crypto: curve25519 - add kpp selftest · tjh.dev/kernel@f613457

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

crypto: curve25519 - add kpp selftest

In preparation of introducing KPP implementations of Curve25519, import
the set of test cases proposed by the Zinc patch set, but converted to
the KPP format.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ard Biesheuvel and committed by

Herbert Xu 6 years ago f613457a 0ed42a6f

+1231

2 changed files

expand all

crypto

testmgr.c

testmgr.h

crypto/testmgr.c

··· 4318 4318 .test = alg_test_null, 4319 4319 .fips_allowed = 1, 4320 4320 }, { 4321 + .alg = "curve25519", 4322 + .test = alg_test_kpp, 4323 + .suite = { 4324 + .kpp = __VECS(curve25519_tv_template) 4325 + } 4326 + }, { 4321 4327 .alg = "deflate", 4322 4328 .test = alg_test_comp, 4323 4329 .fips_allowed = 1,

+1225

crypto/testmgr.h

··· 1030 1030 } 1031 1031 }; 1032 1032 1033 + static const struct kpp_testvec curve25519_tv_template[] = { 1034 + { 1035 + .secret = (u8[32]){ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 1036 + 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 1037 + 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 1038 + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a }, 1039 + .b_public = (u8[32]){ 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 1040 + 0xd3, 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 1041 + 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d, 1042 + 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f }, 1043 + .expected_ss = (u8[32]){ 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 1044 + 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25, 1045 + 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33, 1046 + 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 }, 1047 + .secret_size = 32, 1048 + .b_public_size = 32, 1049 + .expected_ss_size = 32, 1050 + 1051 + }, 1052 + { 1053 + .secret = (u8[32]){ 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 1054 + 0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6, 1055 + 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd, 1056 + 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb }, 1057 + .b_public = (u8[32]){ 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 1058 + 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 1059 + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 1060 + 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a }, 1061 + .expected_ss = (u8[32]){ 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1, 1062 + 0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25, 1063 + 0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33, 1064 + 0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 }, 1065 + .secret_size = 32, 1066 + .b_public_size = 32, 1067 + .expected_ss_size = 32, 1068 + 1069 + }, 1070 + { 1071 + .secret = (u8[32]){ 1 }, 1072 + .b_public = (u8[32]){ 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1073 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1074 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1075 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1076 + .expected_ss = (u8[32]){ 0x3c, 0x77, 0x77, 0xca, 0xf9, 0x97, 0xb2, 0x64, 1077 + 0x41, 0x60, 0x77, 0x66, 0x5b, 0x4e, 0x22, 0x9d, 1078 + 0x0b, 0x95, 0x48, 0xdc, 0x0c, 0xd8, 0x19, 0x98, 1079 + 0xdd, 0xcd, 0xc5, 0xc8, 0x53, 0x3c, 0x79, 0x7f }, 1080 + .secret_size = 32, 1081 + .b_public_size = 32, 1082 + .expected_ss_size = 32, 1083 + 1084 + }, 1085 + { 1086 + .secret = (u8[32]){ 1 }, 1087 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1088 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1089 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1090 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1091 + .expected_ss = (u8[32]){ 0xb3, 0x2d, 0x13, 0x62, 0xc2, 0x48, 0xd6, 0x2f, 1092 + 0xe6, 0x26, 0x19, 0xcf, 0xf0, 0x4d, 0xd4, 0x3d, 1093 + 0xb7, 0x3f, 0xfc, 0x1b, 0x63, 0x08, 0xed, 0xe3, 1094 + 0x0b, 0x78, 0xd8, 0x73, 0x80, 0xf1, 0xe8, 0x34 }, 1095 + .secret_size = 32, 1096 + .b_public_size = 32, 1097 + .expected_ss_size = 32, 1098 + 1099 + }, 1100 + { 1101 + .secret = (u8[32]){ 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 1102 + 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd, 1103 + 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18, 1104 + 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4 }, 1105 + .b_public = (u8[32]){ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb, 1106 + 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c, 1107 + 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b, 1108 + 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c }, 1109 + .expected_ss = (u8[32]){ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90, 1110 + 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 1111 + 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7, 1112 + 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 }, 1113 + .secret_size = 32, 1114 + .b_public_size = 32, 1115 + .expected_ss_size = 32, 1116 + 1117 + }, 1118 + { 1119 + .secret = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0x0a, 0xff, 0xff, 0xff, 1120 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1121 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1122 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1123 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1124 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1125 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1126 + 0xff, 0xff, 0xff, 0xff, 0x0a, 0x00, 0xfb, 0x9f }, 1127 + .expected_ss = (u8[32]){ 0x77, 0x52, 0xb6, 0x18, 0xc1, 0x2d, 0x48, 0xd2, 1128 + 0xc6, 0x93, 0x46, 0x83, 0x81, 0x7c, 0xc6, 0x57, 1129 + 0xf3, 0x31, 0x03, 0x19, 0x49, 0x48, 0x20, 0x05, 1130 + 0x42, 0x2b, 0x4e, 0xae, 0x8d, 0x1d, 0x43, 0x23 }, 1131 + .secret_size = 32, 1132 + .b_public_size = 32, 1133 + .expected_ss_size = 32, 1134 + 1135 + }, 1136 + { 1137 + .secret = (u8[32]){ 0x8e, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1138 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1139 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1140 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1141 + .b_public = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1142 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1143 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1144 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8e, 0x06 }, 1145 + .expected_ss = (u8[32]){ 0x5a, 0xdf, 0xaa, 0x25, 0x86, 0x8e, 0x32, 0x3d, 1146 + 0xae, 0x49, 0x62, 0xc1, 0x01, 0x5c, 0xb3, 0x12, 1147 + 0xe1, 0xc5, 0xc7, 0x9e, 0x95, 0x3f, 0x03, 0x99, 1148 + 0xb0, 0xba, 0x16, 0x22, 0xf3, 0xb6, 0xf7, 0x0c }, 1149 + .secret_size = 32, 1150 + .b_public_size = 32, 1151 + .expected_ss_size = 32, 1152 + 1153 + }, 1154 + /* wycheproof - normal case */ 1155 + { 1156 + .secret = (u8[32]){ 0x48, 0x52, 0x83, 0x4d, 0x9d, 0x6b, 0x77, 0xda, 1157 + 0xde, 0xab, 0xaa, 0xf2, 0xe1, 0x1d, 0xca, 0x66, 1158 + 0xd1, 0x9f, 0xe7, 0x49, 0x93, 0xa7, 0xbe, 0xc3, 1159 + 0x6c, 0x6e, 0x16, 0xa0, 0x98, 0x3f, 0xea, 0xba }, 1160 + .b_public = (u8[32]){ 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5, 1161 + 0x8f, 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9, 1162 + 0x15, 0xc4, 0xb2, 0xe0, 0x8e, 0x74, 0x4a, 0x0e, 1163 + 0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a }, 1164 + .expected_ss = (u8[32]){ 0x87, 0xb7, 0xf2, 0x12, 0xb6, 0x27, 0xf7, 0xa5, 1165 + 0x4c, 0xa5, 0xe0, 