projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
kernel: 5.4: import wireguard backport
[openwrt/openwrt.git] / target / linux / generic / backport-5.4 / 080-wireguard-0026-crypto-curve25519-add-kpp-selftest.patch
1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
2 From: Ard Biesheuvel <ardb@kernel.org>
3 Date: Fri, 8 Nov 2019 13:22:33 +0100
4 Subject: [PATCH] crypto: curve25519 - add kpp selftest
5
6 commit f613457a7af085728297bef71233c37faf3c01b1 upstream.
7
8 In preparation of introducing KPP implementations of Curve25519, import
9 the set of test cases proposed by the Zinc patch set, but converted to
10 the KPP format.
11
12 Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
13 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
14 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
15 ---
16 crypto/testmgr.c | 6 +
17 crypto/testmgr.h | 1225 ++++++++++++++++++++++++++++++++++++++++++++++
18 2 files changed, 1231 insertions(+)
19
20 --- a/crypto/testmgr.c
21 +++ b/crypto/testmgr.c
22 @@ -4296,6 +4296,12 @@ static const struct alg_test_desc alg_te
23 .test = alg_test_null,
24 .fips_allowed = 1,
25 }, {
26 + .alg = "curve25519",
27 + .test = alg_test_kpp,
28 + .suite = {
29 + .kpp = __VECS(curve25519_tv_template)
30 + }
31 + }, {
32 .alg = "deflate",
33 .test = alg_test_comp,
34 .fips_allowed = 1,
35 --- a/crypto/testmgr.h
36 +++ b/crypto/testmgr.h
37 @@ -1030,6 +1030,1231 @@ static const struct kpp_testvec dh_tv_te
38 }
39 };
40
41 +static const struct kpp_testvec curve25519_tv_template[] = {
42 +{
43 + .secret = (u8[32]){ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d,
44 + 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45,
45 + 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
46 + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a },
47 + .b_public = (u8[32]){ 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4,
48 + 0xd3, 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37,
49 + 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d,
50 + 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f },
51 + .expected_ss = (u8[32]){ 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
52 + 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
53 + 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
54 + 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 },
55 + .secret_size = 32,
56 + .b_public_size = 32,
57 + .expected_ss_size = 32,
58 +
59 +},
60 +{
61 + .secret = (u8[32]){ 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b,
62 + 0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6,
63 + 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd,
64 + 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb },
65 + .b_public = (u8[32]){ 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54,
66 + 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a,
67 + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4,
68 + 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a },
69 + .expected_ss = (u8[32]){ 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
70 + 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
71 + 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
72 + 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 },
73 + .secret_size = 32,
74 + .b_public_size = 32,
75 + .expected_ss_size = 32,
76 +
77 +},
78 +{
79 + .secret = (u8[32]){ 1 },
80 + .b_public = (u8[32]){ 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
81 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
82 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
83 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
84 + .expected_ss = (u8[32]){ 0x3c, 0x77, 0x77, 0xca, 0xf9, 0x97, 0xb2, 0x64,
85 + 0x41, 0x60, 0x77, 0x66, 0x5b, 0x4e, 0x22, 0x9d,
86 + 0x0b, 0x95, 0x48, 0xdc, 0x0c, 0xd8, 0x19, 0x98,
87 + 0xdd, 0xcd, 0xc5, 0xc8, 0x53, 0x3c, 0x79, 0x7f },
88 + .secret_size = 32,
89 + .b_public_size = 32,
90 + .expected_ss_size = 32,
91 +
92 +},
93 +{
94 + .secret = (u8[32]){ 1 },
95 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
96 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
97 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
98 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
99 + .expected_ss = (u8[32]){ 0xb3, 0x2d, 0x13, 0x62, 0xc2, 0x48, 0xd6, 0x2f,
100 + 0xe6, 0x26, 0x19, 0xcf, 0xf0, 0x4d, 0xd4, 0x3d,
101 + 0xb7, 0x3f, 0xfc, 0x1b, 0x63, 0x08, 0xed, 0xe3,
102 + 0x0b, 0x78, 0xd8, 0x73, 0x80, 0xf1, 0xe8, 0x34 },
103 + .secret_size = 32,
104 + .b_public_size = 32,
105 + .expected_ss_size = 32,
106 +
107 +},
108 +{
109 + .secret = (u8[32]){ 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
110 + 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
111 + 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
112 + 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4 },
113 + .b_public = (u8[32]){ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
114 + 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
115 + 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
116 + 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c },
117 + .expected_ss = (u8[32]){ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
118 + 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
119 + 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
120 + 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 },
121 + .secret_size = 32,
122 + .b_public_size = 32,
123 + .expected_ss_size = 32,
124 +
125 +},
126 +{
127 + .secret = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0x0a, 0xff, 0xff, 0xff,
128 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
129 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
130 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
131 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
132 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
133 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
134 + 0xff, 0xff, 0xff, 0xff, 0x0a, 0x00, 0xfb, 0x9f },
135 + .expected_ss = (u8[32]){ 0x77, 0x52, 0xb6, 0x18, 0xc1, 0x2d, 0x48, 0xd2,
136 + 0xc6, 0x93, 0x46, 0x83, 0x81, 0x7c, 0xc6, 0x57,
137 + 0xf3, 0x31, 0x03, 0x19, 0x49, 0x48, 0x20, 0x05,
138 + 0x42, 0x2b, 0x4e, 0xae, 0x8d, 0x1d, 0x43, 0x23 },
139 + .secret_size = 32,
140 + .b_public_size = 32,
141 + .expected_ss_size = 32,
142 +
143 +},
144 +{
145 + .secret = (u8[32]){ 0x8e, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
149 + .b_public = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
150 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
151 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
152 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8e, 0x06 },
153 + .expected_ss = (u8[32]){ 0x5a, 0xdf, 0xaa, 0x25, 0x86, 0x8e, 0x32, 0x3d,
154 + 0xae, 0x49, 0x62, 0xc1, 0x01, 0x5c, 0xb3, 0x12,
155 + 0xe1, 0xc5, 0xc7, 0x9e, 0x95, 0x3f, 0x03, 0x99,
156 + 0xb0, 0xba, 0x16, 0x22, 0xf3, 0xb6, 0xf7, 0x0c },
157 + .secret_size = 32,
158 + .b_public_size = 32,
159 + .expected_ss_size = 32,
160 +
161 +},
162 +/* wycheproof - normal case */
163 +{
164 + .secret = (u8[32]){ 0x48, 0x52, 0x83, 0x4d, 0x9d, 0x6b, 0x77, 0xda,
165 + 0xde, 0xab, 0xaa, 0xf2, 0xe1, 0x1d, 0xca, 0x66,
166 + 0xd1, 0x9f, 0xe7, 0x49, 0x93, 0xa7, 0xbe, 0xc3,
167 + 0x6c, 0x6e, 0x16, 0xa0, 0x98, 0x3f, 0xea, 0xba },
168 + .b_public = (u8[32]){ 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5,
