blob: f4ccd5a332b9af82a4bd656c5c3eb7182d086d8f [file] [log] [blame]
# Imported from Wycheproof's ecdh_test.json.
# This file is generated by convert_wycheproof.go. Do not edit by hand.
#
# Algorithm: ECDH
# Generator version: 0.4.6
[curve = secp224r1]
[encoding = asn]
# tcId = 1
# normal case
curve = secp224r1
private = 565577a49415ca761a0322ad54e4ad0ae7625174baf372c2816f5328
public = 304e301006072a8648ce3d020106052b81040021033a00047d8ac211e1228eb094e285a957d9912e93deee433ed777440ae9fc719b01d050dfbe653e72f39491be87fb1a2742daa6e0a2aada98bb1aca
result = valid
shared = b8ecdb552d39228ee332bafe4886dbff272f7109edf933bc7542bd4f
# tcId = 2
# compressed public key
curve = secp224r1
private = 565577a49415ca761a0322ad54e4ad0ae7625174baf372c2816f5328
public = 3032301006072a8648ce3d020106052b81040021031e00027d8ac211e1228eb094e285a957d9912e93deee433ed777440ae9fc71
result = acceptable
shared = b8ecdb552d39228ee332bafe4886dbff272f7109edf933bc7542bd4f
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 3
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a00045763fa2ae16367ad23d471cc9a52466f0d81d864e5640cefe384114594d9fecfbed4f254505ac8b41d2532055a07f0241c4818b552cbb636
result = valid
shared = 00000000000000000000000100000000000000000000000000000001
# tcId = 4
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004142c1fd80fa2121a59aa898144084ec033f7a56a34eee0b499e29ae51c6d8c1bbb1ef2a76d565899fe44ffc1207d530d7f598fb77f4bb76b
result = valid
shared = 00000000000000ffffffffffffff0000000000000100000000000000
# tcId = 5
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004ed6f793e10c80d12d871cf8988399c4898a9bf9ffd8f27399f63de25f0051cdf4eec7f368f922cfcd948893ceca0c92e540cc4367a99a66a
result = valid
shared = 00000000ffffffffffffffff00000000000000010000000000000000
# tcId = 6
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a000408fcfc1a63c82860be12e4137433dfc40be9acdd245f9a8c4e56be61a385fc09f808383383f4b1d0d5365b6e5dcfacdc19bc7bcfed221274
result = valid
shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff
# tcId = 7
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004d883ed77f1861e8712800d31df67888fe39f150c79a27aa88caeda6b180f3f623e2ff3ab5370cf8179165b085af3dd4502850c0104caed9a
result = valid
shared = 0003fffffff00000003fffffff00000003fffffff000000040000000
# tcId = 8
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a00042b8b279b85ee3f3d2c0abeb36fdfc5aad6157d652d26489381a32cd73224bd757ef794acc92b0b3b9e7990618bb343a9a09bdb9d3616eff6
result = valid
shared = 01fffffffc00000007fffffff00000001fffffffc000000080000001
# tcId = 9
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004a281ad992b363597ac93ff0de8ab1f7e51a6672dcbb58f9d739ba430ce0192874038daefc3130eec65811c7255da70fea65c1003f6892faa
result = valid
shared = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff
# tcId = 10
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004be3e22133f51203f631b81dde8c020cdea5daa1f99cfc05c88fad2dc0f243798d6e72d1de9e3cdca4144e0a6c0f2a584d07589006972c197
result = valid
shared = fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0008001
# tcId = 11
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004af14547c20afbd91bfe64ea03d45a76a71241f23520ef897ff91eff1b54ca6ca8c25fd73852ec6654617434eff7f0225684d4dea7a4f8a97
result = valid
shared = ffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff
# tcId = 12
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004b1e484925018729926acda56ff3e2f6c1e7e8f162b178d8e8afb45564fceaa6da5d998fe26b6b26a055169063a5ab6908852ca8b54e2de6c
result = valid
shared = fffff0000007fffffe000000ffffffc000001ffffff8000003ffffff
# tcId = 13
# edge cases for shared secret
curve = secp224r1
private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6
public = 304e301006072a8648ce3d020106052b81040021033a0004937eb09fb145c8829cb7df20a4cbeed396791373de277871d6c5f9cc3b5b4fd56464a71fc4a2a6af3bd251952bffa829489e68a8d06f96b6
result = valid
shared = ffffffff00000000ffffffff00000000ffffffff00000000ffffffff
# tcId = 14
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004000000000000000000000001000000000000000000000000000000012ea2f4917bdfdb008306cc10a18e2557633ba861001829dcbfb96fba
result = valid
shared = be1ded8cb7ff8a585181f96d681e31b332fe27dcae922dca2310300d
# tcId = 15
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000ffffffffffffff000000000000010000000000000073ca5f8f104997a2399e0c7f25e72a75ec29fc4542533d3fea89a33a
result = valid
shared = a2e86a260e13515918a0cafdd87855f231b5624c560f976159e06a75
# tcId = 16
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000400000000ffffffffffffffff000000000000000100000000000000006fe6805f59b19b0dd389452a1d4a420bfeb6c369cf6fed5b12e6e654
result = valid
shared = 31ef7c8d10404a0046994f313a70574b027e87f9028eca242c1b5bf5
# tcId = 17
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff77c5cfa4e2c384938d48bd8dd98f54c86b279f1df8c0a1f6692439c9
result = valid
shared = d1976a8ef5f54f24f5a269ad504fdca849fc9c28587ba294ef267396
# tcId = 18
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00040003fffffff00000003fffffff00000003fffffff00000004000000001f0828136016bb97445461bc59f2175d8d23557d6b9381f26136e3d
result = valid
shared = ce7890d108ddb2e5474e6417fcf7a9f2b3bd018816062f4835260dc8
# tcId = 19
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a000401fffffffc00000007fffffff00000001fffffffc0000000800000012d8acca6f199d4a94b933ba1aa713a7debde8ac57b928f596ae66a66
result = valid
shared = 30b6ff6e8051dae51e4fe34b2d9a0b1879153e007eb0b5bdf1791a9c
# tcId = 20
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a00047fffffffffffffffffffffffffffffffffffffffffffffffffffffff7d8dbca36c56bcaae92e3475f799294f30768038e816a7d5f7f07d77
result = valid
shared = 73bd63bd384a0faafb75cfed3e95d3892cbacf0db10f282c3b644771
# tcId = 21
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc000800174f1ff5ea7fbc72b92f61e06556c26bab84c0b082dd6400ca1c1eb6d
result = valid
shared = 85b079c62e1f5b0fd6841dfa16026e15b641f65e13a14042567166bb
# tcId = 22
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004ffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0126fdd5fccd0b5aa7fd5bb5b1308584b30556248cec80208a2fe962
result = valid
shared = 8a834ff40e3fc9f9d412a481e18537ea799536c5520c6c7baaf12166
# tcId = 23
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004fffff0000007fffffe000000ffffffc000001ffffff8000003ffffff20cfa23077acc9fbcb71339c65880cd0b966b8a9497e65abed17f0b5
result = valid
shared = a0887269766e6efcbc81d2b38f2d4638663f12377468a23421044188
# tcId = 24
# edge cases for ephemeral key
curve = secp224r1
private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969
public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffff00000000ffffffff00000000ffffffff00000000ffffffff1c05ac2d4f10b69877c3243d51f887277b7bf735c326ab2f0d70da8c
result = valid
shared = c65d1911bc076a74588d8793ce7a0dcabf5793460cd2ebb02754a1be
# tcId = 25
# edge case private key
curve = secp224r1
private = 3
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = e71f2157bfe37697ea5193d4732dcc6e5412fa9d38387eacd391c1c6
# tcId = 26
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffffffffffffffffffffffff
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = fa2664717c7fa0161ec2c669b2c0986cdc20456a6e5406302bb53c77
# tcId = 27
# edge case private key
curve = secp224r1
private = 1000000000000000000000000000000000000000000000000000000
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = af6e5ad34497bae0745f53ad78ce8b285d79f400d5c6e6a071f8e6bd
# tcId = 28
# edge case private key
curve = secp224r1
private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 12fd302ff8c13c55a9c111f8bb6b0a13ecf88299c0ae3032ce2bcaff
# tcId = 29
# edge case private key
curve = secp224r1
private = 080000000000000000000000000000000000000000000000000000000
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 73f1a395b842f1a6752ae417e2c3dc90cafc4476d1d861b7e68ad030
# tcId = 30
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03d13dd29455c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = b329c20ddb7c78ee4e622bb23a984c0d273ba34b6269f3d9e8f89f8e
# tcId = 31
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13cd29455c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 6f48345209b290ffc5abbe754a201479e5d667a209468080d06197b4
# tcId = 32
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13d529455c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 9f6e30c1c9dad42a153aacd4b49a8e5c721d085cd07b5d5aec244fc1
# tcId = 33
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29445c5c2a3d
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 8cadfb19a80949e61bd5b829ad0e76d18a5bb2eeb9ed7fe2b901cecd
# tcId = 34
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c29b7
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 475fd96e0eb8cb8f100a5d7fe043a7a6851d1d611da2643a3c6ae708
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 35
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a37
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 41ef931d669d1f57d8bb95a01a92321da74be8c6cbc3bbe0b2e73ebd
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 36
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3a
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = e71f2157bfe37697ea5193d4732dcc6e5412fa9d38387eacd391c1c6
# tcId = 37
# edge case private key
curve = secp224r1
private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3b
public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504
result = valid
shared = 11ff15126411299cbd49e2b7542e69e91ef132e2551a16ecfebb23a3
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 38
# public point not on curve
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 304e301006072a8648ce3d020106052b81040021033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5d
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 39
# public point = (0,0)
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 40
# order = -26959946667150639794667015087019625940457807714424391721682722368061
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021dff0000000000000000000000000000e95d1f470fc1ec22d6baa3a3d5c3020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 41
