boringssl / boringssl / refs/tags/fips-20180730 / . / third_party / wycheproof_testvectors / ecdh_test.txt

# Imported from Wycheproof's ecdh_test.json. | |

# This file is generated by convert_wycheproof.go. Do not edit by hand. | |

# | |

# Algorithm: ECDH | |

# Generator version: 0.4.6 | |

[curve = secp224r1] | |

[encoding = asn] | |

# tcId = 1 | |

# normal case | |

curve = secp224r1 | |

private = 565577a49415ca761a0322ad54e4ad0ae7625174baf372c2816f5328 | |

public = 304e301006072a8648ce3d020106052b81040021033a00047d8ac211e1228eb094e285a957d9912e93deee433ed777440ae9fc719b01d050dfbe653e72f39491be87fb1a2742daa6e0a2aada98bb1aca | |

result = valid | |

shared = b8ecdb552d39228ee332bafe4886dbff272f7109edf933bc7542bd4f | |

# tcId = 2 | |

# compressed public key | |

curve = secp224r1 | |

private = 565577a49415ca761a0322ad54e4ad0ae7625174baf372c2816f5328 | |

public = 3032301006072a8648ce3d020106052b81040021031e00027d8ac211e1228eb094e285a957d9912e93deee433ed777440ae9fc71 | |

result = acceptable | |

shared = b8ecdb552d39228ee332bafe4886dbff272f7109edf933bc7542bd4f | |

# The point in the public key is compressed. Not every library supports points | |

# in compressed format. | |

# tcId = 3 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a00045763fa2ae16367ad23d471cc9a52466f0d81d864e5640cefe384114594d9fecfbed4f254505ac8b41d2532055a07f0241c4818b552cbb636 | |

result = valid | |

shared = 00000000000000000000000100000000000000000000000000000001 | |

# tcId = 4 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004142c1fd80fa2121a59aa898144084ec033f7a56a34eee0b499e29ae51c6d8c1bbb1ef2a76d565899fe44ffc1207d530d7f598fb77f4bb76b | |

result = valid | |

shared = 00000000000000ffffffffffffff0000000000000100000000000000 | |

# tcId = 5 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004ed6f793e10c80d12d871cf8988399c4898a9bf9ffd8f27399f63de25f0051cdf4eec7f368f922cfcd948893ceca0c92e540cc4367a99a66a | |

result = valid | |

shared = 00000000ffffffffffffffff00000000000000010000000000000000 | |

# tcId = 6 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a000408fcfc1a63c82860be12e4137433dfc40be9acdd245f9a8c4e56be61a385fc09f808383383f4b1d0d5365b6e5dcfacdc19bc7bcfed221274 | |

result = valid | |

shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff | |

# tcId = 7 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004d883ed77f1861e8712800d31df67888fe39f150c79a27aa88caeda6b180f3f623e2ff3ab5370cf8179165b085af3dd4502850c0104caed9a | |

result = valid | |

shared = 0003fffffff00000003fffffff00000003fffffff000000040000000 | |

# tcId = 8 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a00042b8b279b85ee3f3d2c0abeb36fdfc5aad6157d652d26489381a32cd73224bd757ef794acc92b0b3b9e7990618bb343a9a09bdb9d3616eff6 | |

result = valid | |

shared = 01fffffffc00000007fffffff00000001fffffffc000000080000001 | |

# tcId = 9 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004a281ad992b363597ac93ff0de8ab1f7e51a6672dcbb58f9d739ba430ce0192874038daefc3130eec65811c7255da70fea65c1003f6892faa | |

result = valid | |

shared = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff | |

# tcId = 10 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004be3e22133f51203f631b81dde8c020cdea5daa1f99cfc05c88fad2dc0f243798d6e72d1de9e3cdca4144e0a6c0f2a584d07589006972c197 | |

result = valid | |

shared = fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0008001 | |

# tcId = 11 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004af14547c20afbd91bfe64ea03d45a76a71241f23520ef897ff91eff1b54ca6ca8c25fd73852ec6654617434eff7f0225684d4dea7a4f8a97 | |

result = valid | |

shared = ffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff | |

# tcId = 12 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004b1e484925018729926acda56ff3e2f6c1e7e8f162b178d8e8afb45564fceaa6da5d998fe26b6b26a055169063a5ab6908852ca8b54e2de6c | |

result = valid | |

shared = fffff0000007fffffe000000ffffffc000001ffffff8000003ffffff | |

# tcId = 13 | |

# edge cases for shared secret | |

curve = secp224r1 | |

private = 0a2b6442a37f9201b56758034d2009be64b0ab7c02d7e398cac9665d6 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004937eb09fb145c8829cb7df20a4cbeed396791373de277871d6c5f9cc3b5b4fd56464a71fc4a2a6af3bd251952bffa829489e68a8d06f96b6 | |

result = valid | |

shared = ffffffff00000000ffffffff00000000ffffffff00000000ffffffff | |

# tcId = 14 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004000000000000000000000001000000000000000000000000000000012ea2f4917bdfdb008306cc10a18e2557633ba861001829dcbfb96fba | |

result = valid | |

shared = be1ded8cb7ff8a585181f96d681e31b332fe27dcae922dca2310300d | |

# tcId = 15 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a000400000000000000ffffffffffffff000000000000010000000000000073ca5f8f104997a2399e0c7f25e72a75ec29fc4542533d3fea89a33a | |

result = valid | |

shared = a2e86a260e13515918a0cafdd87855f231b5624c560f976159e06a75 | |

# tcId = 16 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a000400000000ffffffffffffffff000000000000000100000000000000006fe6805f59b19b0dd389452a1d4a420bfeb6c369cf6fed5b12e6e654 | |

result = valid | |

shared = 31ef7c8d10404a0046994f313a70574b027e87f9028eca242c1b5bf5 | |

# tcId = 17 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a00040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff77c5cfa4e2c384938d48bd8dd98f54c86b279f1df8c0a1f6692439c9 | |

result = valid | |

shared = d1976a8ef5f54f24f5a269ad504fdca849fc9c28587ba294ef267396 | |

# tcId = 18 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a00040003fffffff00000003fffffff00000003fffffff00000004000000001f0828136016bb97445461bc59f2175d8d23557d6b9381f26136e3d | |

result = valid | |

shared = ce7890d108ddb2e5474e6417fcf7a9f2b3bd018816062f4835260dc8 | |

# tcId = 19 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a000401fffffffc00000007fffffff00000001fffffffc0000000800000012d8acca6f199d4a94b933ba1aa713a7debde8ac57b928f596ae66a66 | |

result = valid | |

shared = 30b6ff6e8051dae51e4fe34b2d9a0b1879153e007eb0b5bdf1791a9c | |

# tcId = 20 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a00047fffffffffffffffffffffffffffffffffffffffffffffffffffffff7d8dbca36c56bcaae92e3475f799294f30768038e816a7d5f7f07d77 | |

result = valid | |

shared = 73bd63bd384a0faafb75cfed3e95d3892cbacf0db10f282c3b644771 | |

# tcId = 21 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc000800174f1ff5ea7fbc72b92f61e06556c26bab84c0b082dd6400ca1c1eb6d | |

result = valid | |

shared = 85b079c62e1f5b0fd6841dfa16026e15b641f65e13a14042567166bb | |

# tcId = 22 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004ffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff0126fdd5fccd0b5aa7fd5bb5b1308584b30556248cec80208a2fe962 | |

result = valid | |

shared = 8a834ff40e3fc9f9d412a481e18537ea799536c5520c6c7baaf12166 | |

# tcId = 23 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004fffff0000007fffffe000000ffffffc000001ffffff8000003ffffff20cfa23077acc9fbcb71339c65880cd0b966b8a9497e65abed17f0b5 | |