169 + 0x8f, 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9,
170 + 0x15, 0xc4, 0xb2, 0xe0, 0x8e, 0x74, 0x4a, 0x0e,
171 + 0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a },
172 + .expected_ss = (u8[32]){ 0x87, 0xb7, 0xf2, 0x12, 0xb6, 0x27, 0xf7, 0xa5,
173 + 0x4c, 0xa5, 0xe0, 0xbc, 0xda, 0xdd, 0xd5, 0x38,
174 + 0x9d, 0x9d, 0xe6, 0x15, 0x6c, 0xdb, 0xcf, 0x8e,
175 + 0xbe, 0x14, 0xff, 0xbc, 0xfb, 0x43, 0x65, 0x51 },
176 + .secret_size = 32,
177 + .b_public_size = 32,
178 + .expected_ss_size = 32,
179 +
180 +},
181 +/* wycheproof - public key on twist */
182 +{
183 + .secret = (u8[32]){ 0x58, 0x8c, 0x06, 0x1a, 0x50, 0x80, 0x4a, 0xc4,
184 + 0x88, 0xad, 0x77, 0x4a, 0xc7, 0x16, 0xc3, 0xf5,
185 + 0xba, 0x71, 0x4b, 0x27, 0x12, 0xe0, 0x48, 0x49,
186 + 0x13, 0x79, 0xa5, 0x00, 0x21, 0x19, 0x98, 0xa8 },
187 + .b_public = (u8[32]){ 0x63, 0xaa, 0x40, 0xc6, 0xe3, 0x83, 0x46, 0xc5,
188 + 0xca, 0xf2, 0x3a, 0x6d, 0xf0, 0xa5, 0xe6, 0xc8,
189 + 0x08, 0x89, 0xa0, 0x86, 0x47, 0xe5, 0x51, 0xb3,
190 + 0x56, 0x34, 0x49, 0xbe, 0xfc, 0xfc, 0x97, 0x33 },
191 + .expected_ss = (u8[32]){ 0xb1, 0xa7, 0x07, 0x51, 0x94, 0x95, 0xff, 0xff,
192 + 0xb2, 0x98, 0xff, 0x94, 0x17, 0x16, 0xb0, 0x6d,
193 + 0xfa, 0xb8, 0x7c, 0xf8, 0xd9, 0x11, 0x23, 0xfe,
194 + 0x2b, 0xe9, 0xa2, 0x33, 0xdd, 0xa2, 0x22, 0x12 },
195 + .secret_size = 32,
196 + .b_public_size = 32,
197 + .expected_ss_size = 32,
198 +
199 +},
200 +/* wycheproof - public key on twist */
201 +{
202 + .secret = (u8[32]){ 0xb0, 0x5b, 0xfd, 0x32, 0xe5, 0x53, 0x25, 0xd9,
203 + 0xfd, 0x64, 0x8c, 0xb3, 0x02, 0x84, 0x80, 0x39,
204 + 0x00, 0x0b, 0x39, 0x0e, 0x44, 0xd5, 0x21, 0xe5,
205 + 0x8a, 0xab, 0x3b, 0x29, 0xa6, 0x96, 0x0b, 0xa8 },
206 + .b_public = (u8[32]){ 0x0f, 0x83, 0xc3, 0x6f, 0xde, 0xd9, 0xd3, 0x2f,
207 + 0xad, 0xf4, 0xef, 0xa3, 0xae, 0x93, 0xa9, 0x0b,
208 + 0xb5, 0xcf, 0xa6, 0x68, 0x93, 0xbc, 0x41, 0x2c,
209 + 0x43, 0xfa, 0x72, 0x87, 0xdb, 0xb9, 0x97, 0x79 },
210 + .expected_ss = (u8[32]){ 0x67, 0xdd, 0x4a, 0x6e, 0x16, 0x55, 0x33, 0x53,
211 + 0x4c, 0x0e, 0x3f, 0x17, 0x2e, 0x4a, 0xb8, 0x57,
212 + 0x6b, 0xca, 0x92, 0x3a, 0x5f, 0x07, 0xb2, 0xc0,
213 + 0x69, 0xb4, 0xc3, 0x10, 0xff, 0x2e, 0x93, 0x5b },
214 + .secret_size = 32,
215 + .b_public_size = 32,
216 + .expected_ss_size = 32,
217 +
218 +},
219 +/* wycheproof - public key on twist */
220 +{
221 + .secret = (u8[32]){ 0x70, 0xe3, 0x4b, 0xcb, 0xe1, 0xf4, 0x7f, 0xbc,
222 + 0x0f, 0xdd, 0xfd, 0x7c, 0x1e, 0x1a, 0xa5, 0x3d,
223 + 0x57, 0xbf, 0xe0, 0xf6, 0x6d, 0x24, 0x30, 0x67,
224 + 0xb4, 0x24, 0xbb, 0x62, 0x10, 0xbe, 0xd1, 0x9c },
225 + .b_public = (u8[32]){ 0x0b, 0x82, 0x11, 0xa2, 0xb6, 0x04, 0x90, 0x97,
226 + 0xf6, 0x87, 0x1c, 0x6c, 0x05, 0x2d, 0x3c, 0x5f,
227 + 0xc1, 0xba, 0x17, 0xda, 0x9e, 0x32, 0xae, 0x45,
228 + 0x84, 0x03, 0xb0, 0x5b, 0xb2, 0x83, 0x09, 0x2a },
229 + .expected_ss = (u8[32]){ 0x4a, 0x06, 0x38, 0xcf, 0xaa, 0x9e, 0xf1, 0x93,
230 + 0x3b, 0x47, 0xf8, 0x93, 0x92, 0x96, 0xa6, 0xb2,
231 + 0x5b, 0xe5, 0x41, 0xef, 0x7f, 0x70, 0xe8, 0x44,
232 + 0xc0, 0xbc, 0xc0, 0x0b, 0x13, 0x4d, 0xe6, 0x4a },
233 + .secret_size = 32,
234 + .b_public_size = 32,
235 + .expected_ss_size = 32,
236 +
237 +},
238 +/* wycheproof - public key on twist */
239 +{
240 + .secret = (u8[32]){ 0x68, 0xc1, 0xf3, 0xa6, 0x53, 0xa4, 0xcd, 0xb1,
241 + 0xd3, 0x7b, 0xba, 0x94, 0x73, 0x8f, 0x8b, 0x95,
242 + 0x7a, 0x57, 0xbe, 0xb2, 0x4d, 0x64, 0x6e, 0x99,
243 + 0x4d, 0xc2, 0x9a, 0x27, 0x6a, 0xad, 0x45, 0x8d },
244 + .b_public = (u8[32]){ 0x34, 0x3a, 0xc2, 0x0a, 0x3b, 0x9c, 0x6a, 0x27,
245 + 0xb1, 0x00, 0x81, 0x76, 0x50, 0x9a, 0xd3, 0x07,
246 + 0x35, 0x85, 0x6e, 0xc1, 0xc8, 0xd8, 0xfc, 0xae,
247 + 0x13, 0x91, 0x2d, 0x08, 0xd1, 0x52, 0xf4, 0x6c },
248 + .expected_ss = (u8[32]){ 0x39, 0x94, 0x91, 0xfc, 0xe8, 0xdf, 0xab, 0x73,
249 + 0xb4, 0xf9, 0xf6, 0x11, 0xde, 0x8e, 0xa0, 0xb2,
250 + 0x7b, 0x28, 0xf8, 0x59, 0x94, 0x25, 0x0b, 0x0f,
251 + 0x47, 0x5d, 0x58, 0x5d, 0x04, 0x2a, 0xc2, 0x07 },
252 + .secret_size = 32,
253 + .b_public_size = 32,
254 + .expected_ss_size = 32,
255 +
256 +},
257 +/* wycheproof - public key on twist */
258 +{
259 + .secret = (u8[32]){ 0xd8, 0x77, 0xb2, 0x6d, 0x06, 0xdf, 0xf9, 0xd9,
260 + 0xf7, 0xfd, 0x4c, 0x5b, 0x37, 0x69, 0xf8, 0xcd,
261 + 0xd5, 0xb3, 0x05, 0x16, 0xa5, 0xab, 0x80, 0x6b,
262 + 0xe3, 0x24, 0xff, 0x3e, 0xb6, 0x9e, 0xa0, 0xb2 },
263 + .b_public = (u8[32]){ 0xfa, 0x69, 0x5f, 0xc7, 0xbe, 0x8d, 0x1b, 0xe5,
264 + 0xbf, 0x70, 0x48, 0x98, 0xf3, 0x88, 0xc4, 0x52,
265 + 0xba, 0xfd, 0xd3, 0xb8, 0xea, 0xe8, 0x05, 0xf8,
266 + 0x68, 0x1a, 0x8d, 0x15, 0xc2, 0xd4, 0xe1, 0x42 },
267 + .expected_ss = (u8[32]){ 0x2c, 0x4f, 0xe1, 0x1d, 0x49, 0x0a, 0x53, 0x86,
268 + 0x17, 0x76, 0xb1, 0x3b, 0x43, 0x54, 0xab, 0xd4,
269 + 0xcf, 0x5a, 0x97, 0x69, 0x9d, 0xb6, 0xe6, 0xc6,
270 + 0x8c, 0x16, 0x26, 0xd0, 0x76, 0x62, 0xf7, 0x58 },
271 + .secret_size = 32,
272 + .b_public_size = 32,
273 + .expected_ss_size = 32,
274 +
275 +},
276 +/* wycheproof - edge case on twist */
277 +{
278 + .secret = (u8[32]){ 0x38, 0xdd, 0xe9, 0xf3, 0xe7, 0xb7, 0x99, 0x04,
279 + 0x5f, 0x9a, 0xc3, 0x79, 0x3d, 0x4a, 0x92, 0x77,
280 + 0xda, 0xde, 0xad, 0xc4, 0x1b, 0xec, 0x02, 0x90,
281 + 0xf8, 0x1f, 0x74, 0x4f, 0x73, 0x77, 0x5f, 0x84 },
282 + .b_public = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
283 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
284 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
285 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
286 + .expected_ss = (u8[32]){ 0x9a, 0x2c, 0xfe, 0x84, 0xff, 0x9c, 0x4a, 0x97,
287 + 0x39, 0x62, 0x5c, 0xae, 0x4a, 0x3b, 0x82, 0xa9,
288 + 0x06, 0x87, 0x7a, 0x44, 0x19, 0x46, 0xf8, 0xd7,
289 + 0xb3, 0xd7, 0x95, 0xfe, 0x8f, 0x5d, 0x16, 0x39 },
290 + .secret_size = 32,
291 + .b_public_size = 32,
292 + .expected_ss_size = 32,
293 +
294 +},
295 +/* wycheproof - edge case on twist */
296 +{
297 + .secret = (u8[32]){ 0x98, 0x57, 0xa9, 0x14, 0xe3, 0xc2, 0x90, 0x36,
298 + 0xfd, 0x9a, 0x44, 0x2b, 0xa5, 0x26, 0xb5, 0xcd,
299 + 0xcd, 0xf2, 0x82, 0x16, 0x15, 0x3e, 0x63, 0x6c,
300 + 0x10, 0x67, 0x7a, 0xca, 0xb6, 0xbd, 0x6a, 0xa5 },
301 + .b_public = (u8[32]){ 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
302 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
303 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
304 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
305 + .expected_ss = (u8[32]){ 0x4d, 0xa4, 0xe0, 0xaa, 0x07, 0x2c, 0x23, 0x2e,
306 + 0xe2, 0xf0, 0xfa, 0x4e, 0x51, 0x9a, 0xe5, 0x0b,
307 + 0x52, 0xc1, 0xed, 0xd0, 0x8a, 0x53, 0x4d, 0x4e,
308 + 0xf3, 0x46, 0xc2, 0xe1, 0x06, 0xd2, 0x1d, 0x60 },
309 + .secret_size = 32,
310 + .b_public_size = 32,
311 + .expected_ss_size = 32,
312 +
313 +},
314 +/* wycheproof - edge case on twist */
315 +{
316 + .secret = (u8[32]){ 0x48, 0xe2, 0x13, 0x0d, 0x72, 0x33, 0x05, 0xed,
317 + 0x05, 0xe6, 0xe5, 0x89, 0x4d, 0x39, 0x8a, 0x5e,
318 + 0x33, 0x36, 0x7a, 0x8c, 0x6a, 0xac, 0x8f, 0xcd,
319 + 0xf0, 0xa8, 0x8e, 0x4b, 0x42, 0x82, 0x0d, 0xb7 },
320 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0xf8, 0xff,
321 + 0xff, 0x1f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff,
322 + 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0x07, 0x00,
323 + 0x00, 0xf0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00 },
324 + .expected_ss = (u8[32]){ 0x9e, 0xd1, 0x0c, 0x53, 0x74, 0x7f, 0x64, 0x7f,
325 + 0x82, 0xf4, 0x51, 0x25, 0xd3, 0xde, 0x15, 0xa1,