# order = 0
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3081f73081b806072a8648ce3d02013081ac020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34020100020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 42
# order = 1
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3081f73081b806072a8648ce3d02013081ac020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34020101020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 43
# order = 6277101735386680763835789423207665314073163949517624387909
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3082010f3081d006072a8648ce3d02013081c4020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021900ffffffffffffffffffffffffffff16a2e0b8f03e13dd2945020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 44
# generator = (0,0)
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb40439040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 45
# generator not on curve
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e36021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 46
# cofactor = -1
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d0201ff033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 47
# cofactor = 0
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020100033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 48
# cofactor = 2
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020102033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 49
# cofactor =
# 26959946667150639794667015087019625940457807714424391721682722368061
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3082012f3081f006072a8648ce3d02013081e4020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 50
# cofactor = None
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201103081d106072a8648ce3d02013081c5020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 51
# modified prime
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00c123da0a46a971da9468161e61a5c71a02e6c9bdb3392f4016fb457b303c041c3edc25f5b9568e256b97e9e19e5a38e4fd1936424cc6d0bfe904ba83041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904000000000000000000285145f31ae4d40000000000000000000003387edad63d1a600740ce66b6f04d67ed06ea1a75c16294336ed05b3fa3021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004000000000000000000285145f31ae4d40000000000000000000003387edad63d1a600740ce66b6f04d67ed06ea1a75c16294336ed05b3fa3
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The modulus of the public key has been modified. The public point of the
# public key has been chosen so that it is both a point on both the curve of the
# modified public key and the private key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 52
# using secp256r1
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 53
# using secp256k1
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 54
# a = 0
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 3081f83081b906072a8648ce3d02013081ad020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff0000000000000000000000013021040100041cd0d5e347a38ce5b6e1f47edddd8a223bca45d2015de76ec835a4df57043904a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b
result = acceptable
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 55
# public key of order 3
curve = secp224r1
private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2
public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041c638e13764a07715dd0f3dc73c3b96a57d7edf087edd548055acba86d041cc9a6db972cff80f0a883ee0ea939544a707b32284b77b79c72118f390439043afa3ffd1cb3be8625468884aad7a07f33de1cfd74b06a060142a7d7470e6fb68cd0695a6c52b98246f92030ff4cdeb97dc90591eee1a1f0021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a00043afa3ffd1cb3be8625468884aad7a07f33de1cfd74b06a060142a7d7b8f19049732f96a593ad467db906dfce00b321468236fa6e111e5e11
result = invalid
shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7
# The vector contains a weak public key. The curve is not a named curve, the
# public key point has order 3 and has been chosen to be on the same curve as
# the private key. This test vector is used to check ECC implementations for
# missing steps in the verification of the public key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 56
# Public key uses wrong curve: secp256r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ea36cf70fab75684eabe6569ce623db0deaa8c95f61c8be50b8b9f3eb7d4b9ec48d9e4814f4cb1c286589eaaa990d3f3238b2d6d6be964abfad964824b653376
result = invalid
shared =
# tcId = 57
# Public key uses wrong curve: secp384r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3076301006072a8648ce3d020106052b81040022036200044b2470ad3d13269c10a17d222ebdffbd61fb04488db1b1d7caef8d4988b7bb8ba6d81857a05b255232b9e37a30e328bb9d9c42d86096f2bcee3d258cfe208d2fd03cbd5ccc6a3bb8ce4b0efa5b059b4afbd0377aa6e274721a57efe8ee85d86a
result = invalid
shared =
# tcId = 58
# Public key uses wrong curve: secp521r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 30819b301006072a8648ce3d020106052b810400230381860004012841a2260f0f1f424865fef275374779bf0355720223f8ec6a9ba767b1603b492f58a6bba1705d882257bc6be1935de4411c5f1fdad44ec65ba8b97ce0e73e1ac90006937832a602147e37c1a42ca2a63629ffc9a35b31bfacb38c6242b42916125f7446b45c718f797259bc3011cb71e868560b331cf7d01139a0643443f9fd7306c1
result = invalid
shared =
# tcId = 59
# Public key uses wrong curve: secp256k1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3056301006072a8648ce3d020106052b8104000a03420004c2199fecf75648c0e952dff143821fa4012b28f90435ce6ee54653687f969a76092a3844e17d478a594f43b28cc10a5c553b4f64906121031c3a79299c70dbd6
result = invalid
shared =
# tcId = 60
# Public key uses wrong curve: brainpoolP224r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3052301406072a8648ce3d020106092b2403030208010105033a00046caa3d6d86f792df7b29e41eb4203150f60f4fca10f57d0b2454abfb201f9f7e6dcbb92bdcfb9240dc86bcaeaf157c77bca22b2ec86ee8d6
result = invalid
shared =
# tcId = 61
# Public key uses wrong curve: brainpoolP256r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 305a301406072a8648ce3d020106092b2403030208010107034200042750180012c3ba7489517d428e4826784e50b50ac42ef7991c61a396c03a52da5e74908ae8a89627a7c15e554b105b0ebaeebcfed10e3ea60223d0a8bc3b36ab
result = invalid
shared =
# tcId = 62
# Public key uses wrong curve: brainpoolP320r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 306a301406072a8648ce3d020106092b2403030208010109035200045b523d3a8f20f6a569c6951e0b8de48d89e7549a184e8506820421c3e404473692cd248d7480843b911d87a87e401112fce0d3d2c36978cf6dd7f1d93bfaebe0827d4bf4006006d3202e842126fe1b68
result = invalid
shared =
# tcId = 63
# Public key uses wrong curve: brainpoolP384r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 307a301406072a8648ce3d020106092b240303020801010b03620004449607c76c6dc7334c269a0ebab5beec83b6c263377ce06ef5c276f45a9916eff85f50438f5f32ced0210a6c414fe5e242c7c1070823f5395b35965bda6758acf84725f11ea836dda7d391fee91342026645241853224a437a6fb74e4cdc871f
result = invalid
shared =
# tcId = 64
# Public key uses wrong curve: brainpoolP512r1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 30819b301406072a8648ce3d020106092b240303020801010d038182000463e7a491240848e4f53ea5fb857d428c493053193e4b0b4f995ac8bf4c56276a507870131a384aa7e236c64cd7a049a1b37e40ad00c3b8a920dcbad6531616356ce1b6e6d96a7d1b693e25e5abd83ab560a3d764bcd49ec98a1b49421163bd5fc5a625f44c91eb4c2984d5a2e51e816ebdee8fbe08364bb14b7ac876990e64d9
result = invalid
shared =
# tcId = 65
# Public key uses wrong curve: brainpoolP224t1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 3052301406072a8648ce3d020106092b2403030208010106033a00047c592ecb8908355d1ebf8d59b3619275dbe3666209b72ced6a3c88740456ce61d6a84e0542d7cd10dd8804afb8c784d5dffd9480d8cfdc95
result = invalid
shared =
# tcId = 66
# Public key uses wrong curve: brainpoolP256t1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 305a301406072a8648ce3d020106092b240303020801010803420004746226a3e005c37ede51828d3375ef91ebd0ff719a380af69d7dfd131b42a3e8917d4a4d573872935a74d1040f1c47d25d6b26f4156cccdcdc11833b9cde433a
result = invalid
shared =
# tcId = 67
# Public key uses wrong curve: brainpoolP320t1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 306a301406072a8648ce3d020106092b240303020801010a035200043298b36825c7bd90ab5157b913d40bbfd732a0de0557e02a2c65a0c223e9a65d62c32462040dd6fe578103023c831caff122c1ed4b8ff7373fa2f08d11c9f4c7f85f81802262ffed9bb82cb6d92eed2d
result = invalid
shared =
# tcId = 68
# Public key uses wrong curve: brainpoolP384t1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 307a301406072a8648ce3d020106092b240303020801010c036200043af2849b981f7e5e6ab936e6abb4f206c1fd5561998df8008bfe98d84173c9f2301cdbd5bffc569c0b5a57ce2a8f4d640f1816475fc6043baa8e5a3453bf327b54cb29c7e54a5f31348969aa94615094dbcd1a8e5c2d630465e45fc556c02194
result = invalid
shared =
# tcId = 69
# Public key uses wrong curve: brainpoolP512t1
curve = secp224r1
private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc
public = 30819b301406072a8648ce3d020106092b240303020801010e038182000453d2506047e72af6d98558e1633ecb7e6a05c37861cd3289455cf41bfbf1703f2e9a83052b8eca7d84cba2f001abd8b978f68b69ed6bd874755c44d347fe302c5760b2078c56b24ebd0dcd99f26b8f8a23044b3767a3d2a306587687a7b00668974674edbf18c3db2f3473a97ee77065fdcdd1a9aa053716a4c504f3d18b9170
result = invalid
shared =
# tcId = 70
# invalid public key
curve = secp224r1
private = 0fc28a0ca0f8e36b0d4f71421845135a22aef543b9fddf8c775b2d18f
public = 3032301006072a8648ce3d020106052b81040021031e00020ca753db5ddeca474241f8d2dafc0844343fd0e37eded2f0192d51b2
result = invalid
shared =
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 71
# long form encoding of length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30814e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 72
# long form encoding of length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f30811006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 73
# long form encoding of length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f30110681072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 74
# long form encoding of length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f301106072a8648ce3d02010681052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 75
# long form encoding of length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f301006072a8648ce3d020106052b8104002103813a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 76
# length contains leading 0
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3082004e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 77