result = valid | |

shared = a0887269766e6efcbc81d2b38f2d4638663f12377468a23421044188 | |

# tcId = 24 | |

# edge cases for ephemeral key | |

curve = secp224r1 | |

private = 2bc15cf3981f4e15bbad387b506df647989e5478160be862f8c26969 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004ffffffff00000000ffffffff00000000ffffffff00000000ffffffff1c05ac2d4f10b69877c3243d51f887277b7bf735c326ab2f0d70da8c | |

result = valid | |

shared = c65d1911bc076a74588d8793ce7a0dcabf5793460cd2ebb02754a1be | |

# tcId = 25 | |

# edge case private key | |

curve = secp224r1 | |

private = 3 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504 | |

result = valid | |

shared = e71f2157bfe37697ea5193d4732dcc6e5412fa9d38387eacd391c1c6 | |

# tcId = 26 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffffffffffffffffffffffff | |

public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504 | |

result = valid | |

shared = fa2664717c7fa0161ec2c669b2c0986cdc20456a6e5406302bb53c77 | |

# tcId = 27 | |

# edge case private key | |

curve = secp224r1 | |

private = 1000000000000000000000000000000000000000000000000000000 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004478e73465bb1183583f4064e67e8b4343af4a05d29dfc04eb60ac2302e5b9a3a1b32e4208d4c284ff26822e09c3a9a4683443e4a35175504 | |

result = valid | |

shared = af6e5ad34497bae0745f53ad78ce8b285d79f400d5c6e6a071f8e6bd | |

# tcId = 28 | |

# edge case private key | |

curve = secp224r1 | |

private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffff | |

result = valid | |

shared = 12fd302ff8c13c55a9c111f8bb6b0a13ecf88299c0ae3032ce2bcaff | |

# tcId = 29 | |

# edge case private key | |

curve = secp224r1 | |

private = 080000000000000000000000000000000000000000000000000000000 | |

result = valid | |

shared = 73f1a395b842f1a6752ae417e2c3dc90cafc4476d1d861b7e68ad030 | |

# tcId = 30 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03d13dd29455c5c2a3d | |

result = valid | |

shared = b329c20ddb7c78ee4e622bb23a984c0d273ba34b6269f3d9e8f89f8e | |

# tcId = 31 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13cd29455c5c2a3d | |

result = valid | |

shared = 6f48345209b290ffc5abbe754a201479e5d667a209468080d06197b4 | |

# tcId = 32 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13d529455c5c2a3d | |

result = valid | |

shared = 9f6e30c1c9dad42a153aacd4b49a8e5c721d085cd07b5d5aec244fc1 | |

# tcId = 33 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29445c5c2a3d | |

result = valid | |

shared = 8cadfb19a80949e61bd5b829ad0e76d18a5bb2eeb9ed7fe2b901cecd | |

# tcId = 34 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c29b7 | |

result = valid | |

shared = 475fd96e0eb8cb8f100a5d7fe043a7a6851d1d611da2643a3c6ae708 | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 35 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a37 | |

result = valid | |

shared = 41ef931d669d1f57d8bb95a01a92321da74be8c6cbc3bbe0b2e73ebd | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 36 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3a | |

result = valid | |

shared = e71f2157bfe37697ea5193d4732dcc6e5412fa9d38387eacd391c1c6 | |

# tcId = 37 | |

# edge case private key | |

curve = secp224r1 | |

private = 0ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3b | |

result = valid | |

shared = 11ff15126411299cbd49e2b7542e69e91ef132e2551a16ecfebb23a3 | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 38 | |

# public point not on curve | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 304e301006072a8648ce3d020106052b81040021033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5d | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 39 | |

# public point = (0,0) | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 304e301006072a8648ce3d020106052b81040021033a00040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 40 | |

# order = -26959946667150639794667015087019625940457807714424391721682722368061 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021dff0000000000000000000000000000e95d1f470fc1ec22d6baa3a3d5c3020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 41 | |

# order = 0 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3081f73081b806072a8648ce3d02013081ac020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34020100020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 42 | |

# order = 1 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3081f73081b806072a8648ce3d02013081ac020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34020101020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 43 | |

# order = 6277101735386680763835789423207665314073163949517624387909 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3082010f3081d006072a8648ce3d02013081c4020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021900ffffffffffffffffffffffffffff16a2e0b8f03e13dd2945020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 44 | |

# generator = (0,0) | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb40439040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 45 | |

# generator not on curve | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e36021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 46 | |

# cofactor = -1 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d0201ff033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 47 | |

# cofactor = 0 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020100033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 48 | |

# cofactor = 2 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020102033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 49 | |

# cofactor = | |

# 26959946667150639794667015087019625940457807714424391721682722368061 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3082012f3081f006072a8648ce3d02013081e4020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 50 | |

# cofactor = None | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201103081d106072a8648ce3d02013081c5020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041cfffffffffffffffffffffffffffffffefffffffffffffffffffffffe041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 51 | |

# modified prime | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00c123da0a46a971da9468161e61a5c71a02e6c9bdb3392f4016fb457b303c041c3edc25f5b9568e256b97e9e19e5a38e4fd1936424cc6d0bfe904ba83041cb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4043904000000000000000000285145f31ae4d40000000000000000000003387edad63d1a600740ce66b6f04d67ed06ea1a75c16294336ed05b3fa3021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004000000000000000000285145f31ae4d40000000000000000000003387edad63d1a600740ce66b6f04d67ed06ea1a75c16294336ed05b3fa3 | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The modulus of the public key has been modified. The public point of the | |

# public key has been chosen so that it is both a point on both the curve of the | |

# modified public key and the private key. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 52 | |

# using secp256r1 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39 | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 53 | |

# using secp256k1 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838 | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 54 | |

# a = 0 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 3081f83081b906072a8648ce3d02013081ad020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff0000000000000000000000013021040100041cd0d5e347a38ce5b6e1f47edddd8a223bca45d2015de76ec835a4df57043904a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a0004a10fb7bf22d299fc5bc43bd2d0e8da28af28ace8430bee28f9e5b57554275c0615d8d9a3011d7bc4c1c4cf4a834c8dc46f25b98854401a5b | |

result = acceptable | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 55 | |

# public key of order 3 | |

curve = secp224r1 | |

private = 0d07629eb653a169ae3231ea1030faaf3e7f8ffe388030ee315d0a1d2 | |

public = 308201133081d406072a8648ce3d02013081c8020101302806072a8648ce3d0101021d00ffffffffffffffffffffffffffffffff000000000000000000000001303c041c638e13764a07715dd0f3dc73c3b96a57d7edf087edd548055acba86d041cc9a6db972cff80f0a883ee0ea939544a707b32284b77b79c72118f390439043afa3ffd1cb3be8625468884aad7a07f33de1cfd74b06a060142a7d7470e6fb68cd0695a6c52b98246f92030ff4cdeb97dc90591eee1a1f0021d00ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d020101033a00043afa3ffd1cb3be8625468884aad7a07f33de1cfd74b06a060142a7d7b8f19049732f96a593ad467db906dfce00b321468236fa6e111e5e11 | |

result = invalid | |

shared = 9b992dad1c2b5dadd3b5aeb84b7a91fb6fe5f46e02ab2c7fa32696a7 | |

# The vector contains a weak public key. The curve is not a named curve, the | |

# public key point has order 3 and has been chosen to be on the same curve as | |

# the private key. This test vector is used to check ECC implementations for | |

# missing steps in the verification of the public key. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 56 | |

# Public key uses wrong curve: secp256r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ea36cf70fab75684eabe6569ce623db0deaa8c95f61c8be50b8b9f3eb7d4b9ec48d9e4814f4cb1c286589eaaa990d3f3238b2d6d6be964abfad964824b653376 | |