0xbc, 0xda, 0xdd, 0xd5, 0x38, 1166 + 0x9d, 0x9d, 0xe6, 0x15, 0x6c, 0xdb, 0xcf, 0x8e, 1167 + 0xbe, 0x14, 0xff, 0xbc, 0xfb, 0x43, 0x65, 0x51 }, 1168 + .secret_size = 32, 1169 + .b_public_size = 32, 1170 + .expected_ss_size = 32, 1171 + 1172 + }, 1173 + /* wycheproof - public key on twist */ 1174 + { 1175 + .secret = (u8[32]){ 0x58, 0x8c, 0x06, 0x1a, 0x50, 0x80, 0x4a, 0xc4, 1176 + 0x88, 0xad, 0x77, 0x4a, 0xc7, 0x16, 0xc3, 0xf5, 1177 + 0xba, 0x71, 0x4b, 0x27, 0x12, 0xe0, 0x48, 0x49, 1178 + 0x13, 0x79, 0xa5, 0x00, 0x21, 0x19, 0x98, 0xa8 }, 1179 + .b_public = (u8[32]){ 0x63, 0xaa, 0x40, 0xc6, 0xe3, 0x83, 0x46, 0xc5, 1180 + 0xca, 0xf2, 0x3a, 0x6d, 0xf0, 0xa5, 0xe6, 0xc8, 1181 + 0x08, 0x89, 0xa0, 0x86, 0x47, 0xe5, 0x51, 0xb3, 1182 + 0x56, 0x34, 0x49, 0xbe, 0xfc, 0xfc, 0x97, 0x33 }, 1183 + .expected_ss = (u8[32]){ 0xb1, 0xa7, 0x07, 0x51, 0x94, 0x95, 0xff, 0xff, 1184 + 0xb2, 0x98, 0xff, 0x94, 0x17, 0x16, 0xb0, 0x6d, 1185 + 0xfa, 0xb8, 0x7c, 0xf8, 0xd9, 0x11, 0x23, 0xfe, 1186 + 0x2b, 0xe9, 0xa2, 0x33, 0xdd, 0xa2, 0x22, 0x12 }, 1187 + .secret_size = 32, 1188 + .b_public_size = 32, 1189 + .expected_ss_size = 32, 1190 + 1191 + }, 1192 + /* wycheproof - public key on twist */ 1193 + { 1194 + .secret = (u8[32]){ 0xb0, 0x5b, 0xfd, 0x32, 0xe5, 0x53, 0x25, 0xd9, 1195 + 0xfd, 0x64, 0x8c, 0xb3, 0x02, 0x84, 0x80, 0x39, 1196 + 0x00, 0x0b, 0x39, 0x0e, 0x44, 0xd5, 0x21, 0xe5, 1197 + 0x8a, 0xab, 0x3b, 0x29, 0xa6, 0x96, 0x0b, 0xa8 }, 1198 + .b_public = (u8[32]){ 0x0f, 0x83, 0xc3, 0x6f, 0xde, 0xd9, 0xd3, 0x2f, 1199 + 0xad, 0xf4, 0xef, 0xa3, 0xae, 0x93, 0xa9, 0x0b, 1200 + 0xb5, 0xcf, 0xa6, 0x68, 0x93, 0xbc, 0x41, 0x2c, 1201 + 0x43, 0xfa, 0x72, 0x87, 0xdb, 0xb9, 0x97, 0x79 }, 1202 + .expected_ss = (u8[32]){ 0x67, 0xdd, 0x4a, 0x6e, 0x16, 0x55, 0x33, 0x53, 1203 + 0x4c, 0x0e, 0x3f, 0x17, 0x2e, 0x4a, 0xb8, 0x57, 1204 + 0x6b, 0xca, 0x92, 0x3a, 0x5f, 0x07, 0xb2, 0xc0, 1205 + 0x69, 0xb4, 0xc3, 0x10, 0xff, 0x2e, 0x93, 0x5b }, 1206 + .secret_size = 32, 1207 + .b_public_size = 32, 1208 + .expected_ss_size = 32, 1209 + 1210 + }, 1211 + /* wycheproof - public key on twist */ 1212 + { 1213 + .secret = (u8[32]){ 0x70, 0xe3, 0x4b, 0xcb, 0xe1, 0xf4, 0x7f, 0xbc, 1214 + 0x0f, 0xdd, 0xfd, 0x7c, 0x1e, 0x1a, 0xa5, 0x3d, 1215 + 0x57, 0xbf, 0xe0, 0xf6, 0x6d, 0x24, 0x30, 0x67, 1216 + 0xb4, 0x24, 0xbb, 0x62, 0x10, 0xbe, 0xd1, 0x9c }, 1217 + .b_public = (u8[32]){ 0x0b, 0x82, 0x11, 0xa2, 0xb6, 0x04, 0x90, 0x97, 1218 + 0xf6, 0x87, 0x1c, 0x6c, 0x05, 0x2d, 0x3c, 0x5f, 1219 + 0xc1, 0xba, 0x17, 0xda, 0x9e, 0x32, 0xae, 0x45, 1220 + 0x84, 0x03, 0xb0, 0x5b, 0xb2, 0x83, 0x09, 0x2a }, 1221 + .expected_ss = (u8[32]){ 0x4a, 0x06, 0x38, 0xcf, 0xaa, 0x9e, 0xf1, 0x93, 1222 + 0x3b, 0x47, 0xf8, 0x93, 0x92, 0x96, 0xa6, 0xb2, 1223 + 0x5b, 0xe5, 0x41, 0xef, 0x7f, 0x70, 0xe8, 0x44, 1224 + 0xc0, 0xbc, 0xc0, 0x0b, 0x13, 0x4d, 0xe6, 0x4a }, 1225 + .secret_size = 32, 1226 + .b_public_size = 32, 1227 + .expected_ss_size = 32, 1228 + 1229 + }, 1230 + /* wycheproof - public key on twist */ 1231 + { 1232 + .secret = (u8[32]){ 0x68, 0xc1, 0xf3, 0xa6, 0x53, 0xa4, 0xcd, 0xb1, 1233 + 0xd3, 0x7b, 0xba, 0x94, 0x73, 0x8f, 0x8b, 0x95, 1234 + 0x7a, 0x57, 0xbe, 0xb2, 0x4d, 0x64, 0x6e, 0x99, 1235 + 0x4d, 0xc2, 0x9a, 0x27, 0x6a, 0xad, 0x45, 0x8d }, 1236 + .b_public = (u8[32]){ 0x34, 0x3a, 0xc2, 0x0a, 0x3b, 0x9c, 0x6a, 0x27, 1237 + 0xb1, 0x00, 0x81, 0x76, 0x50, 0x9a, 0xd3, 0x07, 1238 + 0x35, 0x85, 0x6e, 0xc1, 0xc8, 0xd8, 0xfc, 0xae, 1239 + 0x13, 0x91, 0x2d, 0x08, 0xd1, 0x52, 0xf4, 0x6c }, 1240 + .expected_ss = (u8[32]){ 0x39, 0x94, 0x91, 0xfc, 0xe8, 0xdf, 0xab, 0x73, 1241 + 0xb4, 0xf9, 0xf6, 0x11, 0xde, 0x8e, 0xa0, 0xb2, 1242 + 0x7b, 0x28, 0xf8, 0x59, 0x94, 0x25, 0x0b, 0x0f, 1243 + 0x47, 0x5d, 0x58, 0x5d, 0x04, 0x2a, 0xc2, 0x07 }, 1244 + .secret_size = 32, 1245 + .b_public_size = 32, 1246 + .expected_ss_size = 32, 1247 + 1248 + }, 1249 + /* wycheproof - public key on twist */ 1250 + { 1251 + .secret = (u8[32]){ 0xd8, 0x77, 0xb2, 0x6d, 0x06, 0xdf, 0xf9, 0xd9, 1252 + 0xf7, 0xfd, 0x4c, 0x5b, 0x37, 0x69, 0xf8, 0xcd, 1253 + 0xd5, 0xb3, 0x05, 0x16, 0xa5, 0xab, 0x80, 0x6b, 1254 + 0xe3, 0x24, 0xff, 0x3e, 0xb6, 0x9e, 0xa0, 0xb2 }, 1255 + .b_public = (u8[32]){ 0xfa, 0x69, 0x5f, 0xc7, 0xbe, 0x8d, 0x1b, 0xe5, 1256 + 0xbf, 0x70, 0x48, 0x98, 0xf3, 0x88, 0xc4, 0x52, 1257 + 0xba, 0xfd, 0xd3, 0xb8, 0xea, 0xe8, 0x05, 0xf8, 1258 + 0x68, 0x1a, 0x8d, 0x15, 0xc2, 0xd4, 0xe1, 0x42 }, 1259 + .expected_ss = (u8[32]){ 0x2c, 0x4f, 0xe1, 0x1d, 0x49, 0x0a, 0x53, 0x86, 1260 + 0x17, 0x76, 0xb1, 0x3b, 0x43, 0x54, 0xab, 0xd4, 1261 + 0xcf, 0x5a, 0x97, 0x69, 0x9d, 0xb6, 0xe6, 0xc6, 1262 + 0x8c, 0x16, 0x26, 0xd0, 0x76, 0x62, 0xf7, 0x58 }, 1263 + .secret_size = 32, 1264 + .b_public_size = 32, 1265 + .expected_ss_size = 32, 1266 + 1267 + }, 1268 + /* wycheproof - edge case on twist */ 1269 + { 1270 + .secret = (u8[32]){ 0x38, 0xdd, 0xe9, 0xf3, 0xe7, 0xb7, 0x99, 0x04, 1271 + 0x5f, 0x9a, 0xc3, 0x79, 0x3d, 0x4a, 0x92, 0x77, 1272 + 0xda, 0xde, 0xad, 0xc4, 0x1b, 0xec, 0x02, 0x90, 1273 + 0xf8, 0x1f, 0x74, 0x4f, 0x73, 0x77, 0x5f, 0x84 }, 1274 + .b_public = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1275 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1276 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1277 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1278 + .expected_ss = (u8[32]){ 0x9a, 0x2c, 0xfe, 0x84, 0xff, 0x9c, 0x4a, 0x97, 1279 + 0x39, 0x62, 0x5c, 0xae, 0x4a, 0x3b, 0x82, 0xa9, 1280 + 0x06, 0x87, 0x7a, 0x44, 0x19, 0x46, 0xf8, 0xd7, 1281 + 0xb3, 0xd7, 0x95, 0xfe, 0x8f, 0x5d, 0x16, 0x39 }, 1282 + .secret_size = 32, 1283 + .b_public_size = 32, 1284 + .expected_ss_size = 32, 1285 + 1286 + }, 1287 + /* wycheproof - edge case on twist */ 1288 + { 1289 + .secret = (u8[32]){ 0x98, 0x57, 0xa9, 0x14, 0xe3, 0xc2, 0x90, 0x36, 1290 + 0xfd, 0x9a, 0x44, 0x2b, 0xa5, 0x26, 0xb5, 0xcd, 1291 + 0xcd, 0xf2, 0x82, 0x16, 0x15, 0x3e, 0x63, 0x6c, 1292 + 0x10, 0x67, 0x7a, 0xca, 0xb6, 0xbd, 0x6a, 0xa5 }, 1293 + .b_public = (u8[32]){ 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1294 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1295 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1296 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1297 + .expected_ss = (u8[32]){ 0x4d, 0xa4, 0xe0, 0xaa, 0x07, 0x2c, 0x23, 0x2e, 1298 + 0xe2, 0xf0, 0xfa, 0x4e, 0x51, 0x9a, 0xe5, 0x0b, 1299 + 0x52, 0xc1, 0xed, 0xd0, 0x8a, 0x53, 0x4d, 0x4e, 1300 + 0xf3, 0x46, 0xc2, 0xe1, 0x06, 0xd2, 0x1d, 0x60 }, 1301 + .secret_size = 32, 1302 + .b_public_size = 32, 1303 + .expected_ss_size = 32, 1304 + 1305 + }, 1306 + /* wycheproof - edge case on twist */ 1307 + { 1308 + .secret = (u8[32]){ 0x48, 0xe2, 0x13, 0x0d, 0x72, 0x33, 0x05, 0xed, 1309 + 0x05, 0xe6, 0xe5, 0x89, 0x4d, 0x39, 0x8a, 0x5e, 1310 + 0x33, 0x36, 0x7a, 0x8c, 0x6a, 0xac, 0x8f, 0xcd, 1311 + 0xf0, 0xa8, 0x8e, 0x4b, 0x42, 0x82, 0x0d, 0xb7 }, 1312 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0xf8, 0xff, 1313 + 0xff, 0x1f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff, 1314 + 0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0x07, 0x00, 1315 + 0x00, 0xf0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00 }, 1316 + .expected_ss = (u8[32]){ 0x9e, 0xd1, 0x0c, 0x53, 0x74, 0x7f, 0x64, 0x7f, 1317 + 0x82, 0xf4, 0x51, 0x25, 0xd3, 0xde, 0x15, 0xa1, 1318 + 0xe6, 0xb8, 0x24, 0x49, 0x6a, 0xb4, 0x04, 0x10, 1319 + 0xff, 0xcc, 0x3c, 0xfe, 0x95, 0x76, 0x0f, 0x3b }, 1320 + .secret_size = 32, 1321 + .b_public_size = 32, 1322 + .expected_ss_size = 32, 1323 + 1324 + }, 1325 + /* wycheproof - edge case on twist */ 1326 + { 1327 + .secret = (u8[32]){ 0x28, 0xf4, 0x10, 0x11, 0x69, 0x18, 0x51, 0xb3, 1328 + 0xa6, 0x2b, 0x64, 0x15, 0x53, 0xb3, 0x0d, 0x0d, 1329 + 0xfd, 0xdc, 0xb8, 0xff, 0xfc, 0xf5, 0x37, 0x00, 1330 + 0xa7, 0xbe, 0x2f, 0x6a, 0x87, 0x2e, 0x9f, 0xb0 }, 1331 + .b_public = (u8[32]){ 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0x07, 0x00, 1332 + 0x00, 0xe0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00, 1333 + 0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0xf8, 0xff, 1334 + 0xff, 0x0f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x7f }, 1335 + .expected_ss = (u8[32]){ 0xcf, 0x72, 0xb4, 0xaa, 0x6a, 0xa1, 0xc9, 0xf8, 1336 + 0x94, 0xf4, 0x16, 0x5b, 0x86, 0x10, 0x9a, 0xa4, 1337 + 0x68, 0x51, 0x76, 0x48, 0xe1, 0xf0, 0xcc, 0x70, 1338 + 0xe1, 0xab, 0x08, 0x46, 0x01, 0x76, 0x50, 0x6b }, 1339 + .secret_size = 32, 1340 + .b_public_size = 32, 1341 + .expected_ss_size = 32, 1342 + 1343 + }, 1344 + /* wycheproof - edge case on twist */ 1345 + { 1346 + .secret = (u8[32]){ 0x18, 0xa9, 0x3b, 0x64, 0x99, 0xb9, 0xf6, 0xb3, 1347 + 0x22, 0x5c, 0xa0, 0x2f, 0xef, 0x41, 0x0e, 0x0a, 1348 + 0xde, 0xc2, 0x35, 0x32, 0x32, 0x1d, 0x2d, 0x8e, 1349 + 0xf1, 0xa6, 0xd6, 0x02, 0xa8, 0xc6, 0x5b, 0x83 }, 1350 + .b_public = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 1351 + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 1352 + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 1353 + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x7f }, 1354 + .expected_ss = (u8[32]){ 0x5d, 0x50, 0xb6, 0x28, 0x36, 0xbb, 0x69, 0x57, 1355 + 0x94, 0x10, 0x38, 0x6c, 0xf7, 0xbb, 0x81, 0x1c, 1356 + 0x14, 0xbf, 0x85, 0xb1, 0xc7, 0xb1, 0x7e, 0x59, 1357 + 0x24, 0xc7, 0xff, 0xea, 0x91, 0xef, 0x9e, 0x12 }, 1358 + .secret_size = 32, 1359 + .b_public_size = 32, 1360 + .expected_ss_size = 32, 1361 + 1362 + }, 1363 + /* wycheproof - edge case on twist */ 1364 + { 1365 + .secret = (u8[32]){ 0xc0, 0x1d, 0x13, 0x05, 0xa1, 0x33, 0x8a, 0x1f, 1366 + 0xca, 0xc2, 0xba, 0x7e, 0x2e, 0x03, 0x2b, 0x42, 1367 + 0x7e, 0x0b, 0x04, 0x90, 0x31, 0x65, 0xac, 0xa9, 1368 + 0x57, 0xd8, 0xd0, 0x55, 0x3d, 0x87, 0x17, 0xb0 }, 1369 + .b_public = (u8[32]){ 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1370 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1371 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1372 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 1373 + .expected_ss = (u8[32]){ 0x19, 0x23, 0x0e, 0xb1, 0x48, 0xd5, 0xd6, 0x7c, 1374 + 0x3c, 0x22, 0xab, 0x1d, 0xae, 0xff, 0x80, 0xa5, 1375 + 0x7e, 0xae, 0x42, 0x65, 0xce, 0x28, 0x72, 0x65, 1376 + 0x7b, 0x2c, 0x80, 0x99, 0xfc, 0x69, 0x8e, 0x50 }, 1377 + .secret_size = 32, 1378 + .b_public_size = 32, 1379 + .expected_ss_size = 32, 1380 + 1381 + }, 1382 + /* wycheproof - edge case for public key */ 1383 + { 1384 + .secret = (u8[32]){ 0x38, 0x6f, 0x7f, 0x16, 0xc5, 0x07, 0x31, 0xd6, 1385 + 0x4f, 0x82, 0xe6, 0xa1, 0x70, 0xb1, 0x42, 0xa4, 1386 + 0xe3, 0x4f, 0x31, 0xfd, 0x77, 0x68, 0xfc, 0xb8, 1387 + 0x90, 0x29, 0x25, 0xe7, 0xd1, 0xe2, 0x1a, 0xbe }, 1388 + .b_public = (u8[32]){ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1389 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1390 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1391 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1392 + .expected_ss = (u8[32]){ 0x0f, 0xca, 0xb5, 0xd8, 0x42, 0xa0, 0x78, 0xd7, 1393 + 0xa7, 0x1f, 0xc5, 0x9b, 0x57, 0xbf, 0xb4, 0xca, 1394 + 0x0b, 0xe6, 0x87, 0x3b, 0x49, 0xdc, 0xdb, 0x9f, 1395 + 0x44, 0xe1, 0x4a, 0xe8, 0xfb, 0xdf, 0xa5, 0x42 }, 1396 + .secret_size = 32, 1397 + .b_public_size = 32, 1398 + .expected_ss_size = 32, 1399 + 1400 + }, 1401 + /* wycheproof - edge case for public key */ 1402 + { 1403 + .secret = (u8[32]){ 0xe0, 0x23, 0xa2, 0x89, 0xbd, 0x5e, 0x90, 0xfa, 1404 + 0x28, 0x04, 0xdd, 0xc0, 0x19, 0xa0, 0x5e, 0xf3, 1405 + 0xe7, 0x9d, 0x43, 0x4b, 0xb6, 0xea, 0x2f, 0x52, 1406 + 0x2e, 0xcb, 0x64, 0x3a, 0x75, 0x29, 0x6e, 0x95 }, 1407 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 1408 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 1409 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 1410 + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 }, 1411 + .expected_ss = (u8[32]){ 0x54, 0xce, 0x8f, 0x22, 0x75, 0xc0, 0x77, 0xe3, 1412 + 0xb1, 0x30, 0x6a, 0x39, 0x39, 0xc5, 0xe0, 0x3e, 1413 + 0xef, 0x6b, 0xbb, 0x88, 0x06, 0x05, 0x44, 0x75, 1414 + 0x8d, 0x9f, 0xef, 0x59, 0xb0, 0xbc, 0x3e, 0x4f }, 1415 + .secret_size = 32, 1416 + .b_public_size = 32, 1417 + .expected_ss_size = 32, 1418 + 1419 + }, 1420 + /* wycheproof - edge case for public key */ 1421 + { 1422 + .secret = (u8[32]){ 0x68, 0xf0, 0x10, 0xd6, 0x2e, 0xe8, 0xd9, 0x26, 1423 + 0x05, 0x3a, 0x36, 0x1c, 0x3a, 0x75, 0xc6, 0xea, 1424 + 0x4e, 0xbd, 0xc8, 0x60, 0x6a, 0xb2, 0x85, 0x00, 1425 + 0x3a, 0x6f, 0x8f, 0x40, 0x76, 0xb0, 0x1e, 0x83 }, 1426 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1427 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1428 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1429 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03 }, 1430 + .expected_ss = (u8[32]){ 0xf1, 0x36, 0x77, 0x5c, 0x5b, 0xeb, 0x0a, 0xf8, 1431 + 0x11, 0x0a, 0xf1, 0x0b, 0x20, 0x37, 0x23, 0x32, 1432 + 0x04, 0x3c, 0xab, 0x75, 0x24, 0x19, 0x67, 0x87, 1433 + 0x75, 0xa2, 0x23, 0xdf, 0x57, 0xc9, 0xd3, 0x0d }, 1434 + .secret_size = 32, 1435 + .b_public_size = 32, 1436 + .expected_ss_size = 32, 1437 + 1438 + }, 1439 + /* wycheproof - edge case for public key */ 1440 + { 1441 + .secret = (u8[32]){ 0x58, 0xeb, 0xcb, 0x35, 0xb0, 0xf8, 0x84, 0x5c, 1442 + 0xaf, 0x1e, 0xc6, 0x30, 0xf9, 0x65, 0x76, 0xb6, 1443 + 0x2c, 0x4b, 0x7b, 0x6c, 0x36, 0xb2, 0x9d, 0xeb, 1444 + 0x2c, 0xb0, 0x08, 0x46, 0x51, 0x75, 0x5c, 0x96 }, 1445 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xfb, 0xff, 0xff, 0xfb, 0xff, 1446 + 0xff, 0xdf, 0xff, 0xff, 0xdf, 0xff, 0xff, 0xff, 1447 + 0xfe, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xf7, 0xff, 1448 + 0xff, 0xf7, 0xff, 0xff, 0xbf, 0xff, 0xff, 0x3f }, 1449 + .expected_ss = (u8[32]){ 0xbf, 0x9a, 0xff, 0xd0, 0x6b, 0x84, 0x40, 0x85, 1450 + 0x58, 0x64, 0x60, 0x96, 0x2e, 0xf2, 0x14, 0x6f, 1451 + 0xf3, 0xd4, 0x53, 0x3d, 0x94, 0x44, 0xaa, 0xb0, 1452 + 0x06, 0xeb, 0x88, 0xcc, 0x30, 0x54, 0x40, 0x7d }, 1453 + .secret_size = 32, 1454 + .b_public_size = 32, 1455 + .expected_ss_size = 32, 1456 + 1457 + }, 1458 + /* wycheproof - edge case for public key */ 1459 + { 1460 + .secret = (u8[32]){ 0x18, 0x8c, 0x4b, 0xc5, 0xb9, 0xc4, 0x4b, 0x38, 1461 + 0xbb, 0x65, 0x8b, 0x9b, 0x2a, 0xe8, 0x2d, 0x5b, 1462 + 0x01, 0x01, 0x5e, 0x09, 0x31, 0x84, 0xb1, 0x7c, 1463 + 0xb7, 0x86, 0x35, 0x03, 0xa7, 0x83, 0xe1, 0xbb }, 1464 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1465 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1466 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1467 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f }, 1468 + .expected_ss = (u8[32]){ 0xd4, 0x80, 0xde, 0x04, 0xf6, 0x99, 0xcb, 0x3b, 1469 + 0xe0, 0x68, 0x4a, 0x9c, 0xc2, 0xe3, 0x12, 0x81, 1470 + 0xea, 0x0b, 0xc5, 0xa9, 0xdc, 0xc1, 0x57, 0xd3, 1471 + 0xd2, 0x01, 0x58, 0xd4, 0x6c, 0xa5, 0x24, 0x6d }, 1472 + .secret_size = 32, 1473 + .b_public_size = 32, 1474 + .expected_ss_size = 32, 1475 + 1476 + }, 1477 + /* wycheproof - edge case for public key */ 1478 + { 1479 + .secret = (u8[32]){ 0xe0, 0x6c, 0x11, 0xbb, 0x2e, 0x13, 0xce, 0x3d, 1480 + 0xc7, 0x67, 0x3f, 0x67, 0xf5, 0x48, 0x22, 0x42, 1481 + 