# length contains leading 0
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503082001006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 78
# length contains leading 0
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503012068200072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 79
# length contains leading 0
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d0201068200052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 80
# length contains leading 0
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b810400210382003a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 81
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 82
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 83
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301106072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 84
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e300f06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 85
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006082a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 86
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006062a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 87
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106062b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 88
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106042b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 89
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021033b000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 90
# wrong length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b810400210339000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 91
# uint32 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3085010000004e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 92
# uint32 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30533085010000001006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 93
# uint32 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30533015068501000000072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 94
# uint32 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301506072a8648ce3d0201068501000000052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 95
# uint32 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301006072a8648ce3d020106052b810400210385010000003a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 96
# uint64 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 308901000000000000004e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 97
# uint64 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3057308901000000000000001006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 98
# uint64 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3057301906890100000000000000072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 99
# uint64 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3057301906072a8648ce3d020106890100000000000000052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 100
# uint64 overflow in length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3057301006072a8648ce3d020106052b81040021038901000000000000003a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 101
# length = 2**31 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30847fffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 102
# length = 2**31 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305230847fffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 103
# length = 2**31 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301406847fffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 104
# length = 2**31 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301406072a8648ce3d020106847fffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 105
# length = 2**31 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301006072a8648ce3d020106052b8104002103847fffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 106
# length = 2**32 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3084ffffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 107
# length = 2**32 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30523084ffffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 108
# length = 2**32 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305230140684ffffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 109
# length = 2**32 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301406072a8648ce3d02010684ffffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 110
# length = 2**32 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301006072a8648ce3d020106052b810400210384ffffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 111
# length = 2**40 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3085ffffffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 112
# length = 2**40 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30533085ffffffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 113
# length = 2**40 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305330150685ffffffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 114
# length = 2**40 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301506072a8648ce3d02010685ffffffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 115
# length = 2**40 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301006072a8648ce3d020106052b810400210385ffffffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 116
# length = 2**64 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3088ffffffffffffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 117
# length = 2**64 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30563088ffffffffffffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 118
# length = 2**64 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305630180688ffffffffffffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 119
# length = 2**64 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301806072a8648ce3d02010688ffffffffffffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 120
# length = 2**64 - 1
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301006072a8648ce3d020106052b810400210388ffffffffffffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 121
# incorrect length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30ff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 122
# incorrect length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e30ff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 123
# incorrect length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006ff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 124
# incorrect length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106ff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 125
# incorrect length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b8104002103ff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 126
# indefinite length without termination
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 127
# indefinite length without termination
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e308006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 128
# indefinite length without termination
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006802a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 129
# indefinite length without termination
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106802b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 130
# indefinite length without termination
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b810400210380000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 131
# removing sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public =
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 132
# removing sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 303c033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 133
# lonely sequence tag
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 134
# lonely sequence tag
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 303d30033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 135
# appending 0's to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 136
# appending 0's to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d020106052b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 137
# prepending 0's to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30500000301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 138
# prepending 0's to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503012000006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 139
# appending unused 0's to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 140
# appending unused 0's to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 141
# appending null value to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620500
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 142
# appending null value to sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d020106052b810400210500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 143
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053498177304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 144
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30522500304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 145
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620004deadbeef
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 146
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30533015498177301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 147