326 + 0xe6, 0xb8, 0x24, 0x49, 0x6a, 0xb4, 0x04, 0x10,
327 + 0xff, 0xcc, 0x3c, 0xfe, 0x95, 0x76, 0x0f, 0x3b },
328 + .secret_size = 32,
329 + .b_public_size = 32,
330 + .expected_ss_size = 32,
331 +
332 +},
333 +/* wycheproof - edge case on twist */
334 +{
335 + .secret = (u8[32]){ 0x28, 0xf4, 0x10, 0x11, 0x69, 0x18, 0x51, 0xb3,
336 + 0xa6, 0x2b, 0x64, 0x15, 0x53, 0xb3, 0x0d, 0x0d,
337 + 0xfd, 0xdc, 0xb8, 0xff, 0xfc, 0xf5, 0x37, 0x00,
338 + 0xa7, 0xbe, 0x2f, 0x6a, 0x87, 0x2e, 0x9f, 0xb0 },
339 + .b_public = (u8[32]){ 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0x07, 0x00,
340 + 0x00, 0xe0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00,
341 + 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0xf8, 0xff,
342 + 0xff, 0x0f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x7f },
343 + .expected_ss = (u8[32]){ 0xcf, 0x72, 0xb4, 0xaa, 0x6a, 0xa1, 0xc9, 0xf8,
344 + 0x94, 0xf4, 0x16, 0x5b, 0x86, 0x10, 0x9a, 0xa4,
345 + 0x68, 0x51, 0x76, 0x48, 0xe1, 0xf0, 0xcc, 0x70,
346 + 0xe1, 0xab, 0x08, 0x46, 0x01, 0x76, 0x50, 0x6b },
347 + .secret_size = 32,
348 + .b_public_size = 32,
349 + .expected_ss_size = 32,
350 +
351 +},
352 +/* wycheproof - edge case on twist */
353 +{
354 + .secret = (u8[32]){ 0x18, 0xa9, 0x3b, 0x64, 0x99, 0xb9, 0xf6, 0xb3,
355 + 0x22, 0x5c, 0xa0, 0x2f, 0xef, 0x41, 0x0e, 0x0a,
356 + 0xde, 0xc2, 0x35, 0x32, 0x32, 0x1d, 0x2d, 0x8e,
357 + 0xf1, 0xa6, 0xd6, 0x02, 0xa8, 0xc6, 0x5b, 0x83 },
358 + .b_public = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
359 + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
360 + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
361 + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x7f },
362 + .expected_ss = (u8[32]){ 0x5d, 0x50, 0xb6, 0x28, 0x36, 0xbb, 0x69, 0x57,
363 + 0x94, 0x10, 0x38, 0x6c, 0xf7, 0xbb, 0x81, 0x1c,
364 + 0x14, 0xbf, 0x85, 0xb1, 0xc7, 0xb1, 0x7e, 0x59,
365 + 0x24, 0xc7, 0xff, 0xea, 0x91, 0xef, 0x9e, 0x12 },
366 + .secret_size = 32,
367 + .b_public_size = 32,
368 + .expected_ss_size = 32,
369 +
370 +},
371 +/* wycheproof - edge case on twist */
372 +{
373 + .secret = (u8[32]){ 0xc0, 0x1d, 0x13, 0x05, 0xa1, 0x33, 0x8a, 0x1f,
374 + 0xca, 0xc2, 0xba, 0x7e, 0x2e, 0x03, 0x2b, 0x42,
375 + 0x7e, 0x0b, 0x04, 0x90, 0x31, 0x65, 0xac, 0xa9,
376 + 0x57, 0xd8, 0xd0, 0x55, 0x3d, 0x87, 0x17, 0xb0 },
377 + .b_public = (u8[32]){ 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
378 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
379 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
380 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
381 + .expected_ss = (u8[32]){ 0x19, 0x23, 0x0e, 0xb1, 0x48, 0xd5, 0xd6, 0x7c,
382 + 0x3c, 0x22, 0xab, 0x1d, 0xae, 0xff, 0x80, 0xa5,
383 + 0x7e, 0xae, 0x42, 0x65, 0xce, 0x28, 0x72, 0x65,
384 + 0x7b, 0x2c, 0x80, 0x99, 0xfc, 0x69, 0x8e, 0x50 },
385 + .secret_size = 32,
386 + .b_public_size = 32,
387 + .expected_ss_size = 32,
388 +
389 +},
390 +/* wycheproof - edge case for public key */
391 +{
392 + .secret = (u8[32]){ 0x38, 0x6f, 0x7f, 0x16, 0xc5, 0x07, 0x31, 0xd6,
393 + 0x4f, 0x82, 0xe6, 0xa1, 0x70, 0xb1, 0x42, 0xa4,
394 + 0xe3, 0x4f, 0x31, 0xfd, 0x77, 0x68, 0xfc, 0xb8,
395 + 0x90, 0x29, 0x25, 0xe7, 0xd1, 0xe2, 0x1a, 0xbe },
396 + .b_public = (u8[32]){ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
397 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
398 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
399 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
400 + .expected_ss = (u8[32]){ 0x0f, 0xca, 0xb5, 0xd8, 0x42, 0xa0, 0x78, 0xd7,
401 + 0xa7, 0x1f, 0xc5, 0x9b, 0x57, 0xbf, 0xb4, 0xca,
402 + 0x0b, 0xe6, 0x87, 0x3b, 0x49, 0xdc, 0xdb, 0x9f,
403 + 0x44, 0xe1, 0x4a, 0xe8, 0xfb, 0xdf, 0xa5, 0x42 },
404 + .secret_size = 32,
405 + .b_public_size = 32,
406 + .expected_ss_size = 32,
407 +
408 +},
409 +/* wycheproof - edge case for public key */
410 +{
411 + .secret = (u8[32]){ 0xe0, 0x23, 0xa2, 0x89, 0xbd, 0x5e, 0x90, 0xfa,
412 + 0x28, 0x04, 0xdd, 0xc0, 0x19, 0xa0, 0x5e, 0xf3,
413 + 0xe7, 0x9d, 0x43, 0x4b, 0xb6, 0xea, 0x2f, 0x52,
414 + 0x2e, 0xcb, 0x64, 0x3a, 0x75, 0x29, 0x6e, 0x95 },
415 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
416 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
417 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
418 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 },
419 + .expected_ss = (u8[32]){ 0x54, 0xce, 0x8f, 0x22, 0x75, 0xc0, 0x77, 0xe3,
420 + 0xb1, 0x30, 0x6a, 0x39, 0x39, 0xc5, 0xe0, 0x3e,
421 + 0xef, 0x6b, 0xbb, 0x88, 0x06, 0x05, 0x44, 0x75,
422 + 0x8d, 0x9f, 0xef, 0x59, 0xb0, 0xbc, 0x3e, 0x4f },
423 + .secret_size = 32,
424 + .b_public_size = 32,
425 + .expected_ss_size = 32,
426 +
427 +},
428 +/* wycheproof - edge case for public key */
429 +{
430 + .secret = (u8[32]){ 0x68, 0xf0, 0x10, 0xd6, 0x2e, 0xe8, 0xd9, 0x26,
431 + 0x05, 0x3a, 0x36, 0x1c, 0x3a, 0x75, 0xc6, 0xea,
432 + 0x4e, 0xbd, 0xc8, 0x60, 0x6a, 0xb2, 0x85, 0x00,
433 + 0x3a, 0x6f, 0x8f, 0x40, 0x76, 0xb0, 0x1e, 0x83 },
434 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
435 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
436 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
437 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03 },
438 + .expected_ss = (u8[32]){ 0xf1, 0x36, 0x77, 0x5c, 0x5b, 0xeb, 0x0a, 0xf8,
439 + 0x11, 0x0a, 0xf1, 0x0b, 0x20, 0x37, 0x23, 0x32,
440 + 0x04, 0x3c, 0xab, 0x75, 0x24, 0x19, 0x67, 0x87,
441 + 0x75, 0xa2, 0x23, 0xdf, 0x57, 0xc9, 0xd3, 0x0d },
442 + .secret_size = 32,
443 + .b_public_size = 32,
444 + .expected_ss_size = 32,
445 +
446 +},
447 +/* wycheproof - edge case for public key */
448 +{
449 + .secret = (u8[32]){ 0x58, 0xeb, 0xcb, 0x35, 0xb0, 0xf8, 0x84, 0x5c,
450 + 0xaf, 0x1e, 0xc6, 0x30, 0xf9, 0x65, 0x76, 0xb6,
451 + 0x2c, 0x4b, 0x7b, 0x6c, 0x36, 0xb2, 0x9d, 0xeb,
452 + 0x2c, 0xb0, 0x08, 0x46, 0x51, 0x75, 0x5c, 0x96 },
453 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xfb, 0xff, 0xff, 0xfb, 0xff,
454 + 0xff, 0xdf, 0xff, 0xff, 0xdf, 0xff, 0xff, 0xff,
455 + 0xfe, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xf7, 0xff,
456 + 0xff, 0xf7, 0xff, 0xff, 0xbf, 0xff, 0xff, 0x3f },
457 + .expected_ss = (u8[32]){ 0xbf, 0x9a, 0xff, 0xd0, 0x6b, 0x84, 0x40, 0x85,
458 + 0x58, 0x64, 0x60, 0x96, 0x2e, 0xf2, 0x14, 0x6f,
459 + 0xf3, 0xd4, 0x53, 0x3d, 0x94, 0x44, 0xaa, 0xb0,
460 + 0x06, 0xeb, 0x88, 0xcc, 0x30, 0x54, 0x40, 0x7d },
461 + .secret_size = 32,
462 + .b_public_size = 32,
463 + .expected_ss_size = 32,
464 +
465 +},
466 +/* wycheproof - edge case for public key */
467 +{
468 + .secret = (u8[32]){ 0x18, 0x8c, 0x4b, 0xc5, 0xb9, 0xc4, 0x4b, 0x38,
469 + 0xbb, 0x65, 0x8b, 0x9b, 0x2a, 0xe8, 0x2d, 0x5b,
470 + 0x01, 0x01, 0x5e, 0x09, 0x31, 0x84, 0xb1, 0x7c,
471 + 0xb7, 0x86, 0x35, 0x03, 0xa7, 0x83, 0xe1, 0xbb },
472 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
473 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
474 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
475 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
476 + .expected_ss = (u8[32]){ 0xd4, 0x80, 0xde, 0x04, 0xf6, 0x99, 0xcb, 0x3b,
477 + 0xe0, 0x68, 0x4a, 0x9c, 0xc2, 0xe3, 0x12, 0x81,
478 + 0xea, 0x0b, 0xc5, 0xa9, 0xdc, 0xc1, 0x57, 0xd3,
479 + 0xd2, 0x01, 0x58, 0xd4, 0x6c, 0xa5, 0x24, 0x6d },
480 + .secret_size = 32,
481 + .b_public_size = 32,
482 + .expected_ss_size = 32,
483 +
484 +},
485 +/* wycheproof - edge case for public key */