result = invalid | |

shared = | |

# tcId = 57 | |

# Public key uses wrong curve: secp384r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 3076301006072a8648ce3d020106052b81040022036200044b2470ad3d13269c10a17d222ebdffbd61fb04488db1b1d7caef8d4988b7bb8ba6d81857a05b255232b9e37a30e328bb9d9c42d86096f2bcee3d258cfe208d2fd03cbd5ccc6a3bb8ce4b0efa5b059b4afbd0377aa6e274721a57efe8ee85d86a | |

result = invalid | |

shared = | |

# tcId = 58 | |

# Public key uses wrong curve: secp521r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 30819b301006072a8648ce3d020106052b810400230381860004012841a2260f0f1f424865fef275374779bf0355720223f8ec6a9ba767b1603b492f58a6bba1705d882257bc6be1935de4411c5f1fdad44ec65ba8b97ce0e73e1ac90006937832a602147e37c1a42ca2a63629ffc9a35b31bfacb38c6242b42916125f7446b45c718f797259bc3011cb71e868560b331cf7d01139a0643443f9fd7306c1 | |

result = invalid | |

shared = | |

# tcId = 59 | |

# Public key uses wrong curve: secp256k1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 3056301006072a8648ce3d020106052b8104000a03420004c2199fecf75648c0e952dff143821fa4012b28f90435ce6ee54653687f969a76092a3844e17d478a594f43b28cc10a5c553b4f64906121031c3a79299c70dbd6 | |

result = invalid | |

shared = | |

# tcId = 60 | |

# Public key uses wrong curve: brainpoolP224r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 3052301406072a8648ce3d020106092b2403030208010105033a00046caa3d6d86f792df7b29e41eb4203150f60f4fca10f57d0b2454abfb201f9f7e6dcbb92bdcfb9240dc86bcaeaf157c77bca22b2ec86ee8d6 | |

result = invalid | |

shared = | |

# tcId = 61 | |

# Public key uses wrong curve: brainpoolP256r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 305a301406072a8648ce3d020106092b2403030208010107034200042750180012c3ba7489517d428e4826784e50b50ac42ef7991c61a396c03a52da5e74908ae8a89627a7c15e554b105b0ebaeebcfed10e3ea60223d0a8bc3b36ab | |

result = invalid | |

shared = | |

# tcId = 62 | |

# Public key uses wrong curve: brainpoolP320r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 306a301406072a8648ce3d020106092b2403030208010109035200045b523d3a8f20f6a569c6951e0b8de48d89e7549a184e8506820421c3e404473692cd248d7480843b911d87a87e401112fce0d3d2c36978cf6dd7f1d93bfaebe0827d4bf4006006d3202e842126fe1b68 | |

result = invalid | |

shared = | |

# tcId = 63 | |

# Public key uses wrong curve: brainpoolP384r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 307a301406072a8648ce3d020106092b240303020801010b03620004449607c76c6dc7334c269a0ebab5beec83b6c263377ce06ef5c276f45a9916eff85f50438f5f32ced0210a6c414fe5e242c7c1070823f5395b35965bda6758acf84725f11ea836dda7d391fee91342026645241853224a437a6fb74e4cdc871f | |

result = invalid | |

shared = | |

# tcId = 64 | |

# Public key uses wrong curve: brainpoolP512r1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 30819b301406072a8648ce3d020106092b240303020801010d038182000463e7a491240848e4f53ea5fb857d428c493053193e4b0b4f995ac8bf4c56276a507870131a384aa7e236c64cd7a049a1b37e40ad00c3b8a920dcbad6531616356ce1b6e6d96a7d1b693e25e5abd83ab560a3d764bcd49ec98a1b49421163bd5fc5a625f44c91eb4c2984d5a2e51e816ebdee8fbe08364bb14b7ac876990e64d9 | |

result = invalid | |

shared = | |

# tcId = 65 | |

# Public key uses wrong curve: brainpoolP224t1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 3052301406072a8648ce3d020106092b2403030208010106033a00047c592ecb8908355d1ebf8d59b3619275dbe3666209b72ced6a3c88740456ce61d6a84e0542d7cd10dd8804afb8c784d5dffd9480d8cfdc95 | |

result = invalid | |

shared = | |

# tcId = 66 | |

# Public key uses wrong curve: brainpoolP256t1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 305a301406072a8648ce3d020106092b240303020801010803420004746226a3e005c37ede51828d3375ef91ebd0ff719a380af69d7dfd131b42a3e8917d4a4d573872935a74d1040f1c47d25d6b26f4156cccdcdc11833b9cde433a | |

result = invalid | |

shared = | |

# tcId = 67 | |

# Public key uses wrong curve: brainpoolP320t1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 306a301406072a8648ce3d020106092b240303020801010a035200043298b36825c7bd90ab5157b913d40bbfd732a0de0557e02a2c65a0c223e9a65d62c32462040dd6fe578103023c831caff122c1ed4b8ff7373fa2f08d11c9f4c7f85f81802262ffed9bb82cb6d92eed2d | |

result = invalid | |

shared = | |

# tcId = 68 | |

# Public key uses wrong curve: brainpoolP384t1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 307a301406072a8648ce3d020106092b240303020801010c036200043af2849b981f7e5e6ab936e6abb4f206c1fd5561998df8008bfe98d84173c9f2301cdbd5bffc569c0b5a57ce2a8f4d640f1816475fc6043baa8e5a3453bf327b54cb29c7e54a5f31348969aa94615094dbcd1a8e5c2d630465e45fc556c02194 | |

result = invalid | |

shared = | |

# tcId = 69 | |

# Public key uses wrong curve: brainpoolP512t1 | |

curve = secp224r1 | |

private = 2ddd06cb77ca2eae5266a34a107b49e56ffb4c2d3952112da2df90fc | |

public = 30819b301406072a8648ce3d020106092b240303020801010e038182000453d2506047e72af6d98558e1633ecb7e6a05c37861cd3289455cf41bfbf1703f2e9a83052b8eca7d84cba2f001abd8b978f68b69ed6bd874755c44d347fe302c5760b2078c56b24ebd0dcd99f26b8f8a23044b3767a3d2a306587687a7b00668974674edbf18c3db2f3473a97ee77065fdcdd1a9aa053716a4c504f3d18b9170 | |

result = invalid | |

shared = | |

# tcId = 70 | |

# invalid public key | |

curve = secp224r1 | |

private = 0fc28a0ca0f8e36b0d4f71421845135a22aef543b9fddf8c775b2d18f | |

public = 3032301006072a8648ce3d020106052b81040021031e00020ca753db5ddeca474241f8d2dafc0844343fd0e37eded2f0192d51b2 | |

result = invalid | |

shared = | |

# The point in the public key is compressed. Not every library supports points | |

# in compressed format. | |

# tcId = 71 | |

# long form encoding of length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30814e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 72 | |

# long form encoding of length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f30811006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 73 | |

# long form encoding of length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f30110681072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 74 | |

# long form encoding of length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f301106072a8648ce3d02010681052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 75 | |

# long form encoding of length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f301006072a8648ce3d020106052b8104002103813a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 76 | |

# length contains leading 0 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3082004e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 77 | |

# length contains leading 0 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503082001006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 78 | |

# length contains leading 0 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503012068200072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 79 | |

# length contains leading 0 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d0201068200052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 80 | |

# length contains leading 0 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b810400210382003a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 81 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 82 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 83 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301106072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 84 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e300f06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 85 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006082a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 86 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006062a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 87 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106062b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 88 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106042b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 89 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021033b000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 90 | |

# wrong length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b810400210339000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 91 | |

# uint32 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3085010000004e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 92 | |

# uint32 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30533085010000001006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 93 | |

# uint32 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30533015068501000000072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 94 | |