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305230142500301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 148
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30563012301006072a8648ce3d020106052b810400210004deadbeef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 149
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30533015260c49817706072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 150
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30523014260b250006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 151
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30563018260906072a8648ce3d02010004deadbeef06052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 152
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301506072a8648ce3d0201260a49817706052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 153
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301406072a8648ce3d02012609250006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 154
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301806072a8648ce3d0201260706052b810400210004deadbeef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 155
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301006072a8648ce3d020106052b81040021233f498177033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 156
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301006072a8648ce3d020106052b81040021233e2500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 157
# including garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301006072a8648ce3d020106052b81040021233c033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620004deadbeef
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 158
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056aa00bb00cd00304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 159
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3054aa02aabb304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 160
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30563018aa00bb00cd00301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 161
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30543016aa02aabb301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 162
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30563018260faa00bb00cd0006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 163
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30543016260daa02aabb06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 164
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301806072a8648ce3d0201260daa00bb00cd0006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 165
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3054301606072a8648ce3d0201260baa02aabb06052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 166
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301006072a8648ce3d020106052b810400212342aa00bb00cd00033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 167
# including undefined tags
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3054301006072a8648ce3d020106052b810400212340aa02aabb033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 168
# truncated length of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3081
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 169
# truncated length of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 303e3081033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 170
# Replacing sequence with NULL
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 0500
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 171
# Replacing sequence with NULL
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 303e0500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 172
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 2e4e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 173
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 2f4e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 174
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 314e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 175
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 324e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 176
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = ff4e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 177
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e2e1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 178
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e2f1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 179
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e311006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 180
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e321006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 181
# changing tag value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304eff1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 182
# dropping value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 183
# dropping value of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 303e3000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 184
# truncate sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 185
# truncate sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 186
# truncate sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d300f06072a8648ce3d020106052b810400033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 187
# truncate sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d300f072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 188
# indefinite length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 189
# indefinite length
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050308006072a8648ce3d020106052b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 190
# indefinite length with truncated delimiter
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da6200
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 191
# indefinite length with truncated delimiter
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f308006072a8648ce3d020106052b8104002100033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 192
# indefinite length with additional element
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da6205000000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 193
# indefinite length with additional element
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052308006072a8648ce3d020106052b8104002105000000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 194
# indefinite length with truncated element
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62060811220000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 195
# indefinite length with truncated element
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3054308006072a8648ce3d020106052b81040021060811220000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 196
# indefinite length with garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000fe02beef
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 197
# indefinite length with garbage
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3054308006072a8648ce3d020106052b810400210000fe02beef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 198
# indefinite length with nonempty EOC
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620002beef
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 199
# indefinite length with nonempty EOC
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052308006072a8648ce3d020106052b810400210002beef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 200
# prepend empty sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503000301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 201
# prepend empty sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503012300006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 202
# append empty sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da623000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 203
# append empty sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d020106052b810400213000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 204
# sequence of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 205
# sequence of sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503012301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 206
# truncated sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3012301006072a8648ce3d020106052b81040021
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 207
# truncated sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3047300906072a8648ce3d0201033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 208
# repeat element in sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30818a301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 209
# repeat element in sequence
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3055301706072a8648ce3d020106052b8104002106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 210
# removing oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3045300706052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 211
# lonely oid tag
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304630080606052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 212
# lonely oid tag
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3048300a06072a8648ce3d020106033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 213