486 +{
487 + .secret = (u8[32]){ 0xe0, 0x6c, 0x11, 0xbb, 0x2e, 0x13, 0xce, 0x3d,
488 + 0xc7, 0x67, 0x3f, 0x67, 0xf5, 0x48, 0x22, 0x42,
489 + 0x90, 0x94, 0x23, 0xa9, 0xae, 0x95, 0xee, 0x98,
490 + 0x6a, 0x98, 0x8d, 0x98, 0xfa, 0xee, 0x23, 0xa2 },
491 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f,
492 + 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f,
493 + 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f,
494 + 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f },
495 + .expected_ss = (u8[32]){ 0x4c, 0x44, 0x01, 0xcc, 0xe6, 0xb5, 0x1e, 0x4c,
496 + 0xb1, 0x8f, 0x27, 0x90, 0x24, 0x6c, 0x9b, 0xf9,
497 + 0x14, 0xdb, 0x66, 0x77, 0x50, 0xa1, 0xcb, 0x89,
498 + 0x06, 0x90, 0x92, 0xaf, 0x07, 0x29, 0x22, 0x76 },
499 + .secret_size = 32,
500 + .b_public_size = 32,
501 + .expected_ss_size = 32,
502 +
503 +},
504 +/* wycheproof - edge case for public key */
505 +{
506 + .secret = (u8[32]){ 0xc0, 0x65, 0x8c, 0x46, 0xdd, 0xe1, 0x81, 0x29,
507 + 0x29, 0x38, 0x77, 0x53, 0x5b, 0x11, 0x62, 0xb6,
508 + 0xf9, 0xf5, 0x41, 0x4a, 0x23, 0xcf, 0x4d, 0x2c,
509 + 0xbc, 0x14, 0x0a, 0x4d, 0x99, 0xda, 0x2b, 0x8f },
510 + .b_public = (u8[32]){ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
511 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
512 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
513 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
514 + .expected_ss = (u8[32]){ 0x57, 0x8b, 0xa8, 0xcc, 0x2d, 0xbd, 0xc5, 0x75,
515 + 0xaf, 0xcf, 0x9d, 0xf2, 0xb3, 0xee, 0x61, 0x89,
516 + 0xf5, 0x33, 0x7d, 0x68, 0x54, 0xc7, 0x9b, 0x4c,
517 + 0xe1, 0x65, 0xea, 0x12, 0x29, 0x3b, 0x3a, 0x0f },
518 + .secret_size = 32,
519 + .b_public_size = 32,
520 + .expected_ss_size = 32,
521 +
522 +},
523 +/* wycheproof - public key >= p */
524 +{
525 + .secret = (u8[32]){ 0xf0, 0x1e, 0x48, 0xda, 0xfa, 0xc9, 0xd7, 0xbc,
526 + 0xf5, 0x89, 0xcb, 0xc3, 0x82, 0xc8, 0x78, 0xd1,
527 + 0x8b, 0xda, 0x35, 0x50, 0x58, 0x9f, 0xfb, 0x5d,
528 + 0x50, 0xb5, 0x23, 0xbe, 0xbe, 0x32, 0x9d, 0xae },
529 + .b_public = (u8[32]){ 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
530 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
531 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
532 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
533 + .expected_ss = (u8[32]){ 0xbd, 0x36, 0xa0, 0x79, 0x0e, 0xb8, 0x83, 0x09,
534 + 0x8c, 0x98, 0x8b, 0x21, 0x78, 0x67, 0x73, 0xde,
535 + 0x0b, 0x3a, 0x4d, 0xf1, 0x62, 0x28, 0x2c, 0xf1,
536 + 0x10, 0xde, 0x18, 0xdd, 0x48, 0x4c, 0xe7, 0x4b },
537 + .secret_size = 32,
538 + .b_public_size = 32,
539 + .expected_ss_size = 32,
540 +
541 +},
542 +/* wycheproof - public key >= p */
543 +{
544 + .secret = (u8[32]){ 0x28, 0x87, 0x96, 0xbc, 0x5a, 0xff, 0x4b, 0x81,
545 + 0xa3, 0x75, 0x01, 0x75, 0x7b, 0xc0, 0x75, 0x3a,
546 + 0x3c, 0x21, 0x96, 0x47, 0x90, 0xd3, 0x86, 0x99,
547 + 0x30, 0x8d, 0xeb, 0xc1, 0x7a, 0x6e, 0xaf, 0x8d },
548 + .b_public = (u8[32]){ 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
549 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
550 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
551 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
552 + .expected_ss = (u8[32]){ 0xb4, 0xe0, 0xdd, 0x76, 0xda, 0x7b, 0x07, 0x17,
553 + 0x28, 0xb6, 0x1f, 0x85, 0x67, 0x71, 0xaa, 0x35,
554 + 0x6e, 0x57, 0xed, 0xa7, 0x8a, 0x5b, 0x16, 0x55,
555 + 0xcc, 0x38, 0x20, 0xfb, 0x5f, 0x85, 0x4c, 0x5c },
556 + .secret_size = 32,
557 + .b_public_size = 32,
558 + .expected_ss_size = 32,
559 +
560 +},
561 +/* wycheproof - public key >= p */
562 +{
563 + .secret = (u8[32]){ 0x98, 0xdf, 0x84, 0x5f, 0x66, 0x51, 0xbf, 0x11,
564 + 0x38, 0x22, 0x1f, 0x11, 0x90, 0x41, 0xf7, 0x2b,
565 + 0x6d, 0xbc, 0x3c, 0x4a, 0xce, 0x71, 0x43, 0xd9,
566 + 0x9f, 0xd5, 0x5a, 0xd8, 0x67, 0x48, 0x0d, 0xa8 },
567 + .b_public = (u8[32]){ 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
568 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
569 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
570 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
571 + .expected_ss = (u8[32]){ 0x6f, 0xdf, 0x6c, 0x37, 0x61, 0x1d, 0xbd, 0x53,
572 + 0x04, 0xdc, 0x0f, 0x2e, 0xb7, 0xc9, 0x51, 0x7e,
573 + 0xb3, 0xc5, 0x0e, 0x12, 0xfd, 0x05, 0x0a, 0xc6,
574 + 0xde, 0xc2, 0x70, 0x71, 0xd4, 0xbf, 0xc0, 0x34 },
575 + .secret_size = 32,
576 + .b_public_size = 32,
577 + .expected_ss_size = 32,
578 +
579 +},
580 +/* wycheproof - public key >= p */
581 +{
582 + .secret = (u8[32]){ 0xf0, 0x94, 0x98, 0xe4, 0x6f, 0x02, 0xf8, 0x78,
583 + 0x82, 0x9e, 0x78, 0xb8, 0x03, 0xd3, 0x16, 0xa2,
584 + 0xed, 0x69, 0x5d, 0x04, 0x98, 0xa0, 0x8a, 0xbd,
585 + 0xf8, 0x27, 0x69, 0x30, 0xe2, 0x4e, 0xdc, 0xb0 },
586 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
587 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
588 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
589 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
590 + .expected_ss = (u8[32]){ 0x4c, 0x8f, 0xc4, 0xb1, 0xc6, 0xab, 0x88, 0xfb,
591 + 0x21, 0xf1, 0x8f, 0x6d, 0x4c, 0x81, 0x02, 0x40,
592 + 0xd4, 0xe9, 0x46, 0x51, 0xba, 0x44, 0xf7, 0xa2,
593 + 0xc8, 0x63, 0xce, 0xc7, 0xdc, 0x56, 0x60, 0x2d },
594 + .secret_size = 32,
595 + .b_public_size = 32,
596 + .expected_ss_size = 32,
597 +
598 +},
599 +/* wycheproof - public key >= p */
600 +{
601 + .secret = (u8[32]){ 0x18, 0x13, 0xc1, 0x0a, 0x5c, 0x7f, 0x21, 0xf9,
602 + 0x6e, 0x17, 0xf2, 0x88, 0xc0, 0xcc, 0x37, 0x60,
603 + 0x7c, 0x04, 0xc5, 0xf5, 0xae, 0xa2, 0xdb, 0x13,
604 + 0x4f, 0x9e, 0x2f, 0xfc, 0x66, 0xbd, 0x9d, 0xb8 },
605 + .b_public = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
606 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
607 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
608 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 },
609 + .expected_ss = (u8[32]){ 0x1c, 0xd0, 0xb2, 0x82, 0x67, 0xdc, 0x54, 0x1c,
610 + 0x64, 0x2d, 0x6d, 0x7d, 0xca, 0x44, 0xa8, 0xb3,
611 + 0x8a, 0x63, 0x73, 0x6e, 0xef, 0x5c, 0x4e, 0x65,
612 + 0x01, 0xff, 0xbb, 0xb1, 0x78, 0x0c, 0x03, 0x3c },
613 + .secret_size = 32,
614 + .b_public_size = 32,
615 + .expected_ss_size = 32,
616 +
617 +},
618 +/* wycheproof - public key >= p */
619 +{
620 + .secret = (u8[32]){ 0x78, 0x57, 0xfb, 0x80, 0x86, 0x53, 0x64, 0x5a,
621 + 0x0b, 0xeb, 0x13, 0x8a, 0x64, 0xf5, 0xf4, 0xd7,
622 + 0x33, 0xa4, 0x5e, 0xa8, 0x4c, 0x3c, 0xda, 0x11,
623 + 0xa9, 0xc0, 0x6f, 0x7e, 0x71, 0x39, 0x14, 0x9e },
624 + .b_public = (u8[32]){ 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
625 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
626 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
627 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 },
628 + .expected_ss = (u8[32]){ 0x87, 0x55, 0xbe, 0x01, 0xc6, 0x0a, 0x7e, 0x82,
629 + 0x5c, 0xff, 0x3e, 0x0e, 0x78, 0xcb, 0x3a, 0xa4,
630 + 0x33, 0x38, 0x61, 0x51, 0x6a, 0xa5, 0x9b, 0x1c,
631 + 0x51, 0xa8, 0xb2, 0xa5, 0x43, 0xdf, 0xa8, 0x22 },
632 + .secret_size = 32,
633 + .b_public_size = 32,
634 + .expected_ss_size = 32,
635 +
636 +},
637 +/* wycheproof - public key >= p */
638 +{
639 + .secret = (u8[32]){ 0xe0, 0x3a, 0xa8, 0x42, 0xe2, 0xab, 0xc5, 0x6e,
640 + 0x81, 0xe8, 0x7b, 0x8b, 0x9f, 0x41, 0x7b, 0x2a,
641 + 0x1e, 0x59, 0x13, 0xc7, 0x23, 0xee, 0xd2, 0x8d,
642 + 0x75, 0x2f, 0x8d, 0x47, 0xa5, 0x9f, 0x49, 0x8f },
643 + .b_public = (u8[32]){ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