# uint32 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301506072a8648ce3d0201068501000000052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 95 | |

# uint32 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301006072a8648ce3d020106052b810400210385010000003a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 96 | |

# uint64 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 308901000000000000004e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 97 | |

# uint64 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3057308901000000000000001006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 98 | |

# uint64 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3057301906890100000000000000072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 99 | |

# uint64 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3057301906072a8648ce3d020106890100000000000000052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 100 | |

# uint64 overflow in length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3057301006072a8648ce3d020106052b81040021038901000000000000003a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 101 | |

# length = 2**31 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30847fffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 102 | |

# length = 2**31 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305230847fffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 103 | |

# length = 2**31 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301406847fffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 104 | |

# length = 2**31 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301406072a8648ce3d020106847fffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 105 | |

# length = 2**31 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301006072a8648ce3d020106052b8104002103847fffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 106 | |

# length = 2**32 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3084ffffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 107 | |

# length = 2**32 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30523084ffffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 108 | |

# length = 2**32 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305230140684ffffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 109 | |

# length = 2**32 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301406072a8648ce3d02010684ffffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 110 | |

# length = 2**32 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301006072a8648ce3d020106052b810400210384ffffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 111 | |

# length = 2**40 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3085ffffffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 112 | |

# length = 2**40 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30533085ffffffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 113 | |

# length = 2**40 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305330150685ffffffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 114 | |

# length = 2**40 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301506072a8648ce3d02010685ffffffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 115 | |

# length = 2**40 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301006072a8648ce3d020106052b810400210385ffffffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 116 | |

# length = 2**64 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3088ffffffffffffffff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 117 | |

# length = 2**64 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30563088ffffffffffffffff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 118 | |

# length = 2**64 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305630180688ffffffffffffffff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 119 | |

# length = 2**64 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301806072a8648ce3d02010688ffffffffffffffff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 120 | |

# length = 2**64 - 1 | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301006072a8648ce3d020106052b810400210388ffffffffffffffff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 121 | |

# incorrect length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30ff301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 122 | |

# incorrect length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e30ff06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 123 | |

# incorrect length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006ff2a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 124 | |

# incorrect length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106ff2b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 125 | |

# incorrect length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b8104002103ff000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 126 | |

# indefinite length without termination | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 127 | |

# indefinite length without termination | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e308006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 128 | |

# indefinite length without termination | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006802a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 129 | |

# indefinite length without termination | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106802b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 130 | |

# indefinite length without termination | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b810400210380000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 131 | |

# removing sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 132 | |

# removing sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 303c033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 133 | |

# lonely sequence tag | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 134 | |

# lonely sequence tag | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 303d30033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 135 | |

# appending 0's to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 136 | |

# appending 0's to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d020106052b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 137 | |

# prepending 0's to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30500000301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 138 | |

# prepending 0's to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503012000006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 139 | |

# appending unused 0's to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 140 | |

# appending unused 0's to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 141 | |

# appending null value to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620500 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 142 | |

# appending null value to sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d020106052b810400210500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 143 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053498177304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 144 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30522500304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 145 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620004deadbeef | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 146 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30533015498177301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 147 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305230142500301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 148 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30563012301006072a8648ce3d020106052b810400210004deadbeef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 149 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30533015260c49817706072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 150 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30523014260b250006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 151 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30563018260906072a8648ce3d02010004deadbeef06052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 152 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301506072a8648ce3d0201260a49817706052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 153 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301406072a8648ce3d02012609250006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 154 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301806072a8648ce3d0201260706052b810400210004deadbeef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 155 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301006072a8648ce3d020106052b81040021233f498177033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 156 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301006072a8648ce3d020106052b81040021233e2500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 157 | |

# including garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301006072a8648ce3d020106052b81040021233c033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620004deadbeef | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 158 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056aa00bb00cd00304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 159 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3054aa02aabb304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 160 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30563018aa00bb00cd00301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 161 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30543016aa02aabb301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 162 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30563018260faa00bb00cd0006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 163 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30543016260daa02aabb06072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 164 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301806072a8648ce3d0201260daa00bb00cd0006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 165 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3054301606072a8648ce3d0201260baa02aabb06052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 166 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301006072a8648ce3d020106052b810400212342aa00bb00cd00033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 167 | |

# including undefined tags | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3054301006072a8648ce3d020106052b810400212340aa02aabb033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 168 | |

# truncated length of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3081 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 169 | |

# truncated length of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 303e3081033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 170 | |

# Replacing sequence with NULL | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 0500 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 171 | |

# Replacing sequence with NULL | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 303e0500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 172 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 2e4e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 173 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 2f4e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 174 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 314e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 175 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 324e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 176 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = ff4e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 177 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e2e1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 178 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e2f1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 179 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e311006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 180 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e321006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 181 | |

# changing tag value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304eff1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 182 | |

# dropping value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 183 | |

# dropping value of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 303e3000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 184 | |

# truncate sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 185 | |

# truncate sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d1006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 186 | |

# truncate sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d300f06072a8648ce3d020106052b810400033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 187 | |

# truncate sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d300f072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 188 | |

# indefinite length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 189 | |

# indefinite length | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050308006072a8648ce3d020106052b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 190 | |

# indefinite length with truncated delimiter | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da6200 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 191 | |

# indefinite length with truncated delimiter | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f308006072a8648ce3d020106052b8104002100033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 192 | |

# indefinite length with additional element | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da6205000000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 193 | |

# indefinite length with additional element | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052308006072a8648ce3d020106052b8104002105000000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 194 | |

# indefinite length with truncated element | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62060811220000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 195 | |

# indefinite length with truncated element | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3054308006072a8648ce3d020106052b81040021060811220000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 196 | |

# indefinite length with garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000fe02beef | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 197 | |

# indefinite length with garbage | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3054308006072a8648ce3d020106052b810400210000fe02beef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 198 | |

# indefinite length with nonempty EOC | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3080301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620002beef | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 199 | |

# indefinite length with nonempty EOC | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052308006072a8648ce3d020106052b810400210002beef033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 200 | |

# prepend empty sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503000301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 201 | |

# prepend empty sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503012300006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 202 | |

# append empty sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da623000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 203 | |

# append empty sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d020106052b810400213000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 204 | |

# sequence of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 205 | |

# sequence of sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503012301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 206 | |

# truncated sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3012301006072a8648ce3d020106052b81040021 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 207 | |

# truncated sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3047300906072a8648ce3d0201033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 208 | |

# repeat element in sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30818a301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 209 | |

# repeat element in sequence | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3055301706072a8648ce3d020106052b8104002106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 210 | |

# removing oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3045300706052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 211 | |

# lonely oid tag | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304630080606052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 212 | |

# lonely oid tag | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3048300a06072a8648ce3d020106033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 213 | |

# appending 0's to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206092a8648ce3d0201000006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 214 | |

# appending 0's to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d020106072b810400210000033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 215 | |

# prepending 0's to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30503012060900002a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 216 | |

# prepending 0's to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d0201060700002b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 217 | |

# appending unused 0's to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d0201000006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 218 | |

# appending null value to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206092a8648ce3d0201050006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 219 | |

# appending null value to oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301206072a8648ce3d020106072b810400210500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 220 | |

# truncated length of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30473009068106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 221 | |

# truncated length of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3049300b06072a8648ce3d02010681033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 222 | |

# Replacing oid with NULL | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30473009050006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 223 | |

# Replacing oid with NULL | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3049300b06072a8648ce3d02010500033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 224 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301004072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 225 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301005072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 226 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301007072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 227 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301008072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 228 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e3010ff072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 229 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020104052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 230 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020105052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 231 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020107052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 232 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020108052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 233 | |

# changing tag value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d0201ff052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 234 | |