# appending 0's to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206092a8648ce3d0201000006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 214
# appending 0's to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d020106072b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 215
# prepending 0's to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30503012060900002a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 216
# prepending 0's to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d0201060700002b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 217
# appending unused 0's to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d0201000006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 218
# appending null value to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206092a8648ce3d0201050006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 219
# appending null value to oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301206072a8648ce3d020106072b810400210500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 220
# truncated length of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30473009068106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 221
# truncated length of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3049300b06072a8648ce3d02010681033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 222
# Replacing oid with NULL
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30473009050006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 223
# Replacing oid with NULL
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3049300b06072a8648ce3d02010500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 224
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301004072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 225
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301005072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 226
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301007072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 227
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301008072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 228
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e3010ff072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 229
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020104052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 230
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020105052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 231
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020107052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 232
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020108052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 233
# changing tag value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d0201ff052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 234
# dropping value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30473009060006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 235
# dropping value of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3049300b06072a8648ce3d02010600033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 236
# modify first byte of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e30100607288648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 237
# modify first byte of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052981040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 238
# modify last byte of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d028106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 239
# modify last byte of oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b810400a1033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 240
# truncate oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d300f06062a8648ce3d0206052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 241
# truncate oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d300f06068648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 242
# truncate oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d300f06072a8648ce3d020106042b810400033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 243
# truncate oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d300f06072a8648ce3d0201060481040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 244
# wrong oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30513013060a3262306530333032316106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 245
# wrong oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3059301b061236303836343830313635303330343032303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 246
# wrong oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301506072a8648ce3d0201060a32623065303330323161033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 247
# wrong oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305b301d06072a8648ce3d02010612363038363438303136353033303430323031033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 248
# longer oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3057301906103261383634386365336430323031303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 249
# longer oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3055301706072a8648ce3d0201060c326238313034303032313031033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 250
# oid with modified node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 30553017060e326138363438636533643032313106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 251
# oid with modified node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305d301f06163261383634386365336430323838383038303830303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 252
# oid with modified node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3053301506072a8648ce3d0201060a32623831303430303331033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 253
# oid with modified node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 305b301d06072a8648ce3d02010612326238313034303038383830383038303231033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 254
# large integer in oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 306730290620326138363438636533643032383238303830383038303830383038303830303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 255
# large integer in oid
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3065302706072a8648ce3d0201061c32623831303430303832383038303830383038303830383038303231033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 256
# oid with invalid node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3058301a0611326138363438636533643032303165303306052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 257
# oid with invalid node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f301106082a808648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 258
# oid with invalid node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3056301806072a8648ce3d0201060d32623831303430303231653033033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 259
# oid with invalid node
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304f301106072a8648ce3d020106062b8081040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 260
# lonely bit string tag
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3013301006072a8648ce3d020106052b8104002103
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 261
# appending 0's to bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b81040021033c000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 262
# prepending 0's to bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b81040021033c0000000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 263
# appending null value to bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3050301006072a8648ce3d020106052b81040021033c000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620500
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 264
# truncated length of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3014301006072a8648ce3d020106052b810400210381
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 265
# Replacing bit string with NULL
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3014301006072a8648ce3d020106052b810400210500
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 266
# changing tag value of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021013a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 267
# changing tag value of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021023a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 268
# changing tag value of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021043a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 269
# changing tag value of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021053a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 270
# changing tag value of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021ff3a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 271
# dropping value of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3014301006072a8648ce3d020106052b810400210300
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 272
# modify first byte of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021033a020486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 273
# modify last byte of bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3dae2
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 274
# truncate bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d301006072a8648ce3d020106052b810400210339000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 275
# truncate bit string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304d301006072a8648ce3d020106052b8104002103390486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 276
# declaring bits as unused in a bit-string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021033a010486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 277
# unused bits in a bit-string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3052301006072a8648ce3d020106052b81040021033e200486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da6201020304
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 278
# unused bits in empty bit-string
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 3015301006072a8648ce3d020106052b81040021030103
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
# tcId = 279
# 128 unused bits
curve = secp224r1
private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572
public = 304e301006072a8648ce3d020106052b81040021033a800486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62