644 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
645 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
646 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 },
647 + .expected_ss = (u8[32]){ 0x54, 0xc9, 0xa1, 0xed, 0x95, 0xe5, 0x46, 0xd2,
648 + 0x78, 0x22, 0xa3, 0x60, 0x93, 0x1d, 0xda, 0x60,
649 + 0xa1, 0xdf, 0x04, 0x9d, 0xa6, 0xf9, 0x04, 0x25,
650 + 0x3c, 0x06, 0x12, 0xbb, 0xdc, 0x08, 0x74, 0x76 },
651 + .secret_size = 32,
652 + .b_public_size = 32,
653 + .expected_ss_size = 32,
654 +
655 +},
656 +/* wycheproof - public key >= p */
657 +{
658 + .secret = (u8[32]){ 0xf8, 0xf7, 0x07, 0xb7, 0x99, 0x9b, 0x18, 0xcb,
659 + 0x0d, 0x6b, 0x96, 0x12, 0x4f, 0x20, 0x45, 0x97,
660 + 0x2c, 0xa2, 0x74, 0xbf, 0xc1, 0x54, 0xad, 0x0c,
661 + 0x87, 0x03, 0x8c, 0x24, 0xc6, 0xd0, 0xd4, 0xb2 },
662 + .b_public = (u8[32]){ 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
663 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
664 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
665 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
666 + .expected_ss = (u8[32]){ 0xcc, 0x1f, 0x40, 0xd7, 0x43, 0xcd, 0xc2, 0x23,
667 + 0x0e, 0x10, 0x43, 0xda, 0xba, 0x8b, 0x75, 0xe8,
668 + 0x10, 0xf1, 0xfb, 0xab, 0x7f, 0x25, 0x52, 0x69,
669 + 0xbd, 0x9e, 0xbb, 0x29, 0xe6, 0xbf, 0x49, 0x4f },
670 + .secret_size = 32,
671 + .b_public_size = 32,
672 + .expected_ss_size = 32,
673 +
674 +},
675 +/* wycheproof - public key >= p */
676 +{
677 + .secret = (u8[32]){ 0xa0, 0x34, 0xf6, 0x84, 0xfa, 0x63, 0x1e, 0x1a,
678 + 0x34, 0x81, 0x18, 0xc1, 0xce, 0x4c, 0x98, 0x23,
679 + 0x1f, 0x2d, 0x9e, 0xec, 0x9b, 0xa5, 0x36, 0x5b,
680 + 0x4a, 0x05, 0xd6, 0x9a, 0x78, 0x5b, 0x07, 0x96 },
681 + .b_public = (u8[32]){ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
682 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
683 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
684 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
685 + .expected_ss = (u8[32]){ 0x54, 0x99, 0x8e, 0xe4, 0x3a, 0x5b, 0x00, 0x7b,
686 + 0xf4, 0x99, 0xf0, 0x78, 0xe7, 0x36, 0x52, 0x44,
687 + 0x00, 0xa8, 0xb5, 0xc7, 0xe9, 0xb9, 0xb4, 0x37,
688 + 0x71, 0x74, 0x8c, 0x7c, 0xdf, 0x88, 0x04, 0x12 },
689 + .secret_size = 32,
690 + .b_public_size = 32,
691 + .expected_ss_size = 32,
692 +
693 +},
694 +/* wycheproof - public key >= p */
695 +{
696 + .secret = (u8[32]){ 0x30, 0xb6, 0xc6, 0xa0, 0xf2, 0xff, 0xa6, 0x80,
697 + 0x76, 0x8f, 0x99, 0x2b, 0xa8, 0x9e, 0x15, 0x2d,
698 + 0x5b, 0xc9, 0x89, 0x3d, 0x38, 0xc9, 0x11, 0x9b,
699 + 0xe4, 0xf7, 0x67, 0xbf, 0xab, 0x6e, 0x0c, 0xa5 },
700 + .b_public = (u8[32]){ 0xdc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
701 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
702 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
703 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
704 + .expected_ss = (u8[32]){ 0xea, 0xd9, 0xb3, 0x8e, 0xfd, 0xd7, 0x23, 0x63,
705 + 0x79, 0x34, 0xe5, 0x5a, 0xb7, 0x17, 0xa7, 0xae,
706 + 0x09, 0xeb, 0x86, 0xa2, 0x1d, 0xc3, 0x6a, 0x3f,
707 + 0xee, 0xb8, 0x8b, 0x75, 0x9e, 0x39, 0x1e, 0x09 },
708 + .secret_size = 32,
709 + .b_public_size = 32,
710 + .expected_ss_size = 32,
711 +
712 +},
713 +/* wycheproof - public key >= p */
714 +{
715 + .secret = (u8[32]){ 0x90, 0x1b, 0x9d, 0xcf, 0x88, 0x1e, 0x01, 0xe0,
716 + 0x27, 0x57, 0x50, 0x35, 0xd4, 0x0b, 0x43, 0xbd,
717 + 0xc1, 0xc5, 0x24, 0x2e, 0x03, 0x08, 0x47, 0x49,
718 + 0x5b, 0x0c, 0x72, 0x86, 0x46, 0x9b, 0x65, 0x91 },
719 + .b_public = (u8[32]){ 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
720 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
721 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
722 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
723 + .expected_ss = (u8[32]){ 0x60, 0x2f, 0xf4, 0x07, 0x89, 0xb5, 0x4b, 0x41,
724 + 0x80, 0x59, 0x15, 0xfe, 0x2a, 0x62, 0x21, 0xf0,
725 + 0x7a, 0x50, 0xff, 0xc2, 0xc3, 0xfc, 0x94, 0xcf,
726 + 0x61, 0xf1, 0x3d, 0x79, 0x04, 0xe8, 0x8e, 0x0e },
727 + .secret_size = 32,
728 + .b_public_size = 32,
729 + .expected_ss_size = 32,
730 +
731 +},
732 +/* wycheproof - public key >= p */
733 +{
734 + .secret = (u8[32]){ 0x80, 0x46, 0x67, 0x7c, 0x28, 0xfd, 0x82, 0xc9,
735 + 0xa1, 0xbd, 0xb7, 0x1a, 0x1a, 0x1a, 0x34, 0xfa,
736 + 0xba, 0x12, 0x25, 0xe2, 0x50, 0x7f, 0xe3, 0xf5,
737 + 0x4d, 0x10, 0xbd, 0x5b, 0x0d, 0x86, 0x5f, 0x8e },
738 + .b_public = (u8[32]){ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
739 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
740 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
741 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
742 + .expected_ss = (u8[32]){ 0xe0, 0x0a, 0xe8, 0xb1, 0x43, 0x47, 0x12, 0x47,
743 + 0xba, 0x24, 0xf1, 0x2c, 0x88, 0x55, 0x36, 0xc3,
744 + 0xcb, 0x98, 0x1b, 0x58, 0xe1, 0xe5, 0x6b, 0x2b,
745 + 0xaf, 0x35, 0xc1, 0x2a, 0xe1, 0xf7, 0x9c, 0x26 },
746 + .secret_size = 32,
747 + .b_public_size = 32,
748 + .expected_ss_size = 32,
749 +
750 +},
751 +/* wycheproof - public key >= p */
752 +{
753 + .secret = (u8[32]){ 0x60, 0x2f, 0x7e, 0x2f, 0x68, 0xa8, 0x46, 0xb8,
754 + 0x2c, 0xc2, 0x69, 0xb1, 0xd4, 0x8e, 0x93, 0x98,
755 + 0x86, 0xae, 0x54, 0xfd, 0x63, 0x6c, 0x1f, 0xe0,
756 + 0x74, 0xd7, 0x10, 0x12, 0x7d, 0x47, 0x24, 0x91 },
757 + .b_public = (u8[32]){ 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
758 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
759 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
760 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
761 + .expected_ss = (u8[32]){ 0x98, 0xcb, 0x9b, 0x50, 0xdd, 0x3f, 0xc2, 0xb0,
762 + 0xd4, 0xf2, 0xd2, 0xbf, 0x7c, 0x5c, 0xfd, 0xd1,
763 + 0x0c, 0x8f, 0xcd, 0x31, 0xfc, 0x40, 0xaf, 0x1a,
764 + 0xd4, 0x4f, 0x47, 0xc1, 0x31, 0x37, 0x63, 0x62 },
765 + .secret_size = 32,
766 + .b_public_size = 32,
767 + .expected_ss_size = 32,
768 +
769 +},
770 +/* wycheproof - public key >= p */
771 +{
772 + .secret = (u8[32]){ 0x60, 0x88, 0x7b, 0x3d, 0xc7, 0x24, 0x43, 0x02,
773 + 0x6e, 0xbe, 0xdb, 0xbb, 0xb7, 0x06, 0x65, 0xf4,
774 + 0x2b, 0x87, 0xad, 0xd1, 0x44, 0x0e, 0x77, 0x68,
775 + 0xfb, 0xd7, 0xe8, 0xe2, 0xce, 0x5f, 0x63, 0x9d },
776 + .b_public = (u8[32]){ 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
777 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
778 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
779 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
780 + .expected_ss = (u8[32]){ 0x38, 0xd6, 0x30, 0x4c, 0x4a, 0x7e, 0x6d, 0x9f,
781 + 0x79, 0x59, 0x33, 0x4f, 0xb5, 0x24, 0x5b, 0xd2,
782 + 0xc7, 0x54, 0x52, 0x5d, 0x4c, 0x91, 0xdb, 0x95,
783 + 0x02, 0x06, 0x92, 0x62, 0x34, 0xc1, 0xf6, 0x33 },
784 + .secret_size = 32,
785 + .b_public_size = 32,
786 + .expected_ss_size = 32,
787 +
788 +},
789 +/* wycheproof - public key >= p */
790 +{
791 + .secret = (u8[32]){ 0x78, 0xd3, 0x1d, 0xfa, 0x85, 0x44, 0x97, 0xd7,
792 + 0x2d, 0x8d, 0xef, 0x8a, 0x1b, 0x7f, 0xb0, 0x06,
793 + 0xce, 0xc2, 0xd8, 0xc4, 0x92, 0x46, 0x47, 0xc9,
794 + 0x38, 0x14, 0xae, 0x56, 0xfa, 0xed, 0xa4, 0x95 },
795 + .b_public = (u8[32]){ 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
796 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
797 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
798 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
799 + .expected_ss = (u8[32]){ 0x78, 0x6c, 0xd5, 0x49, 0x96, 0xf0, 0x14, 0xa5,
800 + 0xa0, 0x31, 0xec, 0x14, 0xdb, 0x81, 0x2e, 0xd0,