0x90, 0x94, 0x23, 0xa9, 0xae, 0x95, 0xee, 0x98, 1482 + 0x6a, 0x98, 0x8d, 0x98, 0xfa, 0xee, 0x23, 0xa2 }, 1483 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 1484 + 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 1485 + 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f, 1486 + 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f }, 1487 + .expected_ss = (u8[32]){ 0x4c, 0x44, 0x01, 0xcc, 0xe6, 0xb5, 0x1e, 0x4c, 1488 + 0xb1, 0x8f, 0x27, 0x90, 0x24, 0x6c, 0x9b, 0xf9, 1489 + 0x14, 0xdb, 0x66, 0x77, 0x50, 0xa1, 0xcb, 0x89, 1490 + 0x06, 0x90, 0x92, 0xaf, 0x07, 0x29, 0x22, 0x76 }, 1491 + .secret_size = 32, 1492 + .b_public_size = 32, 1493 + .expected_ss_size = 32, 1494 + 1495 + }, 1496 + /* wycheproof - edge case for public key */ 1497 + { 1498 + .secret = (u8[32]){ 0xc0, 0x65, 0x8c, 0x46, 0xdd, 0xe1, 0x81, 0x29, 1499 + 0x29, 0x38, 0x77, 0x53, 0x5b, 0x11, 0x62, 0xb6, 1500 + 0xf9, 0xf5, 0x41, 0x4a, 0x23, 0xcf, 0x4d, 0x2c, 1501 + 0xbc, 0x14, 0x0a, 0x4d, 0x99, 0xda, 0x2b, 0x8f }, 1502 + .b_public = (u8[32]){ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1503 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1504 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1505 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 1506 + .expected_ss = (u8[32]){ 0x57, 0x8b, 0xa8, 0xcc, 0x2d, 0xbd, 0xc5, 0x75, 1507 + 0xaf, 0xcf, 0x9d, 0xf2, 0xb3, 0xee, 0x61, 0x89, 1508 + 0xf5, 0x33, 0x7d, 0x68, 0x54, 0xc7, 0x9b, 0x4c, 1509 + 0xe1, 0x65, 0xea, 0x12, 0x29, 0x3b, 0x3a, 0x0f }, 1510 + .secret_size = 32, 1511 + .b_public_size = 32, 1512 + .expected_ss_size = 32, 1513 + 1514 + }, 1515 + /* wycheproof - public key >= p */ 1516 + { 1517 + .secret = (u8[32]){ 0xf0, 0x1e, 0x48, 0xda, 0xfa, 0xc9, 0xd7, 0xbc, 1518 + 0xf5, 0x89, 0xcb, 0xc3, 0x82, 0xc8, 0x78, 0xd1, 1519 + 0x8b, 0xda, 0x35, 0x50, 0x58, 0x9f, 0xfb, 0x5d, 1520 + 0x50, 0xb5, 0x23, 0xbe, 0xbe, 0x32, 0x9d, 0xae }, 1521 + .b_public = (u8[32]){ 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1522 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1523 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1524 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 1525 + .expected_ss = (u8[32]){ 0xbd, 0x36, 0xa0, 0x79, 0x0e, 0xb8, 0x83, 0x09, 1526 + 0x8c, 0x98, 0x8b, 0x21, 0x78, 0x67, 0x73, 0xde, 1527 + 0x0b, 0x3a, 0x4d, 0xf1, 0x62, 0x28, 0x2c, 0xf1, 1528 + 0x10, 0xde, 0x18, 0xdd, 0x48, 0x4c, 0xe7, 0x4b }, 1529 + .secret_size = 32, 1530 + .b_public_size = 32, 1531 + .expected_ss_size = 32, 1532 + 1533 + }, 1534 + /* wycheproof - public key >= p */ 1535 + { 1536 + .secret = (u8[32]){ 0x28, 0x87, 0x96, 0xbc, 0x5a, 0xff, 0x4b, 0x81, 1537 + 0xa3, 0x75, 0x01, 0x75, 0x7b, 0xc0, 0x75, 0x3a, 1538 + 0x3c, 0x21, 0x96, 0x47, 0x90, 0xd3, 0x86, 0x99, 1539 + 0x30, 0x8d, 0xeb, 0xc1, 0x7a, 0x6e, 0xaf, 0x8d }, 1540 + .b_public = (u8[32]){ 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1541 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1542 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1543 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 1544 + .expected_ss = (u8[32]){ 0xb4, 0xe0, 0xdd, 0x76, 0xda, 0x7b, 0x07, 0x17, 1545 + 0x28, 0xb6, 0x1f, 0x85, 0x67, 0x71, 0xaa, 0x35, 1546 + 0x6e, 0x57, 0xed, 0xa7, 0x8a, 0x5b, 0x16, 0x55, 1547 + 0xcc, 0x38, 0x20, 0xfb, 0x5f, 0x85, 0x4c, 0x5c }, 1548 + .secret_size = 32, 1549 + .b_public_size = 32, 1550 + .expected_ss_size = 32, 1551 + 1552 + }, 1553 + /* wycheproof - public key >= p */ 1554 + { 1555 + .secret = (u8[32]){ 0x98, 0xdf, 0x84, 0x5f, 0x66, 0x51, 0xbf, 0x11, 1556 + 0x38, 0x22, 0x1f, 0x11, 0x90, 0x41, 0xf7, 0x2b, 1557 + 0x6d, 0xbc, 0x3c, 0x4a, 0xce, 0x71, 0x43, 0xd9, 1558 + 0x9f, 0xd5, 0x5a, 0xd8, 0x67, 0x48, 0x0d, 0xa8 }, 1559 + .b_public = (u8[32]){ 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1560 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1561 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1562 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 1563 + .expected_ss = (u8[32]){ 0x6f, 0xdf, 0x6c, 0x37, 0x61, 0x1d, 0xbd, 0x53, 1564 + 0x04, 0xdc, 0x0f, 0x2e, 0xb7, 0xc9, 0x51, 0x7e, 1565 + 0xb3, 0xc5, 0x0e, 0x12, 0xfd, 0x05, 0x0a, 0xc6, 1566 + 0xde, 0xc2, 0x70, 0x71, 0xd4, 0xbf, 0xc0, 0x34 }, 1567 + .secret_size = 32, 1568 + .b_public_size = 32, 1569 + .expected_ss_size = 32, 1570 + 1571 + }, 1572 + /* wycheproof - public key >= p */ 1573 + { 1574 + .secret = (u8[32]){ 0xf0, 0x94, 0x98, 0xe4, 0x6f, 0x02, 0xf8, 0x78, 1575 + 0x82, 0x9e, 0x78, 0xb8, 0x03, 0xd3, 0x16, 0xa2, 1576 + 0xed, 0x69, 0x5d, 0x04, 0x98, 0xa0, 0x8a, 0xbd, 1577 + 0xf8, 0x27, 0x69, 0x30, 0xe2, 0x4e, 0xdc, 0xb0 }, 1578 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1579 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1580 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1581 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 1582 + .expected_ss = (u8[32]){ 0x4c, 0x8f, 0xc4, 0xb1, 0xc6, 0xab, 0x88, 0xfb, 1583 + 0x21, 0xf1, 0x8f, 0x6d, 0x4c, 0x81, 0x02, 0x40, 1584 + 0xd4, 0xe9, 0x46, 0x51, 0xba, 0x44, 0xf7, 0xa2, 1585 + 0xc8, 0x63, 0xce, 0xc7, 0xdc, 0x56, 0x60, 0x2d }, 1586 + .secret_size = 32, 1587 + .b_public_size = 32, 1588 + .expected_ss_size = 32, 1589 + 1590 + }, 1591 + /* wycheproof - public key >= p */ 1592 + { 1593 + .secret = (u8[32]){ 0x18, 0x13, 0xc1, 0x0a, 0x5c, 0x7f, 0x21, 0xf9, 1594 + 0x6e, 0x17, 0xf2, 0x88, 0xc0, 0xcc, 0x37, 0x60, 1595 + 0x7c, 0x04, 0xc5, 0xf5, 0xae, 0xa2, 0xdb, 0x13, 1596 + 0x4f, 0x9e, 0x2f, 0xfc, 0x66, 0xbd, 0x9d, 0xb8 }, 1597 + .b_public = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1598 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1599 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1600 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 }, 1601 + .expected_ss = (u8[32]){ 0x1c, 0xd0, 0xb2, 0x82, 0x67, 0xdc, 0x54, 0x1c, 1602 + 0x64, 0x2d, 0x6d, 0x7d, 0xca, 0x44, 0xa8, 0xb3, 1603 + 0x8a, 0x63, 0x73, 0x6e, 0xef, 0x5c, 0x4e, 0x65, 1604 + 0x01, 0xff, 0xbb, 0xb1, 0x78, 0x0c, 0x03, 0x3c }, 1605 + .secret_size = 32, 1606 + .b_public_size = 32, 1607 + .expected_ss_size = 32, 1608 + 1609 + }, 1610 + /* wycheproof - public key >= p */ 1611 + { 1612 + .secret = (u8[32]){ 0x78, 0x57, 0xfb, 0x80, 0x86, 0x53, 0x64, 0x5a, 1613 + 0x0b, 0xeb, 0x13, 0x8a, 0x64, 0xf5, 0xf4, 0xd7, 1614 + 0x33, 0xa4, 0x5e, 0xa8, 0x4c, 0x3c, 0xda, 0x11, 1615 + 0xa9, 0xc0, 0x6f, 0x7e, 0x71, 0x39, 0x14, 0x9e }, 1616 + .b_public = (u8[32]){ 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1617 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1618 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1619 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 }, 1620 + .expected_ss = (u8[32]){ 0x87, 0x55, 0xbe, 0x01, 0xc6, 0x0a, 0x7e, 0x82, 1621 + 0x5c, 0xff, 0x3e, 0x0e, 0x78, 0xcb, 0x3a, 0xa4, 1622 + 0x33, 0x38, 0x61, 0x51, 0x6a, 0xa5, 0x9b, 0x1c, 1623 + 0x51, 0xa8, 0xb2, 0xa5, 0x43, 0xdf, 0xa8, 0x22 }, 1624 + .secret_size = 32, 1625 + .b_public_size = 32, 1626 + .expected_ss_size = 32, 1627 + 1628 + }, 1629 + /* wycheproof - public key >= p */ 1630 + { 1631 + .secret = (u8[32]){ 0xe0, 0x3a, 0xa8, 0x42, 0xe2, 0xab, 0xc5, 0x6e, 1632 + 0x81, 0xe8, 0x7b, 0x8b, 0x9f, 0x41, 0x7b, 0x2a, 1633 + 0x1e, 0x59, 0x13, 0xc7, 0x23, 0xee, 0xd2, 0x8d, 1634 + 0x75, 0x2f, 0x8d, 0x47, 0xa5, 0x9f, 0x49, 0x8f }, 1635 + .b_public = (u8[32]){ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1636 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1637 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1638 