result = acceptable
shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63
# The public key in this test uses an invalid ASN encoding. Some cases where the
# ASN parser is not strictly checking the ASN format are benign as long as the
# ECDH computation still returns the correct shared value.
[curve = secp256r1]
[encoding = asn]
# tcId = 280
# normal case
curve = secp256r1
private = 612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000462d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f26ac333a93a9e70a81cd5a95b5bf8d13990eb741c8c38872b4a07d275a014e30cf
result = valid
shared = 53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285
# tcId = 281
# compressed public key
curve = secp256r1
private = 612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346
public = 3039301306072a8648ce3d020106082a8648ce3d0301070322000362d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f26
result = acceptable
shared = 53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 282
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000458fd4168a87795603e2b04390285bdca6e57de6027fe211dd9d25e2212d29e62080d36bd224d7405509295eed02a17150e03b314f96da37445b0d1d29377d12c
result = valid
shared = 0000000000000000000000000000000000000000000000000000000000000000
# tcId = 283
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040f6d20c04261ecc3e92846acad48dc8ec5ee35ae0883f0d2ea71216906ee1c47c042689a996dd12830ae459382e94aac56b717af2e2080215f9e41949b1f52be
result = valid
shared = 00000000000000000000000000000000ffffffffffffffffffffffffffffffff
# tcId = 284
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400c7defeb1a16236738e9a1123ba621bc8e9a3f2485b3f8ffde7f9ce98f5a8a1cb338c3912b1792f60c2b06ec5231e2d84b0e596e9b76d419ce105ece3791dbc
result = valid
shared = 0000000000000000ffffffffffffffff00000000000000010000000000000001
# tcId = 285
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004e9b98fb2c0ac045f8c76125ffd99eb8a5157be1d7db3e85d655ec1d8210288cf218df24fd2c2746be59df41262ef3a97d986744b2836748a7486230a319ffec0
result = valid
shared = 00000000ffffffff00000000ffffffff00000000ffffffff0000000100000000
# tcId = 286
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004e9484e58f3331b66ffed6d90cb1c78065fa28cfba5c7dd4352013d3252ee4277bd7503b045a38b4b247b32c59593580f39e6abfa376c3dca20cf7f9cfb659e13
result = valid
shared = 000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff
# tcId = 287
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004767d7fbb84aa6a4db1079372644e42ecb2fec200c178822392cb8b950ffdd0c91c86853cafd09b52ba2f287f0ebaa26415a3cfabaf92c6a617a19988563d9dea
result = valid
shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010001
# tcId = 288
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004f3cb6754b7e2a86d064dfb9f903185aaa4c92b481c2c1a1ff276303bbc4183e49c318599b0984c3563df339311fe143a7d921ee75b755a52c6f804f897b809f7
result = valid
shared = 7fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff
# tcId = 289
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cce13fbdc96a946dfb8c6d9ed762dbd1731630455689f57a437fee124dd54cecaef78026c653030cf2f314a67064236b0a354defebc5e90c94124e9bf5c4fc24
result = valid
shared = 8000000000000000000000000000000000000000000000000000000000000004
# tcId = 290
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047633dfd0ad06765097bc11bd5022b200df31f28c4ff0625421221ac7eeb6e6f4cb9c67693609ddd6f92343a5a1c635408240f4f8e27120c12554c7ff8c76e2fe
result = valid
shared = 8000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000000
# tcId = 291
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004a386ace573f87558a68ead2a20088e3fe928bdae9e109446f93a078c15741f0421261e6db2bf12106e4c6bf85b9581b4c0302a526222f90abc5a549206b11011
result = valid
shared = ff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff
# tcId = 292
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048e7b50f7d8c44d5d3496c43141a502f4a43f153d03ad43eda8e39597f1d477b8647f3da67969b7f989ff4addc393515af40c82085ce1f2ee195412c6f583774f
result = valid
shared = ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff
# tcId = 293
# edge cases for shared secret
curve = secp256r1
private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004c827fb930fd51d926086191b502af83abb5f717debc8de29897a3934b2571ca05990c0597b0b7a2e42febd56b13235d1d408d76ed2c93b3facf514d902f6910a
result = valid
shared = ffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff
# tcId = 294
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000000000000000000000000000000000000000000000066485c780e2f83d72433bd5d84a06bb6541c2af31dae871728bf856a174f93f4
result = valid
shared = cfe4077c8730b1c9384581d36bff5542bc417c9eff5c2afcb98cc8829b2ce848
# tcId = 295
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000ffffffffffffffffffffffffffffffff4f2b92b4c596a5a47f8b041d2dea6043021ac77b9a80b1343ac9d778f4f8f733
result = valid
shared = 49ae50fe096a6cd26698b78356b2c8adf1f6a3490f14e364629f7a0639442509
# tcId = 296
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000ffffffffffffffff0000000000000001000000000000000138120be6ab31edfa34768c4387d2f84fb4b0be8a9a985864a1575f4436bb37b0
result = valid
shared = 5a1334572b2a711ead8b4653eb310cd8d9fd114399379a8f6b872e3b8fdda2d9
# tcId = 297
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000ffffffff00000000ffffffff00000000ffffffff0000000100000000462c0466e41802238d6c925ecbefc747cfe505ea196af9a2d11b62850fce946e
result = valid
shared = c73755133b6b9b4b2a00631cbc7940ecbe6ec08f20448071422e3362f2556888
# tcId = 298
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff1582fa32e2d4a89dfcfb3d0b149f667dba3329490f4d64ee2ad586c0c9e8c508
result = valid
shared = 06fa1059935e47a9fd667e13f469614eb257cc9a7e3fc599bfb92780d59b146d
# tcId = 299
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010001684c8a9586ed6f9cbe447058a7da2108bab1e5e0a60d1f73e4e2e713f0a3dfe0
result = valid
shared = f237df4c10bd3e357971bb2b16b293566b7e355bdc8141d6c92cabc682983c45
# tcId = 300
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff2e2213caf03033e0fd0f7951154f6e6c3a9244a72faca65e9ce9eeb5c8e1cea9
result = valid
shared = 55d0a203e22ffb523c8d2705060cee9d28308b51f184beefc518cff690bad346
# tcId = 301
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000480000000000000000000000000000000000000000000000000000000000000042be8789db81bb4870a9e60c5c18c80c83de464277281f1af1e640843a1a3148e
result = valid
shared = 2518d846e577d95e9e7bc766cde7997cb887fb266d3a6cb598a839fd54aa2f4f
# tcId = 302
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000000722540f8a471c379083c600b58fde4d95c7dcad5095f4219fc5e9bdde3c5cd39
result = valid
shared = bdb49f4bdf42ac64504e9ce677b3ec5c0a03828c5b3efad726005692d35c0f26
# tcId = 303
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff5df80fc6cae26b6c1952fbd00ed174ee1209d069335f5b48588e29e80b9191ad
result = valid
shared = f503ac65637e0f17cb4408961cb882c875e4c6ef7a548d2d52d8c2f681838c55
# tcId = 304
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff2c63650e6a5d332e2987dd09a79008e8faabbd37e49cb016bfb92c8cd0f5da77
result = valid
shared = e3c18e7d7377dc540bc45c08d389bdbe255fa80ca8faf1ef6b94d52049987d21
# tcId = 305
# edge cases for ephemeral key
curve = secp256r1
private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff7a116c964a4cd60668bf89cffe157714a3ce21b93b3ca607c8a5b93ac54ffc0a
result = valid
shared = 516d6d329b095a7c7e93b4023d4d05020c1445ef1ddcb3347b3a27d7d7f57265
# tcId = 306
# edge case private key
curve = secp256r1
private = 3
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 85a0b58519b28e70a694ec5198f72c4bfdabaa30a70f7143b5b1cd7536f716ca
# tcId = 307
# edge case private key
curve = secp256r1
private = 0ffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = a329a7d80424ea2d6c904393808e510dfbb28155092f1bac284dceda1f13afe5
# tcId = 308
# edge case private key
curve = secp256r1
private = 100000000000000000000000000000000000000000000000000000000000000