801 + 0x83, 0x55, 0x06, 0x1f, 0xdb, 0x5d, 0xe6, 0x80,
802 + 0xa8, 0x00, 0xac, 0x52, 0x1f, 0x31, 0x8e, 0x23 },
803 + .secret_size = 32,
804 + .b_public_size = 32,
805 + .expected_ss_size = 32,
806 +
807 +},
808 +/* wycheproof - public key >= p */
809 +{
810 + .secret = (u8[32]){ 0xc0, 0x4c, 0x5b, 0xae, 0xfa, 0x83, 0x02, 0xdd,
811 + 0xde, 0xd6, 0xa4, 0xbb, 0x95, 0x77, 0x61, 0xb4,
812 + 0xeb, 0x97, 0xae, 0xfa, 0x4f, 0xc3, 0xb8, 0x04,
813 + 0x30, 0x85, 0xf9, 0x6a, 0x56, 0x59, 0xb3, 0xa5 },
814 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
815 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
816 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
817 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
818 + .expected_ss = (u8[32]){ 0x29, 0xae, 0x8b, 0xc7, 0x3e, 0x9b, 0x10, 0xa0,
819 + 0x8b, 0x4f, 0x68, 0x1c, 0x43, 0xc3, 0xe0, 0xac,
820 + 0x1a, 0x17, 0x1d, 0x31, 0xb3, 0x8f, 0x1a, 0x48,
821 + 0xef, 0xba, 0x29, 0xae, 0x63, 0x9e, 0xa1, 0x34 },
822 + .secret_size = 32,
823 + .b_public_size = 32,
824 + .expected_ss_size = 32,
825 +
826 +},
827 +/* wycheproof - RFC 7748 */
828 +{
829 + .secret = (u8[32]){ 0xa0, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
830 + 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
831 + 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
832 + 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0x44 },
833 + .b_public = (u8[32]){ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
834 + 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
835 + 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
836 + 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c },
837 + .expected_ss = (u8[32]){ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
838 + 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
839 + 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
840 + 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 },
841 + .secret_size = 32,
842 + .b_public_size = 32,
843 + .expected_ss_size = 32,
844 +
845 +},
846 +/* wycheproof - RFC 7748 */
847 +{
848 + .secret = (u8[32]){ 0x48, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c,
849 + 0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5,
850 + 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4,
851 + 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x4d },
852 + .b_public = (u8[32]){ 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3,
853 + 0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c,
854 + 0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e,
855 + 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x13 },
856 + .expected_ss = (u8[32]){ 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d,
857 + 0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8,
858 + 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52,
859 + 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57 },
860 + .secret_size = 32,
861 + .b_public_size = 32,
862 + .expected_ss_size = 32,
863 +
864 +},
865 +/* wycheproof - edge case for shared secret */
866 +{
867 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
868 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
869 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
870 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
871 + .b_public = (u8[32]){ 0x0a, 0xb4, 0xe7, 0x63, 0x80, 0xd8, 0x4d, 0xde,
872 + 0x4f, 0x68, 0x33, 0xc5, 0x8f, 0x2a, 0x9f, 0xb8,
873 + 0xf8, 0x3b, 0xb0, 0x16, 0x9b, 0x17, 0x2b, 0xe4,
874 + 0xb6, 0xe0, 0x59, 0x28, 0x87, 0x74, 0x1a, 0x36 },
875 + .expected_ss = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
876 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
877 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
878 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
879 + .secret_size = 32,
880 + .b_public_size = 32,
881 + .expected_ss_size = 32,
882 +
883 +},
884 +/* wycheproof - edge case for shared secret */
885 +{
886 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
887 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
888 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
889 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
890 + .b_public = (u8[32]){ 0x89, 0xe1, 0x0d, 0x57, 0x01, 0xb4, 0x33, 0x7d,
891 + 0x2d, 0x03, 0x21, 0x81, 0x53, 0x8b, 0x10, 0x64,
892 + 0xbd, 0x40, 0x84, 0x40, 0x1c, 0xec, 0xa1, 0xfd,
893 + 0x12, 0x66, 0x3a, 0x19, 0x59, 0x38, 0x80, 0x00 },
894 + .expected_ss = (u8[32]){ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
895 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
896 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
897 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
898 + .secret_size = 32,
899 + .b_public_size = 32,
900 + .expected_ss_size = 32,
901 +
902 +},
903 +/* wycheproof - edge case for shared secret */
904 +{
905 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
906 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
907 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
908 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
909 + .b_public = (u8[32]){ 0x2b, 0x55, 0xd3, 0xaa, 0x4a, 0x8f, 0x80, 0xc8,
910 + 0xc0, 0xb2, 0xae, 0x5f, 0x93, 0x3e, 0x85, 0xaf,
911 + 0x49, 0xbe, 0xac, 0x36, 0xc2, 0xfa, 0x73, 0x94,
912 + 0xba, 0xb7, 0x6c, 0x89, 0x33, 0xf8, 0xf8, 0x1d },
913 + .expected_ss = (u8[32]){ 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
914 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
915 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
916 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
917 + .secret_size = 32,
918 + .b_public_size = 32,
919 + .expected_ss_size = 32,
920 +
921 +},
922 +/* wycheproof - edge case for shared secret */
923 +{
924 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
925 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
926 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
927 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
928 + .b_public = (u8[32]){ 0x63, 0xe5, 0xb1, 0xfe, 0x96, 0x01, 0xfe, 0x84,
929 + 0x38, 0x5d, 0x88, 0x66, 0xb0, 0x42, 0x12, 0x62,
930 + 0xf7, 0x8f, 0xbf, 0xa5, 0xaf, 0xf9, 0x58, 0x5e,
931 + 0x62, 0x66, 0x79, 0xb1, 0x85, 0x47, 0xd9, 0x59 },
932 + .expected_ss = (u8[32]){ 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
933 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
934 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
935 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
936 + .secret_size = 32,
937 + .b_public_size = 32,
938 + .expected_ss_size = 32,
939 +
940 +},
941 +/* wycheproof - edge case for shared secret */
942 +{
943 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
944 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
945 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
946 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
947 + .b_public = (u8[32]){ 0xe4, 0x28, 0xf3, 0xda, 0xc1, 0x78, 0x09, 0xf8,
948 + 0x27, 0xa5, 0x22, 0xce, 0x32, 0x35, 0x50, 0x58,
949 + 0xd0, 0x73, 0x69, 0x36, 0x4a, 0xa7, 0x89, 0x02,
950 + 0xee, 0x10, 0x13, 0x9b, 0x9f, 0x9d, 0xd6, 0x53 },
951 + .expected_ss = (u8[32]){ 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
952 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
953 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
954 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
955 + .secret_size = 32,
956 + .b_public_size = 32,