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 }, 1639 + .expected_ss = (u8[32]){ 0x54, 0xc9, 0xa1, 0xed, 0x95, 0xe5, 0x46, 0xd2, 1640 + 0x78, 0x22, 0xa3, 0x60, 0x93, 0x1d, 0xda, 0x60, 1641 + 0xa1, 0xdf, 0x04, 0x9d, 0xa6, 0xf9, 0x04, 0x25, 1642 + 0x3c, 0x06, 0x12, 0xbb, 0xdc, 0x08, 0x74, 0x76 }, 1643 + .secret_size = 32, 1644 + .b_public_size = 32, 1645 + .expected_ss_size = 32, 1646 + 1647 + }, 1648 + /* wycheproof - public key >= p */ 1649 + { 1650 + .secret = (u8[32]){ 0xf8, 0xf7, 0x07, 0xb7, 0x99, 0x9b, 0x18, 0xcb, 1651 + 0x0d, 0x6b, 0x96, 0x12, 0x4f, 0x20, 0x45, 0x97, 1652 + 0x2c, 0xa2, 0x74, 0xbf, 0xc1, 0x54, 0xad, 0x0c, 1653 + 0x87, 0x03, 0x8c, 0x24, 0xc6, 0xd0, 0xd4, 0xb2 }, 1654 + .b_public = (u8[32]){ 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1655 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1656 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1657 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1658 + .expected_ss = (u8[32]){ 0xcc, 0x1f, 0x40, 0xd7, 0x43, 0xcd, 0xc2, 0x23, 1659 + 0x0e, 0x10, 0x43, 0xda, 0xba, 0x8b, 0x75, 0xe8, 1660 + 0x10, 0xf1, 0xfb, 0xab, 0x7f, 0x25, 0x52, 0x69, 1661 + 0xbd, 0x9e, 0xbb, 0x29, 0xe6, 0xbf, 0x49, 0x4f }, 1662 + .secret_size = 32, 1663 + .b_public_size = 32, 1664 + .expected_ss_size = 32, 1665 + 1666 + }, 1667 + /* wycheproof - public key >= p */ 1668 + { 1669 + .secret = (u8[32]){ 0xa0, 0x34, 0xf6, 0x84, 0xfa, 0x63, 0x1e, 0x1a, 1670 + 0x34, 0x81, 0x18, 0xc1, 0xce, 0x4c, 0x98, 0x23, 1671 + 0x1f, 0x2d, 0x9e, 0xec, 0x9b, 0xa5, 0x36, 0x5b, 1672 + 0x4a, 0x05, 0xd6, 0x9a, 0x78, 0x5b, 0x07, 0x96 }, 1673 + .b_public = (u8[32]){ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1674 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1675 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1676 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1677 + .expected_ss = (u8[32]){ 0x54, 0x99, 0x8e, 0xe4, 0x3a, 0x5b, 0x00, 0x7b, 1678 + 0xf4, 0x99, 0xf0, 0x78, 0xe7, 0x36, 0x52, 0x44, 1679 + 0x00, 0xa8, 0xb5, 0xc7, 0xe9, 0xb9, 0xb4, 0x37, 1680 + 0x71, 0x74, 0x8c, 0x7c, 0xdf, 0x88, 0x04, 0x12 }, 1681 + .secret_size = 32, 1682 + .b_public_size = 32, 1683 + .expected_ss_size = 32, 1684 + 1685 + }, 1686 + /* wycheproof - public key >= p */ 1687 + { 1688 + .secret = (u8[32]){ 0x30, 0xb6, 0xc6, 0xa0, 0xf2, 0xff, 0xa6, 0x80, 1689 + 0x76, 0x8f, 0x99, 0x2b, 0xa8, 0x9e, 0x15, 0x2d, 1690 + 0x5b, 0xc9, 0x89, 0x3d, 0x38, 0xc9, 0x11, 0x9b, 1691 + 0xe4, 0xf7, 0x67, 0xbf, 0xab, 0x6e, 0x0c, 0xa5 }, 1692 + .b_public = (u8[32]){ 0xdc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1693 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1694 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1695 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1696 + .expected_ss = (u8[32]){ 0xea, 0xd9, 0xb3, 0x8e, 0xfd, 0xd7, 0x23, 0x63, 1697 + 0x79, 0x34, 0xe5, 0x5a, 0xb7, 0x17, 0xa7, 0xae, 1698 + 0x09, 0xeb, 0x86, 0xa2, 0x1d, 0xc3, 0x6a, 0x3f, 1699 + 0xee, 0xb8, 0x8b, 0x75, 0x9e, 0x39, 0x1e, 0x09 }, 1700 + .secret_size = 32, 1701 + .b_public_size = 32, 1702 + .expected_ss_size = 32, 1703 + 1704 + }, 1705 + /* wycheproof - public key >= p */ 1706 + { 1707 + .secret = (u8[32]){ 0x90, 0x1b, 0x9d, 0xcf, 0x88, 0x1e, 0x01, 0xe0, 1708 + 0x27, 0x57, 0x50, 0x35, 0xd4, 0x0b, 0x43, 0xbd, 1709 + 0xc1, 0xc5, 0x24, 0x2e, 0x03, 0x08, 0x47, 0x49, 1710 + 0x5b, 0x0c, 0x72, 0x86, 0x46, 0x9b, 0x65, 0x91 }, 1711 + .b_public = (u8[32]){ 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1712 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1713 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1714 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1715 + .expected_ss = (u8[32]){ 0x60, 0x2f, 0xf4, 0x07, 0x89, 0xb5, 0x4b, 0x41, 1716 + 0x80, 0x59, 0x15, 0xfe, 0x2a, 0x62, 0x21, 0xf0, 1717 + 0x7a, 0x50, 0xff, 0xc2, 0xc3, 0xfc, 0x94, 0xcf, 1718 + 0x61, 0xf1, 0x3d, 0x79, 0x04, 0xe8, 0x8e, 0x0e }, 1719 + .secret_size = 32, 1720 + .b_public_size = 32, 1721 + .expected_ss_size = 32, 1722 + 1723 + }, 1724 + /* wycheproof - public key >= p */ 1725 + { 1726 + .secret = (u8[32]){ 0x80, 0x46, 0x67, 0x7c, 0x28, 0xfd, 0x82, 0xc9, 1727 + 0xa1, 0xbd, 0xb7, 0x1a, 0x1a, 0x1a, 0x34, 0xfa, 1728 + 0xba, 0x12, 0x25, 0xe2, 0x50, 0x7f, 0xe3, 0xf5, 1729 + 0x4d, 0x10, 0xbd, 0x5b, 0x0d, 0x86, 0x5f, 0x8e }, 1730 + .b_public = (u8[32]){ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1731 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1732 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1733 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1734 + .expected_ss = (u8[32]){ 0xe0, 0x0a, 0xe8, 0xb1, 0x43, 0x47, 0x12, 0x47, 1735 + 0xba, 0x24, 0xf1, 0x2c, 0x88, 0x55, 0x36, 0xc3, 1736 + 0xcb, 0x98, 0x1b, 0x58, 0xe1, 0xe5, 0x6b, 0x2b, 1737 + 0xaf, 0x35, 0xc1, 0x2a, 0xe1, 0xf7, 0x9c, 0x26 }, 1738 + .secret_size = 32, 1739 + .b_public_size = 32, 1740 + .expected_ss_size = 32, 1741 + 1742 + }, 1743 + /* wycheproof - public key >= p */ 1744 + { 1745 + .secret = (u8[32]){ 0x60, 0x2f, 0x7e, 0x2f, 0x68, 0xa8, 0x46, 0xb8, 1746 + 0x2c, 0xc2, 0x69, 0xb1, 0xd4, 0x8e, 0x93, 0x98, 1747 + 0x86, 0xae, 0x54, 0xfd, 0x63, 0x6c, 0x1f, 0xe0, 1748 + 0x74, 0xd7, 0x10, 0x12, 0x7d, 0x47, 0x24, 0x91 }, 1749 + .b_public = (u8[32]){ 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1750 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1751 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1752 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1753 + .expected_ss = (u8[32]){ 0x98, 0xcb, 0x9b, 0x50, 0xdd, 0x3f, 0xc2, 0xb0, 1754 + 0xd4, 0xf2, 0xd2, 0xbf, 0x7c, 0x5c, 0xfd, 0xd1, 1755 + 0x0c, 0x8f, 0xcd, 0x31, 0xfc, 0x40, 0xaf, 0x1a, 1756 + 0xd4, 0x4f, 0x47, 0xc1, 0x31, 0x37, 0x63, 0x62 }, 1757 + .secret_size = 32, 1758 + .b_public_size = 32, 1759 + .expected_ss_size = 32, 1760 + 1761 + }, 1762 + /* wycheproof - public key >= p */ 1763 + { 1764 + .secret = (u8[32]){ 0x60, 0x88, 0x7b, 0x3d, 0xc7, 0x24, 0x43, 0x02, 1765 + 0x6e, 0xbe, 0xdb, 0xbb, 0xb7, 0x06, 0x65, 0xf4, 1766 + 0x2b, 0x87, 0xad, 0xd1, 0x44, 0x0e, 0x77, 0x68, 1767 + 0xfb, 0xd7, 0xe8, 0xe2, 0xce, 0x5f, 0x63, 0x9d }, 1768 + .b_public = (u8[32]){ 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1769 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1770 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1771 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1772 + .expected_ss = (u8[32]){ 0x38, 0xd6, 0x30, 0x4c, 0x4a, 0x7e, 0x6d, 0x9f, 1773 + 0x79, 0x59, 0x33, 0x4f, 0xb5, 0x24, 0x5b, 0xd2, 1774 + 0xc7, 0x54, 0x52, 0x5d, 0x4c, 0x91, 0xdb, 0x95, 1775 + 0x02, 0x06, 0x92, 0x62, 0x34, 0xc1, 0xf6, 0x33 }, 1776 + .secret_size = 32, 1777 + .b_public_size = 32, 1778 + .expected_ss_size = 32, 1779 + 1780 + }, 1781 + /* wycheproof - public key >= p */ 1782 + { 1783 + .secret = (u8[32]){ 0x78, 0xd3, 0x1d, 0xfa, 0x85, 0x44, 0x97, 0xd7, 1784 + 0x2d, 0x8d, 0xef, 0x8a, 0x1b, 0x7f, 0xb0, 0x06, 1785 + 0xce, 0xc2, 0xd8, 0xc4, 0x92, 0x46, 0x47, 0xc9, 1786 + 0x38, 0x14, 0xae, 0x56, 0xfa, 0xed, 0xa4, 0x95 }, 1787 + .b_public = (u8[32]){ 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1788 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1789 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1790 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1791 + .expected_ss = (u8[32]){ 0x78, 0x6c, 0xd5, 0x49, 0x96, 0xf0, 0x14, 0xa5, 1792 + 0xa0, 0x31, 0xec, 0x14, 0xdb, 0x81, 0x2e, 0xd0, 1793 + 0x83, 0x55, 0x06, 0x1f, 0xdb, 0x5d, 