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = bd26d0293e8851c51ebe0d426345683ae94026aca545282a4759faa85fde6687
# tcId = 309
# edge case private key
curve = secp256r1
private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = ea9350b2490a2010c7abf43fb1a38be729a2de375ea7a6ac34ff58cc87e51b6c
# tcId = 310
# edge case private key
curve = secp256r1
private = 08000000000000000000000000000000000000000000000000000000000000000
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 34eed3f6673d340b6f716913f6dfa36b5ac85fa667791e2d6a217b0c0b7ba807
# tcId = 311
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e83f3b9cac2fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 1354ce6692c9df7b6fc3119d47c56338afbedccb62faa546c0fe6ed4959e41c3
# tcId = 312
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3a9cac2fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = fe7496c30d534995f0bf428b5471c21585aaafc81733916f0165597a55d12cb4
# tcId = 313
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b1cac2fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 348bf8042e4edf1d03c8b36ab815156e77c201b764ed4562cfe2ee90638ffef5
# tcId = 314
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac1fc632551
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 6e4ec5479a7c20a537501700484f6f433a8a8fe53c288f7a25c8e8c92d39e8dc
# tcId = 315
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6324f3
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = f7407d61fdf581be4f564621d590ca9b7ba37f31396150f9922f1501da8c83ef
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 316
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632533
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 82236fd272208693e0574555ca465c6cc512163486084fa57f5e1bd2e2ccc0b3
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 317
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632543
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 06537149664dba1a9924654cb7f787ed224851b0df25ef53fcf54f8f26cd5f3f
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 318
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254b
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = f2b38539bce995d443c7bfeeefadc9e42cc2c89c60bf4e86eac95d51987bd112
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 319
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 85a0b58519b28e70a694ec5198f72c4bfdabaa30a70f7143b5b1cd7536f716ca
# tcId = 320
# edge case private key
curve = secp256r1
private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b
result = valid
shared = 027b013a6f166db655d69d643c127ef8ace175311e667dff2520f5b5c75b7659
# The private key has a special value. Implementations using addition
# subtraction chains for the point multiplication may get the point at infinity
# as an intermediate result. See CVE_2017_10176
# tcId = 321
# CVE-2017-8932
curve = secp256r1
private = 2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882eaf93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad
result = valid
shared = 4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3
# tcId = 322
# CVE-2017-8932
curve = secp256r1
private = 313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd
public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031
result = valid
shared = 831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991
# tcId = 323
# public point not on curve
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3059301306072a8648ce3d020106082a8648ce3d030107034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764c
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 324
# public point = (0,0)
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 325
# order =
# -115792089210356248762697446949407573529996955224135760342422259061068512044369
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f50221ff00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 326
# order = 0
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5020100020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 327
# order = 1
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5020101020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 328
# order = 26959946660873538060741835960514744168612397095220107664918121663170
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5021d00ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The order of the public key has been modified. If this order is used in a
# cryptographic primitive instead of the correct order then private keys may
# leak. E.g. ECDHC in BC 1.52 suffered from this.
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 329
# generator = (0,0)
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b04410400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 330
# generator not on curve
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f7022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 331
# cofactor = -1
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510201ff034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 332
# cofactor = 0
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020100034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 333
# cofactor = 2
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020102034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 334
# cofactor =
# 115792089210356248762697446949407573529996955224135760342422259061068512044369
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201553082010d06072a8648ce3d020130820100020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 335
# cofactor = None
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 336
# modified prime
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200e8bbc1453044042002f6efa55976c9cb06ff16bb629c0a8d4d5143b40084b1a1cc0e4dff17443eb704205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441040000000000000000000006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200040000000000000000000006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The modulus of the public key has been modified. The public point of the
# public key has been chosen so that it is both a point on both the curve of the
# modified public key and the private key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 337
# using secp224r1
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 338
# using secp256k1
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# tcId = 339
# a = 0
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201143081cd06072a8648ce3d02013081c1020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff302504010004201b95c2f46065dbf0f3ff09153e4748ed71595e0774ba8e25c364ff1e6be039b70441041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a
result = acceptable
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# A parameter that is typically not used for ECDH has been modified. Sometimes
# libraries ignore small differences between public and private key. For
# example, a library might ignore an incorrect cofactor in the public key. We
# consider ignoring such changes as acceptable as long as these differences do
# not change the outcome of the ECDH computation, i.e. as long as the
# computation is done on the curve from the private key.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 340
# public key of order 3
curve = secp256r1
private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c
public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff304404207fe51581de0fd5f6a3f08793c6763330d51c6a9c332272132281ed58c314da360420fcf3e76add34e1daa4e8d962604a3bb6075a79da47c6719e389fe4fe37d35250044104bf0bb5f8717a07846f828f91fb493d3850365b7da5b355e76615b07ced174fe16a2542257eb94a12e3703989ee36f5459fb3b5c1028e766ec1b7a0ba39c0ed8a022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63255102010103420004bf0bb5f8717a07846f828f91fb493d3850365b7da5b355e76615b07ced174fe195dabdd98146b5ee1c8fc67611c90aba604c4a3ffd7189913e485f45c63f1275