957 + .expected_ss_size = 32,
958 +
959 +},
960 +/* wycheproof - edge case for shared secret */
961 +{
962 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
963 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
964 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
965 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
966 + .b_public = (u8[32]){ 0xb3, 0xb5, 0x0e, 0x3e, 0xd3, 0xa4, 0x07, 0xb9,
967 + 0x5d, 0xe9, 0x42, 0xef, 0x74, 0x57, 0x5b, 0x5a,
968 + 0xb8, 0xa1, 0x0c, 0x09, 0xee, 0x10, 0x35, 0x44,
969 + 0xd6, 0x0b, 0xdf, 0xed, 0x81, 0x38, 0xab, 0x2b },
970 + .expected_ss = (u8[32]){ 0xf9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
971 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
972 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
973 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
974 + .secret_size = 32,
975 + .b_public_size = 32,
976 + .expected_ss_size = 32,
977 +
978 +},
979 +/* wycheproof - edge case for shared secret */
980 +{
981 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
982 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
983 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
984 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
985 + .b_public = (u8[32]){ 0x21, 0x3f, 0xff, 0xe9, 0x3d, 0x5e, 0xa8, 0xcd,
986 + 0x24, 0x2e, 0x46, 0x28, 0x44, 0x02, 0x99, 0x22,
987 + 0xc4, 0x3c, 0x77, 0xc9, 0xe3, 0xe4, 0x2f, 0x56,
988 + 0x2f, 0x48, 0x5d, 0x24, 0xc5, 0x01, 0xa2, 0x0b },
989 + .expected_ss = (u8[32]){ 0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
990 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
991 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
992 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
993 + .secret_size = 32,
994 + .b_public_size = 32,
995 + .expected_ss_size = 32,
996 +
997 +},
998 +/* wycheproof - edge case for shared secret */
999 +{
1000 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1001 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1002 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1003 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1004 + .b_public = (u8[32]){ 0x91, 0xb2, 0x32, 0xa1, 0x78, 0xb3, 0xcd, 0x53,
1005 + 0x09, 0x32, 0x44, 0x1e, 0x61, 0x39, 0x41, 0x8f,
1006 + 0x72, 0x17, 0x22, 0x92, 0xf1, 0xda, 0x4c, 0x18,
1007 + 0x34, 0xfc, 0x5e, 0xbf, 0xef, 0xb5, 0x1e, 0x3f },
1008 + .expected_ss = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1009 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1010 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1011 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03 },
1012 + .secret_size = 32,
1013 + .b_public_size = 32,
1014 + .expected_ss_size = 32,
1015 +
1016 +},
1017 +/* wycheproof - edge case for shared secret */
1018 +{
1019 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1020 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1021 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1022 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1023 + .b_public = (u8[32]){ 0x04, 0x5c, 0x6e, 0x11, 0xc5, 0xd3, 0x32, 0x55,
1024 + 0x6c, 0x78, 0x22, 0xfe, 0x94, 0xeb, 0xf8, 0x9b,
1025 + 0x56, 0xa3, 0x87, 0x8d, 0xc2, 0x7c, 0xa0, 0x79,
1026 + 0x10, 0x30, 0x58, 0x84, 0x9f, 0xab, 0xcb, 0x4f },
1027 + .expected_ss = (u8[32]){ 0xe5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1028 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1029 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1030 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
1031 + .secret_size = 32,
1032 + .b_public_size = 32,
1033 + .expected_ss_size = 32,
1034 +
1035 +},
1036 +/* wycheproof - edge case for shared secret */
1037 +{
1038 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1039 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1040 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1041 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1042 + .b_public = (u8[32]){ 0x1c, 0xa2, 0x19, 0x0b, 0x71, 0x16, 0x35, 0x39,
1043 + 0x06, 0x3c, 0x35, 0x77, 0x3b, 0xda, 0x0c, 0x9c,
1044 + 0x92, 0x8e, 0x91, 0x36, 0xf0, 0x62, 0x0a, 0xeb,
1045 + 0x09, 0x3f, 0x09, 0x91, 0x97, 0xb7, 0xf7, 0x4e },
1046 + .expected_ss = (u8[32]){ 0xe3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1047 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1048 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1049 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
1050 + .secret_size = 32,
1051 + .b_public_size = 32,
1052 + .expected_ss_size = 32,
1053 +
1054 +},
1055 +/* wycheproof - edge case for shared secret */
1056 +{
1057 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1058 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1059 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1060 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1061 + .b_public = (u8[32]){ 0xf7, 0x6e, 0x90, 0x10, 0xac, 0x33, 0xc5, 0x04,
1062 + 0x3b, 0x2d, 0x3b, 0x76, 0xa8, 0x42, 0x17, 0x10,
1063 + 0x00, 0xc4, 0x91, 0x62, 0x22, 0xe9, 0xe8, 0x58,
1064 + 0x97, 0xa0, 0xae, 0xc7, 0xf6, 0x35, 0x0b, 0x3c },
1065 + .expected_ss = (u8[32]){ 0xdd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1066 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1067 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1068 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
1069 + .secret_size = 32,
1070 + .b_public_size = 32,
1071 + .expected_ss_size = 32,
1072 +
1073 +},
1074 +/* wycheproof - edge case for shared secret */
1075 +{
1076 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1077 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1078 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1079 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1080 + .b_public = (u8[32]){ 0xbb, 0x72, 0x68, 0x8d, 0x8f, 0x8a, 0xa7, 0xa3,
1081 + 0x9c, 0xd6, 0x06, 0x0c, 0xd5, 0xc8, 0x09, 0x3c,
1082 + 0xde, 0xc6, 0xfe, 0x34, 0x19, 0x37, 0xc3, 0x88,
1083 + 0x6a, 0x99, 0x34, 0x6c, 0xd0, 0x7f, 0xaa, 0x55 },
1084 + .expected_ss = (u8[32]){ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1085 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1086 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1087 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
1088 + .secret_size = 32,
1089 + .b_public_size = 32,
1090 + .expected_ss_size = 32,
1091 +
1092 +},
1093 +/* wycheproof - edge case for shared secret */
1094 +{
1095 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1096 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1097 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1098 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1099 + .b_public = (u8[32]){ 0x88, 0xfd, 0xde, 0xa1, 0x93, 0x39, 0x1c, 0x6a,
1100 + 0x59, 0x33, 0xef, 0x9b, 0x71, 0x90, 0x15, 0x49,
1101 + 0x44, 0x72, 0x05, 0xaa, 0xe9, 0xda, 0x92, 0x8a,
1102 + 0x6b, 0x91, 0xa3, 0x52, 0xba, 0x10, 0xf4, 0x1f },
1103 + .expected_ss = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1104 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1105 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1106 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
1107 + .secret_size = 32,
1108 + .b_public_size = 32,
1109 + .expected_ss_size = 32,
1110 +
1111 +},
1112 +/* wycheproof - edge case for shared secret */
1113 +{
1114 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