# dropping value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30473009060006052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 235 | |

# dropping value of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3049300b06072a8648ce3d02010600033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 236 | |

# modify first byte of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e30100607288648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 237 | |

# modify first byte of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052981040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 238 | |

# modify last byte of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d028106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 239 | |

# modify last byte of oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b810400a1033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 240 | |

# truncate oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d300f06062a8648ce3d0206052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 241 | |

# truncate oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d300f06068648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 242 | |

# truncate oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d300f06072a8648ce3d020106042b810400033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 243 | |

# truncate oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d300f06072a8648ce3d0201060481040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 244 | |

# wrong oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30513013060a3262306530333032316106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 245 | |

# wrong oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3059301b061236303836343830313635303330343032303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 246 | |

# wrong oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301506072a8648ce3d0201060a32623065303330323161033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 247 | |

# wrong oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305b301d06072a8648ce3d02010612363038363438303136353033303430323031033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 248 | |

# longer oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3057301906103261383634386365336430323031303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 249 | |

# longer oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3055301706072a8648ce3d0201060c326238313034303032313031033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 250 | |

# oid with modified node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 30553017060e326138363438636533643032313106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 251 | |

# oid with modified node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305d301f06163261383634386365336430323838383038303830303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 252 | |

# oid with modified node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3053301506072a8648ce3d0201060a32623831303430303331033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 253 | |

# oid with modified node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 305b301d06072a8648ce3d02010612326238313034303038383830383038303231033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 254 | |

# large integer in oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 306730290620326138363438636533643032383238303830383038303830383038303830303106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 255 | |

# large integer in oid | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3065302706072a8648ce3d0201061c32623831303430303832383038303830383038303830383038303231033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 256 | |

# oid with invalid node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3058301a0611326138363438636533643032303165303306052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 257 | |

# oid with invalid node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f301106082a808648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 258 | |

# oid with invalid node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3056301806072a8648ce3d0201060d32623831303430303231653033033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 259 | |

# oid with invalid node | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304f301106072a8648ce3d020106062b8081040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 260 | |

# lonely bit string tag | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3013301006072a8648ce3d020106052b8104002103 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 261 | |

# appending 0's to bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b81040021033c000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620000 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 262 | |

# prepending 0's to bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b81040021033c0000000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 263 | |

# appending null value to bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3050301006072a8648ce3d020106052b81040021033c000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da620500 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 264 | |

# truncated length of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3014301006072a8648ce3d020106052b810400210381 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 265 | |

# Replacing bit string with NULL | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3014301006072a8648ce3d020106052b810400210500 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 266 | |

# changing tag value of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021013a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 267 | |

# changing tag value of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021023a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 268 | |

# changing tag value of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021043a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 269 | |

# changing tag value of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021053a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 270 | |

# changing tag value of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021ff3a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 271 | |

# dropping value of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3014301006072a8648ce3d020106052b810400210300 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 272 | |

# modify first byte of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021033a020486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 273 | |

# modify last byte of bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021033a000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3dae2 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 274 | |

# truncate bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d301006072a8648ce3d020106052b810400210339000486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 275 | |

# truncate bit string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304d301006072a8648ce3d020106052b8104002103390486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 276 | |

# declaring bits as unused in a bit-string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021033a010486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 277 | |

# unused bits in a bit-string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3052301006072a8648ce3d020106052b81040021033e200486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da6201020304 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 278 | |

# unused bits in empty bit-string | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 3015301006072a8648ce3d020106052b81040021030103 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

# tcId = 279 | |

# 128 unused bits | |

curve = secp224r1 | |

private = 0a1b9444f59642d428e2f299055004165a34c3b8796c5057ae8a1a572 | |

public = 304e301006072a8648ce3d020106052b81040021033a800486e2f72bccd974a3f1a4fc2cdcf22043eaf8be047de6be726b62001fda6f50f6df0b51bee99195d8a1a1c97e59e72fa4fcf8c1d21cb3da62 | |

result = acceptable | |

shared = 85a70fc4dfc8509fb9ba1cfcf1879443e2ce176d794228029b10da63 | |

# The public key in this test uses an invalid ASN encoding. Some cases where the | |

# ASN parser is not strictly checking the ASN format are benign as long as the | |

# ECDH computation still returns the correct shared value. | |

[curve = secp256r1] | |

[encoding = asn] | |

# tcId = 280 | |

# normal case | |

curve = secp256r1 | |

private = 612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346 | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000462d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f26ac333a93a9e70a81cd5a95b5bf8d13990eb741c8c38872b4a07d275a014e30cf | |

result = valid | |

shared = 53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285 | |

# tcId = 281 | |

# compressed public key | |

curve = secp256r1 | |

private = 612465c89a023ab17855b0a6bcebfd3febb53aef84138647b5352e02c10c346 | |

public = 3039301306072a8648ce3d020106082a8648ce3d0301070322000362d5bd3372af75fe85a040715d0f502428e07046868b0bfdfa61d731afe44f26 | |

result = acceptable | |

shared = 53020d908b0219328b658b525f26780e3ae12bcd952bb25a93bc0895e1714285 | |

# The point in the public key is compressed. Not every library supports points | |

# in compressed format. | |

# tcId = 282 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000458fd4168a87795603e2b04390285bdca6e57de6027fe211dd9d25e2212d29e62080d36bd224d7405509295eed02a17150e03b314f96da37445b0d1d29377d12c | |

result = valid | |

shared = 0000000000000000000000000000000000000000000000000000000000000000 | |

# tcId = 283 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040f6d20c04261ecc3e92846acad48dc8ec5ee35ae0883f0d2ea71216906ee1c47c042689a996dd12830ae459382e94aac56b717af2e2080215f9e41949b1f52be | |

result = valid | |

shared = 00000000000000000000000000000000ffffffffffffffffffffffffffffffff | |

# tcId = 284 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400c7defeb1a16236738e9a1123ba621bc8e9a3f2485b3f8ffde7f9ce98f5a8a1cb338c3912b1792f60c2b06ec5231e2d84b0e596e9b76d419ce105ece3791dbc | |

result = valid | |

shared = 0000000000000000ffffffffffffffff00000000000000010000000000000001 | |

# tcId = 285 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004e9b98fb2c0ac045f8c76125ffd99eb8a5157be1d7db3e85d655ec1d8210288cf218df24fd2c2746be59df41262ef3a97d986744b2836748a7486230a319ffec0 | |

result = valid | |

shared = 00000000ffffffff00000000ffffffff00000000ffffffff0000000100000000 | |

# tcId = 286 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004e9484e58f3331b66ffed6d90cb1c78065fa28cfba5c7dd4352013d3252ee4277bd7503b045a38b4b247b32c59593580f39e6abfa376c3dca20cf7f9cfb659e13 | |

result = valid | |

shared = 000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff | |

# tcId = 287 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004767d7fbb84aa6a4db1079372644e42ecb2fec200c178822392cb8b950ffdd0c91c86853cafd09b52ba2f287f0ebaa26415a3cfabaf92c6a617a19988563d9dea | |

result = valid | |

shared = 0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010001 | |

# tcId = 288 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004f3cb6754b7e2a86d064dfb9f903185aaa4c92b481c2c1a1ff276303bbc4183e49c318599b0984c3563df339311fe143a7d921ee75b755a52c6f804f897b809f7 | |

result = valid | |

shared = 7fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff | |

# tcId = 289 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cce13fbdc96a946dfb8c6d9ed762dbd1731630455689f57a437fee124dd54cecaef78026c653030cf2f314a67064236b0a354defebc5e90c94124e9bf5c4fc24 | |

