4eb8adcb51bf41878f6b71a1f2d4101022964340
result = invalid
shared =
curve = secp521r1
# tcId = 438
# Public key uses wrong curve: brainpoolP256t1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 305a301406072a8648ce3d020106092b24030302080101080342000424ad316bf41e4102dd7ae16311b64464df2d13ea68a11dd27a4445ed900962180ff8c627ed73f0c667863ee3a671e6ed1fa2781b51a229ee2cd21fbf69437d60
result = invalid
shared =
curve = secp521r1
# tcId = 439
# Public key uses wrong curve: brainpoolP320t1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 306a301406072a8648ce3d020106092b240303020801010a03520004548ce4997cc618800d3834dd4b3346e4559be066ab5d0cecd7123c4de940c168fecd3bae067fe3fc7aee875c9da0a86932f0779f42344470860c22dbc6f305eab792fc0874157e175c7d3c4d3bf54c4b
result = invalid
shared =
curve = secp521r1
# tcId = 440
# Public key uses wrong curve: brainpoolP384t1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 307a301406072a8648ce3d020106092b240303020801010c036200044fc2b35e3019a57a8ca6efe2ec1f72072c599a78c2725f7cfc2d9edf220b5f6abdb0c0d8d160182de451e26bcbb4e8c18726263e21ce56fb4bafaa1f186c745e2c8392ef8c5a1c03f5462ebbbcde0ffcc31e9a0b3e898ddb9c1c79e420fd7a35
result = invalid
shared =
curve = secp521r1
# tcId = 441
# Public key uses wrong curve: brainpoolP512t1
private = 2b0d77cd5c47890a52612fc9b38d804266b9784abca2b94de99bdc67475aecc2abc31e72a6dada0cf1d4d776b002c8d2dbd601ab8a0cae4157370846b20e8dd657
public = 30819b301406072a8648ce3d020106092b240303020801010e03818200047122f743122681ac73b0d611af86847d8bec654cf99e7eaf5d4f684e4078a8e61dc6d07e831ad02cd40d41dbdb6b0e877d960b78a5ac34c1e6ce7c483503d6de2eaddeffbfb3f144d29d13535a05815934186707146e45f64476bbdbc8645be973270a4c5e35d70ffd5eab2f08d1fb04762bc8aa80e999da14f744be9ff8c923
result = invalid
shared =
curve = secp521r1
# tcId = 442
# invalid public key
private = 1c1fb2cac9087a3397814b198a80e2ea5b437aac1b41e8a2bd8fef8700e4812aa817320e6e1e3865bd2cf75e43a78be5c27ff1c4b5f5019333cb37d0c9c4ff3ec61
public = 3058301006072a8648ce3d020106052b810400230344000200429cb431c18f5f4e4e502f74214e6ac5ec2c3f86b830bac24de95feae142ca7d9aa8aa5b34f55af4b2848f2e6ba6df4c3ecd401a1d7b2a8287a332b202196fadbb
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 443
# public key is a low order point on twist
private = 6619644155c449758f65e2dfe7ba89dee1e090c1d68b6342f43cb1ac000090a7f0408138c1de217990bb015cd1d95f1d884cf659f7324f2fe21eeba63ea988aacd
public = 3058301006072a8648ce3d020106052b81040023034400020108cbf3c9bf8e42135d87127556831076d84d5e549e645afda8a099249231b59b6c508dee4e91c9a543e90ebc82613f86cb1290e29102a0f2fdeb57bf4193fb4639
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 444
# public key is a low order point on twist
private = 0a257d97aa4e5195e2919c147c1639bb0da0cce479a036489006b7b8e7e885096066e5adc8fe7c45940c5a6b94d5065b966a45f099a0cecfe9cce1b3e99dca479f2
public = 3058301006072a8648ce3d020106052b8104002303440003011f2dca6b686e2141c11822e2d5439261583ce98cd6c4041c6d1be9e17dee33ea4a65c3e8cca6de50a30a39c788a585f1188bef0680a9c0264b3c8dcf494d0eb948
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 445
# public key is a low order point on twist
private = 0a257d97aa4e5195e2919c147c1639bb0da0cce479a036489006b7b8e7e885096066e5adc8fe7c45940c5a6b94d5065b966a45f099a0cecfe9cce1b3e99dca479f3