result = invalid
shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a
# The vector contains a weak public key. The curve is not a named curve, the
# public key point has order 3 and has been chosen to be on the same curve as
# the private key. This test vector is used to check ECC implementations for
# missing steps in the verification of the public key.
# The public key has been modified and is invalid. An implementation should
# always check whether the public key is valid and on the same curve as the
# private key. The test vector includes the shared secret computed with the
# original public key. Generating a shared secret other than the one with the
# original key likely indicates that the bug is exploitable.
# The public key does not use a named curve. RFC 3279 allows to encode such
# curves by explicitly encoding, the parameters of the curve equation, modulus,
# generator, order and cofactor. However, many crypto libraries only support
# named curves. Modifying some of the EC parameters and encoding the
# corresponding public key as an unnamed curve is a potential attack vector.
# tcId = 341
# Public key uses wrong curve: secp224r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 304e301006072a8648ce3d020106052b81040021033a00042af270d2a6030e3dd38cc46e7d719f176c2ca4eb04d7e8b84290c8edbcaed964ebe226b2d7ce17251622804c0d3b7adce020a3cdc97cac6c
result = invalid
shared =
# tcId = 342
# Public key uses wrong curve: secp384r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3076301006072a8648ce3d020106052b81040022036200041f17901e731b06f349b6e9d7d17d45e8a2b46115a47485be16197932db87b39405b5c941b36fd61b9ef7dd20878e129e55a2277099c601dcdb3747f80ad6e166116378e1ebce2c95744a0986128cfeeaac7f90b71787d9a1cfe417cd4c8f6af5
result = invalid
shared =
# tcId = 343
# Public key uses wrong curve: secp521r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 30819b301006072a8648ce3d020106052b81040023038186000400ed76e5888428fad409ff203ab298b0f24827c091939ae0f9b1245d865ac5fbcd2749f9ae6c90fa8e29414d1bc7dc7b3c4aca904cd824484421cc66fe6af43bdfd200c1f790a0b3ae994937f91b6bdb9778b08c83ecadb8cba22a78c37bf565dac164f18e719be0ef890ee5cbf20e17fcfc9a5585e5416470b9862f82fb769339994f4e
result = invalid
shared =
# tcId = 344
# Public key uses wrong curve: secp256k1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3056301006072a8648ce3d020106052b8104000a034200048028d16082b07696d4aa4aab9d6b1f1463435ac097900631108f9888e13da67c4841fd8dd3ced6e7ad8c6fc656621c2f93d3db0eb29d48d1423154519865dbc1
result = invalid
shared =
# tcId = 345
# Public key uses wrong curve: brainpoolP224r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3052301406072a8648ce3d020106092b2403030208010105033a0004a6bae3d155c1f9ca263928c986ede69acefd0dd9b3a19d2b9f4b0a3a66bea5d167318dcc028945fc1b40c60ce716ba2d414a743c6b856a6f
result = invalid
shared =
# tcId = 346
# Public key uses wrong curve: brainpoolP256r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 305a301406072a8648ce3d020106092b2403030208010107034200045d3ddbbb9bc071d8b59855c74bdf3541ae4cb6c1a24ec439034df7abde16a346523edf6a67896b304cb2cd2a083eec2b16935bbc910e85ec6eae38b50230bf70
result = invalid
shared =
# tcId = 347
# Public key uses wrong curve: brainpoolP320r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 306a301406072a8648ce3d020106092b240303020801010903520004a43c6ef2500723d54c1fc88f8844d83445ca5a0f585c10b8eb3f022d47d0e84862b7f5cbf97d352d4348ca730f600f2258d1d192da223f6ba83a7cc0d6da598d55c2b77824d326c8df000b8fff156d2c
result = invalid
shared =
# tcId = 348
# Public key uses wrong curve: brainpoolP384r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 307a301406072a8648ce3d020106092b240303020801010b036200042391c062833d1e6d89ec256cf4a3989534c1ead5e1e14ffae933a53f962857e4713087e1b3d65ac79634c71577af24698b5ce959183835551f7b08aef7853378c299930b360813fd58d5e4da8b37d5a7473e891ee11cb02881bd848b364fb7d5
result = invalid
shared =
# tcId = 349
# Public key uses wrong curve: brainpoolP512r1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 30819b301406072a8648ce3d020106092b240303020801010d038182000484beae85096640953c1fd6ebbc32697263d53f89943cbaf14432061aea8c0318acbd9389ab1d2e904fa0e081d08cfabb614ed9bca618211142d94623c14b476a25e47abf98fd3b1da1417dfc2e2cfc8424b16ea14dd45e1422be7d4e0a5cc7f4d4ab5f198cdbaaa3f642ec6361842cbe869382ee78cd596ff5e740d9ec2c3ad6
result = invalid
shared =
# tcId = 350
# Public key uses wrong curve: brainpoolP224t1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 3052301406072a8648ce3d020106092b2403030208010106033a00042b0a1a858ffc44e7752940731d378f96570837e279ea3948fe00cff8b5f89adb4e2fe6f8781ba6426364f4590b34dd79fc80629de4a86084
result = invalid
shared =
# tcId = 351
# Public key uses wrong curve: brainpoolP256t1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 305a301406072a8648ce3d020106092b2403030208010108034200043037c01b4a5ac53742e3f5528dffb0f010ab6ebeb08d792b32e19e9006ca331a024b67698d7cf4b575ccd9389441d5c640b77c63771cef1bd85675361c6602a4
result = invalid
shared =
# tcId = 352
# Public key uses wrong curve: brainpoolP320t1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 306a301406072a8648ce3d020106092b240303020801010a035200040f0fd972a495a140124a4019291a20f5b39fb755c126bf268643bb3091eca44f2a3cda1dead6ab1f4fe08a4b3872423f71e5bf96b1c20bc0ca73b7e2c134cc14a5f77bc838ebcf01084da3bf15663536
result = invalid
shared =
# tcId = 353
# Public key uses wrong curve: brainpoolP384t1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 307a301406072a8648ce3d020106092b240303020801010c0362000403b65faf5a6bf74bd5c166278a4b566c6c705ac6363e61f3b0699e116d3c5b19e8b7021b75b005f78a8cea8de34c49397f9b3b2bfc8706eb8163c802371eff7dfc825c40aa84dd9d1c4b34615ee5ae28c6c05d58d2a8ccc3786382b712d3bcda
result = invalid
shared =
# tcId = 354
# Public key uses wrong curve: brainpoolP512t1
curve = secp256r1
private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297
public = 30819b301406072a8648ce3d020106092b240303020801010e03818200047504d660943a69ab043378e44c034896534a346e0e95f35fcaad3503b490856bfb20a753ecabc6d7bfeec28d057f919923b7d3c086953eb16c5bd287b59788db72dbb7c273854294c927ea7eca205aae2f0830e5faaddad8316231bfc3572c85c33cb7054e04c8936e3ce059c907e59f40593444e590b31820bc1f514ed0ec8a
result = invalid
shared =
# tcId = 355
# invalid public key
curve = secp256r1
private = 6f953faff3599e6c762d7f4cabfeed092de2add1df1bc5748c6cbb725cf35458
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002fd4bf61763b46581fd9174d623516cf3c81edd40e29ffa2777fb6cb0ae3ce535
result = invalid
shared =
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 356
# public key is a low order point on twist
curve = secp256r1
private = 0d27edf0ff5b6b6b465753e7158370332c153b468a1be087ad0f490bdb99e5f02
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220003efdde3b32872a9effcf3b94cbf73aa7b39f9683ece9121b9852167f4e3da609b
result = invalid
shared =
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 357
# public key is a low order point on twist
curve = secp256r1
private = 0d27edf0ff5b6b6b465753e7158370332c153b468a1be087ad0f490bdb99e5f03
public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002efdde3b32872a9effcf3b94cbf73aa7b39f9683ece9121b9852167f4e3da609b
result = invalid
shared =
# The point in the public key is compressed. Not every library supports points
# in compressed format.
# tcId = 358
# public key is a low order point on twist