result = valid | |

shared = 8000000000000000000000000000000000000000000000000000000000000004 | |

# tcId = 290 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047633dfd0ad06765097bc11bd5022b200df31f28c4ff0625421221ac7eeb6e6f4cb9c67693609ddd6f92343a5a1c635408240f4f8e27120c12554c7ff8c76e2fe | |

result = valid | |

shared = 8000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000000 | |

# tcId = 291 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004a386ace573f87558a68ead2a20088e3fe928bdae9e109446f93a078c15741f0421261e6db2bf12106e4c6bf85b9581b4c0302a526222f90abc5a549206b11011 | |

result = valid | |

shared = ff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff | |

# tcId = 292 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048e7b50f7d8c44d5d3496c43141a502f4a43f153d03ad43eda8e39597f1d477b8647f3da67969b7f989ff4addc393515af40c82085ce1f2ee195412c6f583774f | |

result = valid | |

shared = ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff | |

# tcId = 293 | |

# edge cases for shared secret | |

curve = secp256r1 | |

private = 0a0d622a47e48f6bc1038ace438c6f528aa00ad2bd1da5f13ee46bf5f633d71a | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004c827fb930fd51d926086191b502af83abb5f717debc8de29897a3934b2571ca05990c0597b0b7a2e42febd56b13235d1d408d76ed2c93b3facf514d902f6910a | |

result = valid | |

shared = ffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff | |

# tcId = 294 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000000000000000000000000000000000000000000000000000000000000000066485c780e2f83d72433bd5d84a06bb6541c2af31dae871728bf856a174f93f4 | |

result = valid | |

shared = cfe4077c8730b1c9384581d36bff5542bc417c9eff5c2afcb98cc8829b2ce848 | |

# tcId = 295 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000ffffffffffffffffffffffffffffffff4f2b92b4c596a5a47f8b041d2dea6043021ac77b9a80b1343ac9d778f4f8f733 | |

result = valid | |

shared = 49ae50fe096a6cd26698b78356b2c8adf1f6a3490f14e364629f7a0639442509 | |

# tcId = 296 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000000000000000ffffffffffffffff0000000000000001000000000000000138120be6ab31edfa34768c4387d2f84fb4b0be8a9a985864a1575f4436bb37b0 | |

result = valid | |

shared = 5a1334572b2a711ead8b4653eb310cd8d9fd114399379a8f6b872e3b8fdda2d9 | |

# tcId = 297 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000ffffffff00000000ffffffff00000000ffffffff0000000100000000462c0466e41802238d6c925ecbefc747cfe505ea196af9a2d11b62850fce946e | |

result = valid | |

shared = c73755133b6b9b4b2a00631cbc7940ecbe6ec08f20448071422e3362f2556888 | |

# tcId = 298 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003ffffff1582fa32e2d4a89dfcfb3d0b149f667dba3329490f4d64ee2ad586c0c9e8c508 | |

result = valid | |

shared = 06fa1059935e47a9fd667e13f469614eb257cc9a7e3fc599bfb92780d59b146d | |

# tcId = 299 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff00010001684c8a9586ed6f9cbe447058a7da2108bab1e5e0a60d1f73e4e2e713f0a3dfe0 | |

result = valid | |

shared = f237df4c10bd3e357971bb2b16b293566b7e355bdc8141d6c92cabc682983c45 | |

# tcId = 300 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200047fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff2e2213caf03033e0fd0f7951154f6e6c3a9244a72faca65e9ce9eeb5c8e1cea9 | |

result = valid | |

shared = 55d0a203e22ffb523c8d2705060cee9d28308b51f184beefc518cff690bad346 | |

# tcId = 301 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000480000000000000000000000000000000000000000000000000000000000000042be8789db81bb4870a9e60c5c18c80c83de464277281f1af1e640843a1a3148e | |

result = valid | |

shared = 2518d846e577d95e9e7bc766cde7997cb887fb266d3a6cb598a839fd54aa2f4f | |

# tcId = 302 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200048000003ffffff0000007fffffe000000ffffffc000001ffffff8000004000000722540f8a471c379083c600b58fde4d95c7dcad5095f4219fc5e9bdde3c5cd39 | |

result = valid | |

shared = bdb49f4bdf42ac64504e9ce677b3ec5c0a03828c5b3efad726005692d35c0f26 | |

# tcId = 303 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ff00000001fffffffc00000007fffffff00000001fffffffc00000007fffffff5df80fc6cae26b6c1952fbd00ed174ee1209d069335f5b48588e29e80b9191ad | |

result = valid | |

shared = f503ac65637e0f17cb4408961cb882c875e4c6ef7a548d2d52d8c2f681838c55 | |

# tcId = 304 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff2c63650e6a5d332e2987dd09a79008e8faabbd37e49cb016bfb92c8cd0f5da77 | |

result = valid | |

shared = e3c18e7d7377dc540bc45c08d389bdbe255fa80ca8faf1ef6b94d52049987d21 | |

# tcId = 305 | |

# edge cases for ephemeral key | |

curve = secp256r1 | |

private = 55d55f11bb8da1ea318bca7266f0376662441ea87270aa2077f1b770c4854a48 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000000000000ffffffffffffff00000000000000ffffffffffffff7a116c964a4cd60668bf89cffe157714a3ce21b93b3ca607c8a5b93ac54ffc0a | |

result = valid | |

shared = 516d6d329b095a7c7e93b4023d4d05020c1445ef1ddcb3347b3a27d7d7f57265 | |

# tcId = 306 | |

# edge case private key | |

curve = secp256r1 | |

private = 3 | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b | |

result = valid | |

shared = 85a0b58519b28e70a694ec5198f72c4bfdabaa30a70f7143b5b1cd7536f716ca | |

# tcId = 307 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffffffffffffffffffffffffffffffffffffffffffffffffffff | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b | |

result = valid | |

shared = a329a7d80424ea2d6c904393808e510dfbb28155092f1bac284dceda1f13afe5 | |

# tcId = 308 | |

# edge case private key | |

curve = secp256r1 | |

private = 100000000000000000000000000000000000000000000000000000000000000 | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000431028f3377fc8f2b1967edaab90213acad0da9f50897f08f57537f78f116744743a1930189363bbde2ac4cbd1649cdc6f451add71dd2f16a8a867f2b17caa16b | |

result = valid | |

shared = bd26d0293e8851c51ebe0d426345683ae94026aca545282a4759faa85fde6687 | |

# tcId = 309 | |

# edge case private key | |

curve = secp256r1 | |

private = 7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff | |

result = valid | |

shared = ea9350b2490a2010c7abf43fb1a38be729a2de375ea7a6ac34ff58cc87e51b6c | |

# tcId = 310 | |

# edge case private key | |

curve = secp256r1 | |

private = 08000000000000000000000000000000000000000000000000000000000000000 | |

result = valid | |

shared = 34eed3f6673d340b6f716913f6dfa36b5ac85fa667791e2d6a217b0c0b7ba807 | |

# tcId = 311 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e83f3b9cac2fc632551 | |

result = valid | |

shared = 1354ce6692c9df7b6fc3119d47c56338afbedccb62faa546c0fe6ed4959e41c3 | |

# tcId = 312 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3a9cac2fc632551 | |

result = valid | |

shared = fe7496c30d534995f0bf428b5471c21585aaafc81733916f0165597a55d12cb4 | |

# tcId = 313 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b1cac2fc632551 | |

result = valid | |

shared = 348bf8042e4edf1d03c8b36ab815156e77c201b764ed4562cfe2ee90638ffef5 | |

# tcId = 314 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac1fc632551 | |

result = valid | |

shared = 6e4ec5479a7c20a537501700484f6f433a8a8fe53c288f7a25c8e8c92d39e8dc | |

# tcId = 315 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6324f3 | |

result = valid | |

shared = f7407d61fdf581be4f564621d590ca9b7ba37f31396150f9922f1501da8c83ef | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 316 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632533 | |