0xe6, 0x80, 1794 + 0xa8, 0x00, 0xac, 0x52, 0x1f, 0x31, 0x8e, 0x23 }, 1795 + .secret_size = 32, 1796 + .b_public_size = 32, 1797 + .expected_ss_size = 32, 1798 + 1799 + }, 1800 + /* wycheproof - public key >= p */ 1801 + { 1802 + .secret = (u8[32]){ 0xc0, 0x4c, 0x5b, 0xae, 0xfa, 0x83, 0x02, 0xdd, 1803 + 0xde, 0xd6, 0xa4, 0xbb, 0x95, 0x77, 0x61, 0xb4, 1804 + 0xeb, 0x97, 0xae, 0xfa, 0x4f, 0xc3, 0xb8, 0x04, 1805 + 0x30, 0x85, 0xf9, 0x6a, 0x56, 0x59, 0xb3, 0xa5 }, 1806 + .b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1807 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1808 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1809 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, 1810 + .expected_ss = (u8[32]){ 0x29, 0xae, 0x8b, 0xc7, 0x3e, 0x9b, 0x10, 0xa0, 1811 + 0x8b, 0x4f, 0x68, 0x1c, 0x43, 0xc3, 0xe0, 0xac, 1812 + 0x1a, 0x17, 0x1d, 0x31, 0xb3, 0x8f, 0x1a, 0x48, 1813 + 0xef, 0xba, 0x29, 0xae, 0x63, 0x9e, 0xa1, 0x34 }, 1814 + .secret_size = 32, 1815 + .b_public_size = 32, 1816 + .expected_ss_size = 32, 1817 + 1818 + }, 1819 + /* wycheproof - RFC 7748 */ 1820 + { 1821 + .secret = (u8[32]){ 0xa0, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d, 1822 + 0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd, 1823 + 0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18, 1824 + 0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0x44 }, 1825 + .b_public = (u8[32]){ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb, 1826 + 0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c, 1827 + 0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b, 1828 + 0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c }, 1829 + .expected_ss = (u8[32]){ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90, 1830 + 0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 1831 + 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7, 1832 + 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 }, 1833 + .secret_size = 32, 1834 + .b_public_size = 32, 1835 + .expected_ss_size = 32, 1836 + 1837 + }, 1838 + /* wycheproof - RFC 7748 */ 1839 + { 1840 + .secret = (u8[32]){ 0x48, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c, 1841 + 0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5, 1842 + 0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4, 1843 + 0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x4d }, 1844 + .b_public = (u8[32]){ 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3, 1845 + 0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c, 1846 + 0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e, 1847 + 0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x13 }, 1848 + .expected_ss = (u8[32]){ 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d, 1849 + 0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 1850 + 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52, 1851 + 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57 }, 1852 + .secret_size = 32, 1853 + .b_public_size = 32, 1854 + .expected_ss_size = 32, 1855 + 1856 + }, 1857 + /* wycheproof - edge case for shared secret */ 1858 + { 1859 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1860 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1861 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1862 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1863 + .b_public = (u8[32]){ 0x0a, 0xb4, 0xe7, 0x63, 0x80, 0xd8, 0x4d, 0xde, 1864 + 0x4f, 0x68, 0x33, 0xc5, 0x8f, 0x2a, 0x9f, 0xb8, 1865 + 0xf8, 0x3b, 0xb0, 0x16, 0x9b, 0x17, 0x2b, 0xe4, 1866 + 0xb6, 0xe0, 0x59, 0x28, 0x87, 0x74, 0x1a, 0x36 }, 1867 + .expected_ss = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1868 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1869 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1870 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1871 + .secret_size = 32, 1872 + .b_public_size = 32, 1873 + .expected_ss_size = 32, 1874 + 1875 + }, 1876 + /* wycheproof - edge case for shared secret */ 1877 + { 1878 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1879 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1880 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1881 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1882 + .b_public = (u8[32]){ 0x89, 0xe1, 0x0d, 0x57, 0x01, 0xb4, 0x33, 0x7d, 1883 + 0x2d, 0x03, 0x21, 0x81, 0x53, 0x8b, 0x10, 0x64, 1884 + 0xbd, 0x40, 0x84, 0x40, 0x1c, 0xec, 0xa1, 0xfd, 1885 + 0x12, 0x66, 0x3a, 0x19, 0x59, 0x38, 0x80, 0x00 }, 1886 + .expected_ss = (u8[32]){ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1887 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1888 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1889 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1890 + .secret_size = 32, 1891 + .b_public_size = 32, 1892 + .expected_ss_size = 32, 1893 + 1894 + }, 1895 + /* wycheproof - edge case for shared secret */ 1896 + { 1897 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1898 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1899 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1900 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1901 + .b_public = (u8[32]){ 0x2b, 0x55, 0xd3, 0xaa, 0x4a, 0x8f, 0x80, 0xc8, 1902 + 0xc0, 0xb2, 0xae, 0x5f, 0x93, 0x3e, 0x85, 0xaf, 1903 + 0x49, 0xbe, 0xac, 0x36, 0xc2, 0xfa, 0x73, 0x94, 1904 + 0xba, 0xb7, 0x6c, 0x89, 0x33, 0xf8, 0xf8, 0x1d }, 1905 + .expected_ss = (u8[32]){ 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1906 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1907 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1908 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, 1909 + .secret_size = 32, 1910 + .b_public_size = 32, 1911 + .expected_ss_size = 32, 1912 + 1913 + }, 1914 + /* wycheproof - edge case for shared secret */ 1915 + { 1916 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1917 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1918 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1919 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1920 + .b_public = (u8[32]){ 0x63, 0xe5, 0xb1, 0xfe, 0x96, 0x01, 0xfe, 0x84, 1921 + 0x38, 0x5d, 0x88, 0x66, 0xb0, 0x42, 0x12, 0x62, 1922 + 0xf7, 0x8f, 0xbf, 0xa5, 0xaf, 0xf9, 0x58, 0x5e, 1923 + 0x62, 0x66, 0x79, 0xb1, 0x85, 0x47, 0xd9, 0x59 }, 1924 + .expected_ss = (u8[32]){ 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1925 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1926 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1927 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f }, 1928 + .secret_size = 32, 1929 + .b_public_size = 32, 1930 + .expected_ss_size = 32, 1931 + 1932 + }, 1933 + /* wycheproof - edge case for shared secret */ 1934 + { 1935 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1936 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1937 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1938 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1939 + .b_public = (u8[32]){ 0xe4, 0x28, 0xf3, 0xda, 0xc1, 0x78, 0x09, 0xf8, 1940 + 0x27, 0xa5, 0x22, 0xce, 0x32, 0x35, 0x50, 0x58, 1941 + 0xd0, 0x73, 0x69, 0x36, 0x4a, 0xa7, 0x89, 0x02, 1942 + 0xee, 0x10, 0x13, 0x9b, 0x9f, 0x9d, 0xd6, 0x53 }, 1943 + .expected_ss = (u8[32]){ 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1944 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1945 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1946 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f }, 1947 + .secret_size = 32, 1948 + .b_public_size = 32, 1949 + .expected_ss_size = 32, 1950 + 1951 + }, 1952 + /* wycheproof - edge case for shared secret */ 1953 + { 1954 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1955 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1956 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1957 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1958 + .b_public = (u8[32]){ 0xb3, 0xb5, 0x0e, 0x3e, 0xd3, 0xa4, 0x07, 0xb9, 1959 + 0x5d, 0xe9, 0x42, 0xef, 0x74, 0x57, 0x5b, 0x5a, 1960 + 0xb8, 0xa1, 0x0c, 0x09, 0xee, 0x10, 0x35, 0x44, 1961 + 0xd6, 0x0b, 0xdf, 0xed, 0x81, 0x38, 0xab, 0x2b }, 1962 + .expected_ss = (u8[32]){ 0xf9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1963 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1964 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1965 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f }, 1966 + .secret_size = 32, 1967 + .b_public_size = 32, 1968 + .expected_ss_size = 32, 1969 + 1970 + }, 1971 + /* wycheproof - edge case for shared secret */ 1972 + { 1973 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1974 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1975 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1976 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1977 + .b_public = (u8[32]){ 0x21, 0x3f, 0xff, 0xe9, 0x3d, 0x5e, 0xa8, 0xcd, 1978 + 0x24, 0x2e, 0x46, 0x28, 0x44, 0x02, 0x99, 0x22, 1979 + 0xc4, 0x3c, 0x77, 0xc9, 0xe3, 0xe4, 0x2f, 0x56, 1980 + 0x2f, 0x48, 0x5d, 0x24, 0xc5, 0x01, 0xa2, 0x0b }, 1981 + .expected_ss = (u8[32]){ 0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1982 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1983 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1984 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f }, 1985 + .secret_size = 32, 1986 + .b_public_size = 32, 1987 + .expected_ss_size = 32, 1988 + 1989 + }, 1990 + /* wycheproof - edge case for shared secret */ 1991 + { 1992 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 1993 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 1994 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 1995 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 1996 + .b_public = (u8[32]){ 0x91, 0xb2, 0x32, 0xa1, 0x78, 0xb3, 0xcd, 0x53, 1997 + 0x09, 0x32, 0x44, 0x1e, 0x61, 0x39, 0x41, 0x8f, 1998 + 0x72, 0x17, 0x22, 0x92, 0xf1, 0xda, 0x4c, 0x18, 1999 + 0x34, 0xfc, 0x5e, 0xbf, 0xef, 0xb5, 0x1e, 0x3f }, 2000 + .expected_ss = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2001 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2002 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2003 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03 }, 2004 + .secret_size = 32, 2005 + .b_public_size = 32, 2006 + .expected_ss_size = 32, 2007 + 2008 + }, 2009 + /* wycheproof - edge case for shared secret */ 2010 + { 2011 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 2012 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 2013 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 2014 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 2015 + .b_public = (u8[32]){ 0x04, 0x5c, 0x6e, 0x11, 0xc5, 0xd3, 0x32, 0x55, 2016 + 0x6c, 0x78, 0x22, 0xfe, 0x94, 0xeb, 0xf8, 0x9b, 2017 + 0x56, 0xa3, 0x87, 0x8d, 0xc2, 0x7c, 0xa0, 0x79, 2018 + 0x10, 0x30, 0x58, 0x84, 0x9f, 0xab, 0xcb, 0x4f }, 2019 + .expected_ss = (u8[32]){ 0xe5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2020 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2021 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2022 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 2023 + .secret_size = 32, 2024 + .b_public_size = 32, 2025 + .expected_ss_size = 32, 2026 + 2027 + }, 2028 + /* wycheproof - edge case for shared secret */ 2029 + { 2030 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 2031 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 2032 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 2033 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 2034 + .b_public = (u8[32]){ 0x1c, 0xa2, 0x19, 0x0b, 0x71, 0x16, 0x35, 0x39, 2035 + 0x06, 0x3c, 0x35, 0x77, 0x3b, 0xda, 0x0c, 0x9c, 2036 + 0x92, 0x8e, 0x91, 0x36, 0xf0, 0x62, 0x0a, 0xeb, 2037 + 0x09, 0x3f, 0x09, 0x91, 0x97, 0xb7, 0xf7, 0x4e }, 2038 + .expected_ss = (u8[32]){ 0xe3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2039 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2040 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2041 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 2042 + .secret_size = 32, 2043 + .b_public_size = 32, 2044 + .expected_ss_size = 32, 2045 + 2046 + }, 2047 + /* wycheproof - edge case for shared secret */ 2048 + { 2049 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 2050 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 2051 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 2052 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 2053 + .b_public = (u8[32]){ 0xf7, 0x6e, 0x90, 0x10, 0xac, 0x33, 0xc5, 0x04, 2054 + 0x3b, 0x2d, 0x3b, 0x76, 0xa8, 0x42, 0x17, 0x10, 2055 + 0x00, 0xc4, 0x91, 0x62, 0x22, 0xe9, 0xe8, 0x58, 2056 + 0x97, 0xa0, 0xae, 0xc7, 0xf6, 0x35, 0x0b, 0x3c }, 2057 + .expected_ss = (u8[32]){ 0xdd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2058 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2059 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2060 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 2061 + .secret_size = 32, 2062 + .b_public_size = 32, 2063 + .expected_ss_size = 32, 2064 + 2065 + }, 2066 + /* wycheproof - edge case for shared secret */ 2067 + { 2068 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 2069 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 2070 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 2071 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 2072 + .b_public = (u8[32]){ 0xbb, 0x72, 0x68, 0x8d, 0x8f, 0x8a, 0xa7, 0xa3, 2073 + 0x9c, 0xd6, 0x06, 0x0c, 0xd5, 0xc8, 0x09, 0x3c, 2074 + 0xde, 0xc6, 0xfe, 0x34, 0x19, 0x37, 0xc3, 0x88, 2075 + 0x6a, 0x99, 0x34, 0x6c, 0xd0, 0x7f, 0xaa, 0x55 }, 2076 + .expected_ss = (u8[32]){ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2077 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2078 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2079 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 2080 + .secret_size = 32, 2081 + .b_public_size = 32, 2082 + .expected_ss_size = 32, 2083 + 2084 + }, 2085 + /* wycheproof - edge case for shared secret */ 2086 + { 2087 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 2088 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 2089 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 2090 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 2091 + .b_public = (u8[32]){ 0x88, 0xfd, 0xde, 0xa1, 0x93, 0x39, 0x1c, 0x6a, 2092 + 0x59, 0x33, 0xef, 0x9b, 0x71, 0x90, 0x15, 0x49, 2093 + 0x44, 0x72, 0x05, 0xaa, 0xe9, 0xda, 0x92, 0x8a, 2094 + 0x6b, 0x91, 0xa3, 0x52, 0xba, 0x10, 0xf4, 0x1f }, 2095 + .expected_ss = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2096 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2097 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2098 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 }, 2099 + .secret_size = 32, 2100 + .b_public_size = 32, 2101 + .expected_ss_size = 32, 2102 + 2103 + }, 2104 + /* wycheproof - edge case for shared secret */ 2105 + { 2106 + .secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4, 