1115 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
1116 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
1117 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
1118 + .b_public = (u8[32]){ 0x30, 0x3b, 0x39, 0x2f, 0x15, 0x31, 0x16, 0xca,
1119 + 0xd9, 0xcc, 0x68, 0x2a, 0x00, 0xcc, 0xc4, 0x4c,
1120 + 0x95, 0xff, 0x0d, 0x3b, 0xbe, 0x56, 0x8b, 0xeb,
1121 + 0x6c, 0x4e, 0x73, 0x9b, 0xaf, 0xdc, 0x2c, 0x68 },
1122 + .expected_ss = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1123 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1124 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1125 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00 },
1126 + .secret_size = 32,
1127 + .b_public_size = 32,
1128 + .expected_ss_size = 32,
1129 +
1130 +},
1131 +/* wycheproof - checking for overflow */
1132 +{
1133 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
1134 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
1135 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
1136 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
1137 + .b_public = (u8[32]){ 0xfd, 0x30, 0x0a, 0xeb, 0x40, 0xe1, 0xfa, 0x58,
1138 + 0x25, 0x18, 0x41, 0x2b, 0x49, 0xb2, 0x08, 0xa7,
1139 + 0x84, 0x2b, 0x1e, 0x1f, 0x05, 0x6a, 0x04, 0x01,
1140 + 0x78, 0xea, 0x41, 0x41, 0x53, 0x4f, 0x65, 0x2d },
1141 + .expected_ss = (u8[32]){ 0xb7, 0x34, 0x10, 0x5d, 0xc2, 0x57, 0x58, 0x5d,
1142 + 0x73, 0xb5, 0x66, 0xcc, 0xb7, 0x6f, 0x06, 0x27,
1143 + 0x95, 0xcc, 0xbe, 0xc8, 0x91, 0x28, 0xe5, 0x2b,
1144 + 0x02, 0xf3, 0xe5, 0x96, 0x39, 0xf1, 0x3c, 0x46 },
1145 + .secret_size = 32,
1146 + .b_public_size = 32,
1147 + .expected_ss_size = 32,
1148 +
1149 +},
1150 +/* wycheproof - checking for overflow */
1151 +{
1152 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
1153 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
1154 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
1155 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
1156 + .b_public = (u8[32]){ 0xc8, 0xef, 0x79, 0xb5, 0x14, 0xd7, 0x68, 0x26,
1157 + 0x77, 0xbc, 0x79, 0x31, 0xe0, 0x6e, 0xe5, 0xc2,
1158 + 0x7c, 0x9b, 0x39, 0x2b, 0x4a, 0xe9, 0x48, 0x44,
1159 + 0x73, 0xf5, 0x54, 0xe6, 0x67, 0x8e, 0xcc, 0x2e },
1160 + .expected_ss = (u8[32]){ 0x64, 0x7a, 0x46, 0xb6, 0xfc, 0x3f, 0x40, 0xd6,
1161 + 0x21, 0x41, 0xee, 0x3c, 0xee, 0x70, 0x6b, 0x4d,
1162 + 0x7a, 0x92, 0x71, 0x59, 0x3a, 0x7b, 0x14, 0x3e,
1163 + 0x8e, 0x2e, 0x22, 0x79, 0x88, 0x3e, 0x45, 0x50 },
1164 + .secret_size = 32,
1165 + .b_public_size = 32,
1166 + .expected_ss_size = 32,
1167 +
1168 +},
1169 +/* wycheproof - checking for overflow */
1170 +{
1171 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
1172 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
1173 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
1174 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
1175 + .b_public = (u8[32]){ 0x64, 0xae, 0xac, 0x25, 0x04, 0x14, 0x48, 0x61,
1176 + 0x53, 0x2b, 0x7b, 0xbc, 0xb6, 0xc8, 0x7d, 0x67,
1177 + 0xdd, 0x4c, 0x1f, 0x07, 0xeb, 0xc2, 0xe0, 0x6e,
1178 + 0xff, 0xb9, 0x5a, 0xec, 0xc6, 0x17, 0x0b, 0x2c },
1179 + .expected_ss = (u8[32]){ 0x4f, 0xf0, 0x3d, 0x5f, 0xb4, 0x3c, 0xd8, 0x65,
1180 + 0x7a, 0x3c, 0xf3, 0x7c, 0x13, 0x8c, 0xad, 0xce,
1181 + 0xcc, 0xe5, 0x09, 0xe4, 0xeb, 0xa0, 0x89, 0xd0,
1182 + 0xef, 0x40, 0xb4, 0xe4, 0xfb, 0x94, 0x61, 0x55 },
1183 + .secret_size = 32,
1184 + .b_public_size = 32,
1185 + .expected_ss_size = 32,
1186 +
1187 +},
1188 +/* wycheproof - checking for overflow */
1189 +{
1190 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
1191 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
1192 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
1193 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
1194 + .b_public = (u8[32]){ 0xbf, 0x68, 0xe3, 0x5e, 0x9b, 0xdb, 0x7e, 0xee,
1195 + 0x1b, 0x50, 0x57, 0x02, 0x21, 0x86, 0x0f, 0x5d,
1196 + 0xcd, 0xad, 0x8a, 0xcb, 0xab, 0x03, 0x1b, 0x14,
1197 + 0x97, 0x4c, 0xc4, 0x90, 0x13, 0xc4, 0x98, 0x31 },
1198 + .expected_ss = (u8[32]){ 0x21, 0xce, 0xe5, 0x2e, 0xfd, 0xbc, 0x81, 0x2e,
1199 + 0x1d, 0x02, 0x1a, 0x4a, 0xf1, 0xe1, 0xd8, 0xbc,
1200 + 0x4d, 0xb3, 0xc4, 0x00, 0xe4, 0xd2, 0xa2, 0xc5,
1201 + 0x6a, 0x39, 0x26, 0xdb, 0x4d, 0x99, 0xc6, 0x5b },
1202 + .secret_size = 32,
1203 + .b_public_size = 32,
1204 + .expected_ss_size = 32,
1205 +
1206 +},
1207 +/* wycheproof - checking for overflow */
1208 +{
1209 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
1210 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
1211 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
1212 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
1213 + .b_public = (u8[32]){ 0x53, 0x47, 0xc4, 0x91, 0x33, 0x1a, 0x64, 0xb4,
1214 + 0x3d, 0xdc, 0x68, 0x30, 0x34, 0xe6, 0x77, 0xf5,
1215 + 0x3d, 0xc3, 0x2b, 0x52, 0xa5, 0x2a, 0x57, 0x7c,
1216 + 0x15, 0xa8, 0x3b, 0xf2, 0x98, 0xe9, 0x9f, 0x19 },
1217 + .expected_ss = (u8[32]){ 0x18, 0xcb, 0x89, 0xe4, 0xe2, 0x0c, 0x0c, 0x2b,
1218 + 0xd3, 0x24, 0x30, 0x52, 0x45, 0x26, 0x6c, 0x93,
1219 + 0x27, 0x69, 0x0b, 0xbe, 0x79, 0xac, 0xb8, 0x8f,
1220 + 0x5b, 0x8f, 0xb3, 0xf7, 0x4e, 0xca, 0x3e, 0x52 },
1221 + .secret_size = 32,
1222 + .b_public_size = 32,
1223 + .expected_ss_size = 32,
1224 +
1225 +},
1226 +/* wycheproof - private key == -1 (mod order) */
1227 +{
1228 + .secret = (u8[32]){ 0xa0, 0x23, 0xcd, 0xd0, 0x83, 0xef, 0x5b, 0xb8,
1229 + 0x2f, 0x10, 0xd6, 0x2e, 0x59, 0xe1, 0x5a, 0x68,
1230 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1231 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50 },
1232 + .b_public = (u8[32]){ 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e,
1233 + 0xe6, 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57,
1234 + 0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, 0x82, 0x8f,
1235 + 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75 },
1236 + .expected_ss = (u8[32]){ 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e,
1237 + 0xe6, 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57,
1238 + 0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, 0x82, 0x8f,
1239 + 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75 },
1240 + .secret_size = 32,
1241 + .b_public_size = 32,
1242 + .expected_ss_size = 32,
1243 +
1244 +},
1245 +/* wycheproof - private key == 1 (mod order) on twist */
1246 +{
1247 + .secret = (u8[32]){ 0x58, 0x08, 0x3d, 0xd2, 0x61, 0xad, 0x91, 0xef,
1248 + 0xf9, 0x52, 0x32, 0x2e, 0xc8, 0x24, 0xc6, 0x82,
1249 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1250 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f },
1251 + .b_public = (u8[32]){ 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f,
1252 + 0x2d, 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6,
1253 + 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, 0xef, 0x64,
1254 + 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35 },
1255 + .expected_ss = (u8[32]){ 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f,
1256 + 0x2d, 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6,
1257 + 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, 0xef, 0x64,
1258 + 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35 },
1259 + .secret_size = 32,
1260 + .b_public_size = 32,
1261 + .expected_ss_size = 32,
1262 +
1263 +}
1264 +};
1265 +
1266 static const struct kpp_testvec ecdh_tv_template[] = {
1267 {
1268 #ifndef CONFIG_CRYPTO_FIPS
OpenWrt Source Repository