result = valid | |

shared = 82236fd272208693e0574555ca465c6cc512163486084fa57f5e1bd2e2ccc0b3 | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 317 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632543 | |

result = valid | |

shared = 06537149664dba1a9924654cb7f787ed224851b0df25ef53fcf54f8f26cd5f3f | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 318 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254b | |

result = valid | |

shared = f2b38539bce995d443c7bfeeefadc9e42cc2c89c60bf4e86eac95d51987bd112 | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 319 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254e | |

result = valid | |

shared = 85a0b58519b28e70a694ec5198f72c4bfdabaa30a70f7143b5b1cd7536f716ca | |

# tcId = 320 | |

# edge case private key | |

curve = secp256r1 | |

private = 0ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f | |

result = valid | |

shared = 027b013a6f166db655d69d643c127ef8ace175311e667dff2520f5b5c75b7659 | |

# The private key has a special value. Implementations using addition | |

# subtraction chains for the point multiplication may get the point at infinity | |

# as an intermediate result. See CVE_2017_10176 | |

# tcId = 321 | |

# CVE-2017-8932 | |

curve = secp256r1 | |

private = 2a265f8bcbdcaf94d58519141e578124cb40d64a501fba9c11847b28965bc737 | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004023819813ac969847059028ea88a1f30dfbcde03fc791d3a252c6b41211882eaf93e4ae433cc12cf2a43fc0ef26400c0e125508224cdb649380f25479148a4ad | |

result = valid | |

shared = 4d4de80f1534850d261075997e3049321a0864082d24a917863366c0724f5ae3 | |

# tcId = 322 | |

# CVE-2017-8932 | |

curve = secp256r1 | |

private = 313f72ff9fe811bf573176231b286a3bdb6f1b14e05c40146590727a71c3bccd | |

public = 3059301306072a8648ce3d020106082a8648ce3d03010703420004cc11887b2d66cbae8f4d306627192522932146b42f01d3c6f92bd5c8ba739b06a2f08a029cd06b46183085bae9248b0ed15b70280c7ef13a457f5af382426031 | |

result = valid | |

shared = 831c3f6b5f762d2f461901577af41354ac5f228c2591f84f8a6e51e2e3f17991 | |

# tcId = 323 | |

# public point not on curve | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 3059301306072a8648ce3d020106082a8648ce3d030107034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764c | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 324 | |

# public point = (0,0) | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 3059301306072a8648ce3d020106082a8648ce3d0301070342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 325 | |

# order = | |

# -115792089210356248762697446949407573529996955224135760342422259061068512044369 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f50221ff00000000ffffffff00000000000000004319055258e8617b0c46353d039cdaaf020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 326 | |

# order = 0 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5020100020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 327 | |

# order = 1 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5020101020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 328 | |

# order = 26959946660873538060741835960514744168612397095220107664918121663170 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5021d00ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The order of the public key has been modified. If this order is used in a | |

# cryptographic primitive instead of the correct order then private keys may | |

# leak. E.g. ECDHC in BC 1.52 suffered from this. | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 329 | |

# generator = (0,0) | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b04410400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 330 | |

# generator not on curve | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f7022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 331 | |

# cofactor = -1 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc6325510201ff034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 332 | |

# cofactor = 0 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020100034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 333 | |

# cofactor = 2 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020102034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 334 | |

# cofactor = | |

# 115792089210356248762697446949407573529996955224135760342422259061068512044369 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201553082010d06072a8648ce3d020130820100020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 335 | |

# cofactor = None | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff30440420ffffffff00000001000000000000000000000000fffffffffffffffffffffffc04205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 336 | |

# modified prime | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fd091059a6893635f900e9449d63f572b2aebc4cff7b4e5e33f1b200e8bbc1453044042002f6efa55976c9cb06ff16bb629c0a8d4d5143b40084b1a1cc0e4dff17443eb704205ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b0441040000000000000000000006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200040000000000000000000006597fa94b1fd90000000000000000000000000000021b8c7dd77f9a95627922eceefea73f028f1ec95ba9b8fa95a3ad24bdf9fff414 | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The modulus of the public key has been modified. The public point of the | |

# public key has been chosen so that it is both a point on both the curve of the | |

# modified public key and the private key. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 337 | |

# using secp224r1 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 338 | |

# using secp256k1 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 3056301006072a8648ce3d020106052b8104000a03420004a1263e75b87ae0937060ff1472f330ee55cdf8f4329d6284a9ebfbcc856c11684225e72cbebff41e54fb6f00e11afe53a17937bedbf2df787f8ef9584f775838 | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# tcId = 339 | |

# a = 0 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201143081cd06072a8648ce3d02013081c1020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff302504010004201b95c2f46065dbf0f3ff09153e4748ed71595e0774ba8e25c364ff1e6be039b70441041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551020101034200041510264c189c3d523ff9916abd7069efa6968d8dc7ddb6457d7869b53ea60cdcfafb7ed4786da15d29ee59256f536da3575a4888c1bb0a95b256f4a7e9fd764a | |

result = acceptable | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# A parameter that is typically not used for ECDH has been modified. Sometimes | |

# libraries ignore small differences between public and private key. For | |

# example, a library might ignore an incorrect cofactor in the public key. We | |

# consider ignoring such changes as acceptable as long as these differences do | |

# not change the outcome of the ECDH computation, i.e. as long as the | |

# computation is done on the curve from the private key. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 340 | |

# public key of order 3 | |

curve = secp256r1 | |

private = 4f3414d1589b49f7172d439cbbe78e5b5350dc85dea40cd2d6274740c6e0239c | |

public = 308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100ffffffff00000001000000000000000000000000ffffffffffffffffffffffff304404207fe51581de0fd5f6a3f08793c6763330d51c6a9c332272132281ed58c314da360420fcf3e76add34e1daa4e8d962604a3bb6075a79da47c6719e389fe4fe37d35250044104bf0bb5f8717a07846f828f91fb493d3850365b7da5b355e76615b07ced174fe16a2542257eb94a12e3703989ee36f5459fb3b5c1028e766ec1b7a0ba39c0ed8a022100ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63255102010103420004bf0bb5f8717a07846f828f91fb493d3850365b7da5b355e76615b07ced174fe195dabdd98146b5ee1c8fc67611c90aba604c4a3ffd7189913e485f45c63f1275 | |

result = invalid | |

shared = d003f5cc83852584061f7a8a28bcb5671ecbda096e16e7accfa8f8d311a3db7a | |

# The vector contains a weak public key. The curve is not a named curve, the | |

# public key point has order 3 and has been chosen to be on the same curve as | |

# the private key. This test vector is used to check ECC implementations for | |

# missing steps in the verification of the public key. | |

# The public key has been modified and is invalid. An implementation should | |

# always check whether the public key is valid and on the same curve as the | |

# private key. The test vector includes the shared secret computed with the | |

# original public key. Generating a shared secret other than the one with the | |

# original key likely indicates that the bug is exploitable. | |

# The public key does not use a named curve. RFC 3279 allows to encode such | |

# curves by explicitly encoding, the parameters of the curve equation, modulus, | |

# generator, order and cofactor. However, many crypto libraries only support | |

# named curves. Modifying some of the EC parameters and encoding the | |

# corresponding public key as an unnamed curve is a potential attack vector. | |

# tcId = 341 | |

# Public key uses wrong curve: secp224r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 304e301006072a8648ce3d020106052b81040021033a00042af270d2a6030e3dd38cc46e7d719f176c2ca4eb04d7e8b84290c8edbcaed964ebe226b2d7ce17251622804c0d3b7adce020a3cdc97cac6c | |