public = 3058301006072a8648ce3d020106052b8104002303440002011f2dca6b686e2141c11822e2d5439261583ce98cd6c4041c6d1be9e17dee33ea4a65c3e8cca6de50a30a39c788a585f1188bef0680a9c0264b3c8dcf494d0eb948
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 446
# public key is a low order point on twist
private = 6619644155c449758f65e2dfe7ba89dee1e090c1d68b6342f43cb1ac000090a7f0408138c1de217990bb015cd1d95f1d884cf659f7324f2fe21eeba63ea988aacc
public = 3058301006072a8648ce3d020106052b81040023034400030108cbf3c9bf8e42135d87127556831076d84d5e549e645afda8a099249231b59b6c508dee4e91c9a543e90ebc82613f86cb1290e29102a0f2fdeb57bf4193fb4639
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 447
# public key is a low order point on twist
private = 2a35258787f91ad0bd3432c3022e4d3ed349c8768a7e7caa1836022fc0c89a9073f6ce14d0990d5b7bb413061c7160e7bd566a5c89f14901b2cc19f1ad531f41e2
public = 3058301006072a8648ce3d020106052b81040023034400020009cc73141cf1843d2b2c95dc5cbc4d615c6da4814c1c7208615d8e78c7a8666aba1852faaa45a45d32bd0fde6ea78f262a96bf1e02949cea48c33c695103683048
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 448
# public key is a low order point on twist
private = 1afe5c77a626161fb2c25964c7895b9fff787099db83f077f05a4bfa320fb61f9315bb44d3fb9dd72225d9d993a18df82ac53fb4a5f86b23cb650e5e4778066f677
public = 3058301006072a8648ce3d020106052b81040023034400030047b9cf28e04b38796858545d60d6133fbdc20ede086e5d95111c982b8c276628235e536c075637a97c0a6c30d02b83b19e578203473eea16dfdeaeccb1dc0d9b19
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 449
# public key is a low order point on twist
private = 24ae709e1644e3087b52470c565268becbdbf97de59916763507d109c2e5b7c21727c64e9b560aa248d7bc9fe0ac95720d507263b7b2859b056ea165301cd599d5
public = 3058301006072a8648ce3d020106052b810400230344000300c18410f5727ee0101a52ef95c0ac455cbc65bf9967f0a2c419aa0a291cabad569f2337e102d0a9128f4212dbf9fa9e5a8f14ca7f28e82977281facdd9ca7a92c78
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 450
# public key is a low order point on twist
private = 24ae709e1644e3087b52470c565268becbdbf97de59916763507d109c2e5b7c21727c64e9b560aa248d7bc9fe0ac95720d507263b7b2859b056ea165301cd599d6
public = 3058301006072a8648ce3d020106052b810400230344000200c18410f5727ee0101a52ef95c0ac455cbc65bf9967f0a2c419aa0a291cabad569f2337e102d0a9128f4212dbf9fa9e5a8f14ca7f28e82977281facdd9ca7a92c78
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 451
# public key is a low order point on twist
private = 1afe5c77a626161fb2c25964c7895b9fff787099db83f077f05a4bfa320fb61f9315bb44d3fb9dd72225d9d993a18df82ac53fb4a5f86b23cb650e5e4778066f678
public = 3058301006072a8648ce3d020106052b81040023034400020047b9cf28e04b38796858545d60d6133fbdc20ede086e5d95111c982b8c276628235e536c075637a97c0a6c30d02b83b19e578203473eea16dfdeaeccb1dc0d9b19
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 452
# public key is a low order point on twist
private = 2a35258787f91ad0bd3432c3022e4d3ed349c8768a7e7caa1836022fc0c89a9073f6ce14d0990d5b7bb413061c7160e7bd566a5c89f14901b2cc19f1ad531f41e1
public = 3058301006072a8648ce3d020106052b81040023034400030009cc73141cf1843d2b2c95dc5cbc4d615c6da4814c1c7208615d8e78c7a8666aba1852faaa45a45d32bd0fde6ea78f262a96bf1e02949cea48c33c695103683048
result = invalid
shared =
curve = secp521r1
# The point in the public key is compressed. Not every library supports points
# in compressed format.