2107 + 0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3, 2108 + 0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc, 2109 + 0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 }, 2110 + .b_public = (u8[32]){ 0x30, 0x3b, 0x39, 0x2f, 0x15, 0x31, 0x16, 0xca, 2111 + 0xd9, 0xcc, 0x68, 0x2a, 0x00, 0xcc, 0xc4, 0x4c, 2112 + 0x95, 0xff, 0x0d, 0x3b, 0xbe, 0x56, 0x8b, 0xeb, 2113 + 0x6c, 0x4e, 0x73, 0x9b, 0xaf, 0xdc, 0x2c, 0x68 }, 2114 + .expected_ss = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2115 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2116 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2117 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00 }, 2118 + .secret_size = 32, 2119 + .b_public_size = 32, 2120 + .expected_ss_size = 32, 2121 + 2122 + }, 2123 + /* wycheproof - checking for overflow */ 2124 + { 2125 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 2126 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d, 2127 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, 2128 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 }, 2129 + .b_public = (u8[32]){ 0xfd, 0x30, 0x0a, 0xeb, 0x40, 0xe1, 0xfa, 0x58, 2130 + 0x25, 0x18, 0x41, 0x2b, 0x49, 0xb2, 0x08, 0xa7, 2131 + 0x84, 0x2b, 0x1e, 0x1f, 0x05, 0x6a, 0x04, 0x01, 2132 + 0x78, 0xea, 0x41, 0x41, 0x53, 0x4f, 0x65, 0x2d }, 2133 + .expected_ss = (u8[32]){ 0xb7, 0x34, 0x10, 0x5d, 0xc2, 0x57, 0x58, 0x5d, 2134 + 0x73, 0xb5, 0x66, 0xcc, 0xb7, 0x6f, 0x06, 0x27, 2135 + 0x95, 0xcc, 0xbe, 0xc8, 0x91, 0x28, 0xe5, 0x2b, 2136 + 0x02, 0xf3, 0xe5, 0x96, 0x39, 0xf1, 0x3c, 0x46 }, 2137 + .secret_size = 32, 2138 + .b_public_size = 32, 2139 + .expected_ss_size = 32, 2140 + 2141 + }, 2142 + /* wycheproof - checking for overflow */ 2143 + { 2144 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 2145 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d, 2146 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, 2147 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 }, 2148 + .b_public = (u8[32]){ 0xc8, 0xef, 0x79, 0xb5, 0x14, 0xd7, 0x68, 0x26, 2149 + 0x77, 0xbc, 0x79, 0x31, 0xe0, 0x6e, 0xe5, 0xc2, 2150 + 0x7c, 0x9b, 0x39, 0x2b, 0x4a, 0xe9, 0x48, 0x44, 2151 + 0x73, 0xf5, 0x54, 0xe6, 0x67, 0x8e, 0xcc, 0x2e }, 2152 + .expected_ss = (u8[32]){ 0x64, 0x7a, 0x46, 0xb6, 0xfc, 0x3f, 0x40, 0xd6, 2153 + 0x21, 0x41, 0xee, 0x3c, 0xee, 0x70, 0x6b, 0x4d, 2154 + 0x7a, 0x92, 0x71, 0x59, 0x3a, 0x7b, 0x14, 0x3e, 2155 + 0x8e, 0x2e, 0x22, 0x79, 0x88, 0x3e, 0x45, 0x50 }, 2156 + .secret_size = 32, 2157 + .b_public_size = 32, 2158 + .expected_ss_size = 32, 2159 + 2160 + }, 2161 + /* wycheproof - checking for overflow */ 2162 + { 2163 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 2164 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d, 2165 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, 2166 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 }, 2167 + .b_public = (u8[32]){ 0x64, 0xae, 0xac, 0x25, 0x04, 0x14, 0x48, 0x61, 2168 + 0x53, 0x2b, 0x7b, 0xbc, 0xb6, 0xc8, 0x7d, 0x67, 2169 + 0xdd, 0x4c, 0x1f, 0x07, 0xeb, 0xc2, 0xe0, 0x6e, 2170 + 0xff, 0xb9, 0x5a, 0xec, 0xc6, 0x17, 0x0b, 0x2c }, 2171 + .expected_ss = (u8[32]){ 0x4f, 0xf0, 0x3d, 0x5f, 0xb4, 0x3c, 0xd8, 0x65, 2172 + 0x7a, 0x3c, 0xf3, 0x7c, 0x13, 0x8c, 0xad, 0xce, 2173 + 0xcc, 0xe5, 0x09, 0xe4, 0xeb, 0xa0, 0x89, 0xd0, 2174 + 0xef, 0x40, 0xb4, 0xe4, 0xfb, 0x94, 0x61, 0x55 }, 2175 + .secret_size = 32, 2176 + .b_public_size = 32, 2177 + .expected_ss_size = 32, 2178 + 2179 + }, 2180 + /* wycheproof - checking for overflow */ 2181 + { 2182 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 2183 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d, 2184 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, 2185 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 }, 2186 + .b_public = (u8[32]){ 0xbf, 0x68, 0xe3, 0x5e, 0x9b, 0xdb, 0x7e, 0xee, 2187 + 0x1b, 0x50, 0x57, 0x02, 0x21, 0x86, 0x0f, 0x5d, 2188 + 0xcd, 0xad, 0x8a, 0xcb, 0xab, 0x03, 0x1b, 0x14, 2189 + 0x97, 0x4c, 0xc4, 0x90, 0x13, 0xc4, 0x98, 0x31 }, 2190 + .expected_ss = (u8[32]){ 0x21, 0xce, 0xe5, 0x2e, 0xfd, 0xbc, 0x81, 0x2e, 2191 + 0x1d, 0x02, 0x1a, 0x4a, 0xf1, 0xe1, 0xd8, 0xbc, 2192 + 0x4d, 0xb3, 0xc4, 0x00, 0xe4, 0xd2, 0xa2, 0xc5, 2193 + 0x6a, 0x39, 0x26, 0xdb, 0x4d, 0x99, 0xc6, 0x5b }, 2194 + .secret_size = 32, 2195 + .b_public_size = 32, 2196 + .expected_ss_size = 32, 2197 + 2198 + }, 2199 + /* wycheproof - checking for overflow */ 2200 + { 2201 + .secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d, 2202 + 0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d, 2203 + 0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c, 2204 + 0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 }, 2205 + .b_public = (u8[32]){ 0x53, 0x47, 0xc4, 0x91, 0x33, 0x1a, 0x64, 0xb4, 2206 + 0x3d, 0xdc, 0x68, 0x30, 0x34, 0xe6, 0x77, 0xf5, 2207 + 0x3d, 0xc3, 0x2b, 0x52, 0xa5, 0x2a, 0x57, 0x7c, 2208 + 0x15, 0xa8, 0x3b, 0xf2, 0x98, 0xe9, 0x9f, 0x19 }, 2209 + .expected_ss = (u8[32]){ 0x18, 0xcb, 0x89, 0xe4, 0xe2, 0x0c, 0x0c, 0x2b, 2210 + 0xd3, 0x24, 0x30, 0x52, 0x45, 0x26, 0x6c, 0x93, 2211 + 0x27, 0x69, 0x0b, 0xbe, 0x79, 0xac, 0xb8, 0x8f, 2212 + 0x5b, 0x8f, 0xb3, 0xf7, 0x4e, 0xca, 0x3e, 0x52 }, 2213 + .secret_size = 32, 2214 + .b_public_size = 32, 2215 + .expected_ss_size = 32, 2216 + 2217 + }, 2218 + /* wycheproof - private key == -1 (mod order) */ 2219 + { 2220 + .secret = (u8[32]){ 0xa0, 0x23, 0xcd, 0xd0, 0x83, 0xef, 0x5b, 0xb8, 2221 + 0x2f, 0x10, 0xd6, 0x2e, 0x59, 0xe1, 0x5a, 0x68, 2222 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2223 + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50 }, 2224 + .b_public = (u8[32]){ 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e, 2225 + 0xe6, 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57, 2226 + 0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, 0x82, 0x8f, 2227 + 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75 }, 2228 + .expected_ss = (u8[32]){ 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e, 2229 + 0xe6, 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57, 2230 + 0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, 0x82, 0x8f, 2231 + 0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75 }, 2232 + .secret_size = 32, 2233 + .b_public_size = 32, 2234 + .expected_ss_size = 32, 2235 + 2236 + }, 2237 + /* wycheproof - private key == 1 (mod order) on twist */ 2238 + { 2239 + .secret = (u8[32]){ 0x58, 0x08, 0x3d, 0xd2, 0x61, 0xad, 0x91, 0xef, 2240 + 0xf9, 0x52, 0x32, 0x2e, 0xc8, 0x24, 0xc6, 0x82, 2241 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 2242 + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f }, 2243 + .b_public = (u8[32]){ 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f, 2244 + 0x2d, 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6, 2245 + 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, 0xef, 0x64, 2246 + 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35 }, 2247 + .expected_ss = (u8[32]){ 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f, 2248 + 0x2d, 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6, 2249 + 0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, 0xef, 0x64, 2250 + 0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35 }, 2251 + .secret_size = 32, 2252 + .b_public_size = 32, 2253 + .expected_ss_size = 32, 2254 + 2255 + } 2256 + }; 2257 + 1033 2258 static const struct kpp_testvec ecdh_tv_template[] = { 1034 2259 { 1035 2260 #ifndef CONFIG_CRYPTO_FIPS