result = invalid | |

shared = | |

# tcId = 342 | |

# Public key uses wrong curve: secp384r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 3076301006072a8648ce3d020106052b81040022036200041f17901e731b06f349b6e9d7d17d45e8a2b46115a47485be16197932db87b39405b5c941b36fd61b9ef7dd20878e129e55a2277099c601dcdb3747f80ad6e166116378e1ebce2c95744a0986128cfeeaac7f90b71787d9a1cfe417cd4c8f6af5 | |

result = invalid | |

shared = | |

# tcId = 343 | |

# Public key uses wrong curve: secp521r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 30819b301006072a8648ce3d020106052b81040023038186000400ed76e5888428fad409ff203ab298b0f24827c091939ae0f9b1245d865ac5fbcd2749f9ae6c90fa8e29414d1bc7dc7b3c4aca904cd824484421cc66fe6af43bdfd200c1f790a0b3ae994937f91b6bdb9778b08c83ecadb8cba22a78c37bf565dac164f18e719be0ef890ee5cbf20e17fcfc9a5585e5416470b9862f82fb769339994f4e | |

result = invalid | |

shared = | |

# tcId = 344 | |

# Public key uses wrong curve: secp256k1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 3056301006072a8648ce3d020106052b8104000a034200048028d16082b07696d4aa4aab9d6b1f1463435ac097900631108f9888e13da67c4841fd8dd3ced6e7ad8c6fc656621c2f93d3db0eb29d48d1423154519865dbc1 | |

result = invalid | |

shared = | |

# tcId = 345 | |

# Public key uses wrong curve: brainpoolP224r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 3052301406072a8648ce3d020106092b2403030208010105033a0004a6bae3d155c1f9ca263928c986ede69acefd0dd9b3a19d2b9f4b0a3a66bea5d167318dcc028945fc1b40c60ce716ba2d414a743c6b856a6f | |

result = invalid | |

shared = | |

# tcId = 346 | |

# Public key uses wrong curve: brainpoolP256r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 305a301406072a8648ce3d020106092b2403030208010107034200045d3ddbbb9bc071d8b59855c74bdf3541ae4cb6c1a24ec439034df7abde16a346523edf6a67896b304cb2cd2a083eec2b16935bbc910e85ec6eae38b50230bf70 | |

result = invalid | |

shared = | |

# tcId = 347 | |

# Public key uses wrong curve: brainpoolP320r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 306a301406072a8648ce3d020106092b240303020801010903520004a43c6ef2500723d54c1fc88f8844d83445ca5a0f585c10b8eb3f022d47d0e84862b7f5cbf97d352d4348ca730f600f2258d1d192da223f6ba83a7cc0d6da598d55c2b77824d326c8df000b8fff156d2c | |

result = invalid | |

shared = | |

# tcId = 348 | |

# Public key uses wrong curve: brainpoolP384r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 307a301406072a8648ce3d020106092b240303020801010b036200042391c062833d1e6d89ec256cf4a3989534c1ead5e1e14ffae933a53f962857e4713087e1b3d65ac79634c71577af24698b5ce959183835551f7b08aef7853378c299930b360813fd58d5e4da8b37d5a7473e891ee11cb02881bd848b364fb7d5 | |

result = invalid | |

shared = | |

# tcId = 349 | |

# Public key uses wrong curve: brainpoolP512r1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 30819b301406072a8648ce3d020106092b240303020801010d038182000484beae85096640953c1fd6ebbc32697263d53f89943cbaf14432061aea8c0318acbd9389ab1d2e904fa0e081d08cfabb614ed9bca618211142d94623c14b476a25e47abf98fd3b1da1417dfc2e2cfc8424b16ea14dd45e1422be7d4e0a5cc7f4d4ab5f198cdbaaa3f642ec6361842cbe869382ee78cd596ff5e740d9ec2c3ad6 | |

result = invalid | |

shared = | |

# tcId = 350 | |

# Public key uses wrong curve: brainpoolP224t1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 3052301406072a8648ce3d020106092b2403030208010106033a00042b0a1a858ffc44e7752940731d378f96570837e279ea3948fe00cff8b5f89adb4e2fe6f8781ba6426364f4590b34dd79fc80629de4a86084 | |

result = invalid | |

shared = | |

# tcId = 351 | |

# Public key uses wrong curve: brainpoolP256t1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 305a301406072a8648ce3d020106092b2403030208010108034200043037c01b4a5ac53742e3f5528dffb0f010ab6ebeb08d792b32e19e9006ca331a024b67698d7cf4b575ccd9389441d5c640b77c63771cef1bd85675361c6602a4 | |

result = invalid | |

shared = | |

# tcId = 352 | |

# Public key uses wrong curve: brainpoolP320t1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 306a301406072a8648ce3d020106092b240303020801010a035200040f0fd972a495a140124a4019291a20f5b39fb755c126bf268643bb3091eca44f2a3cda1dead6ab1f4fe08a4b3872423f71e5bf96b1c20bc0ca73b7e2c134cc14a5f77bc838ebcf01084da3bf15663536 | |

result = invalid | |

shared = | |

# tcId = 353 | |

# Public key uses wrong curve: brainpoolP384t1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 307a301406072a8648ce3d020106092b240303020801010c0362000403b65faf5a6bf74bd5c166278a4b566c6c705ac6363e61f3b0699e116d3c5b19e8b7021b75b005f78a8cea8de34c49397f9b3b2bfc8706eb8163c802371eff7dfc825c40aa84dd9d1c4b34615ee5ae28c6c05d58d2a8ccc3786382b712d3bcda | |

result = invalid | |

shared = | |

# tcId = 354 | |

# Public key uses wrong curve: brainpoolP512t1 | |

curve = secp256r1 | |

private = 0b44f9670fedba887ad8e806226063e77604b27c362836326e93ecb7fcc6dc297 | |

public = 30819b301406072a8648ce3d020106092b240303020801010e03818200047504d660943a69ab043378e44c034896534a346e0e95f35fcaad3503b490856bfb20a753ecabc6d7bfeec28d057f919923b7d3c086953eb16c5bd287b59788db72dbb7c273854294c927ea7eca205aae2f0830e5faaddad8316231bfc3572c85c33cb7054e04c8936e3ce059c907e59f40593444e590b31820bc1f514ed0ec8a | |

result = invalid | |

shared = | |

# tcId = 355 | |

# invalid public key | |

curve = secp256r1 | |

private = 6f953faff3599e6c762d7f4cabfeed092de2add1df1bc5748c6cbb725cf35458 | |

public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002fd4bf61763b46581fd9174d623516cf3c81edd40e29ffa2777fb6cb0ae3ce535 | |

result = invalid | |

shared = | |

# The point in the public key is compressed. Not every library supports points | |

# in compressed format. | |

# tcId = 356 | |

# public key is a low order point on twist | |

curve = secp256r1 | |

private = 0d27edf0ff5b6b6b465753e7158370332c153b468a1be087ad0f490bdb99e5f02 | |

public = 3039301306072a8648ce3d020106082a8648ce3d03010703220003efdde3b32872a9effcf3b94cbf73aa7b39f9683ece9121b9852167f4e3da609b | |

result = invalid | |

shared = | |

# The point in the public key is compressed. Not every library supports points | |

# in compressed format. | |

# tcId = 357 | |

# public key is a low order point on twist | |

curve = secp256r1 | |

private = 0d27edf0ff5b6b6b465753e7158370332c153b468a1be087ad0f490bdb99e5f03 | |

public = 3039301306072a8648ce3d020106082a8648ce3d03010703220002efdde3b32872a9effcf3b94cbf73aa7b39f9683ece9121b9852167f4e3da609b | |

result = invalid | |

shared = | |

# The point in the public key is compressed. Not every library supports points | |

# in compressed format. | |

# tcId = 358 | |

# public key is a low order point on twist | |