From 95ffbf4745553e8a207922389929e1943c0237c0 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Tue, 9 Jun 2026 13:38:03 +0100 Subject: [PATCH] [crypto] Add RFC 7919 FFDHE key exchange algorithms We currently support fully parameterized finite field Diffie-Hellman key exchange, where the peer provides not only its public key but also the (fully arbitrary) selection of the field prime and generator. RFC 7919 defines a family of finite fields all constructed from the natural logarithm constant "e", intended to be used as well-known fields where the peer simply names the field (e.g. "ffdhe2048") rather than providing the raw prime and generator values. Add support for this family of finite fields as key exchange algorithms, to allow for protocols such as TLS version 1.3 where parameterized fields are not permitted. We choose to support only up to ffdhe4096, since this is sufficient to exceed the security strength of our RNG (128 bits). Support for ffdhe6144 and ffdhe8192 could trivially be added by simply extending the "euler" constant and adding the relevant FFDHE_GROUP() declarations. Doing so would approximately double the space requirements for both read-only data (from 0.5kB to 1kB) and for uninitialised data (from 3.5kB to 7kB). Signed-off-by: Michael Brown --- src/crypto/ffdhe.c | 204 +++++++++++++ src/include/ipxe/bigint.h | 7 +- src/include/ipxe/errfile.h | 1 + src/include/ipxe/ffdhe.h | 70 +++++ src/tests/ffdhe_test.c | 611 +++++++++++++++++++++++++++++++++++++ src/tests/tests.c | 1 + 6 files changed, 889 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ffdhe.c create mode 100644 src/include/ipxe/ffdhe.h create mode 100644 src/tests/ffdhe_test.c diff --git a/src/crypto/ffdhe.c b/src/crypto/ffdhe.c new file mode 100644 index 000000000..7dc9457fc --- /dev/null +++ b/src/crypto/ffdhe.c @@ -0,0 +1,204 @@ +/* + * Copyright (C) 2026 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +/** @file + * + * Finite Field Diffie-Hellman Ephemeral key exchange + * + * RFC 7919 defines a family of finite fields all constructed from the + * natural logarithm constant "e". + * + * We choose to support only up to ffdhe4096, since this is sufficient + * to exceed the security strength of our RNG (128 bits). + * + * Support for ffdhe6144 and ffdhe8192 could trivially be added by + * simply extending the "euler" constant and adding the relevant + * FFDHE_GROUP() declarations. Doing so would approximately double + * the space requirements for both read-only data (from 0.5kB to 1kB) + * and for uninitialised data (from 3.5kB to 7kB). + */ + +#include +#include +#include + +/** Euler's number ("e") */ +static const uint8_t euler[] = { + 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, + 0x20, 0x27, 0x3d, 0x3c, 0xf1, 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, + 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, 0xcc, + 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, 0x7d, 0x2f, 0xe3, 0x63, + 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, + 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, 0x24, 0x33, + 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55, 0x3d, + 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, + 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, + 0xda, 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, + 0xe7, 0x35, 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, + 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, + 0xb2, 0xc8, 0xe3, 0xfb, 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, + 0x68, 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, + 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, 0x0b, 0x07, 0xa7, 0xc8, 0xee, + 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, + 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, 0x91, 0x72, 0xfe, + 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, + 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, 0x3b, + 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83, + 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, + 0xfa, 0x88, 0x6b, 0x42, 0x38, 0x61, 0x1f, 0xcf, 0xdc, 0xde, 0x35, + 0x5b, 0x3b, 0x65, 0x19, 0x03, 0x5b, 0xbc, 0x34, 0xf4, 0xde, 0xf9, + 0x9c, 0x02, 0x38, 0x61, 0xb4, 0x6f, 0xc9, 0xd6, 0xe6, 0xc9, 0x07, + 0x7a, 0xd9, 0x1d, 0x26, 0x91, 0xf7, 0xf7, 0xee, 0x59, 0x8c, 0xb0, + 0xfa, 0xc1, 0x86, 0xd9, 0x1c, 0xae, 0xfe, 0x13, 0x09, 0x85, 0x13, + 0x92, 0x70, 0xb4, 0x13, 0x0c, 0x93, 0xbc, 0x43, 0x79, 0x44, 0xf4, + 0xfd, 0x44, 0x52, 0xe2, 0xd7, 0x4d, 0xd3, 0x64, 0xf2, 0xe2, 0x1e, + 0x71, 0xf5, 0x4b, 0xff, 0x5c, 0xae, 0x82, 0xab, 0x9c, 0x9d, 0xf6, + 0x9e, 0xe8, 0x6d, 0x2b, 0xc5, 0x22, 0x36, 0x3a, 0x0d, 0xab, 0xc5, + 0x21, 0x97, 0x9b, 0x0d, 0xea, 0xda, 0x1d, 0xbf, 0x9a, 0x42, 0xd5, + 0xc4, 0x48, 0x4e, 0x0a, 0xbc, 0xd0, 0x6b, 0xfa, 0x53, 0xdd, 0xef, + 0x3c, 0x1b, 0x20, 0xee, 0x3f, 0xd5, 0x9d, 0x7c, 0x25, 0xe4, 0x1d, + 0x2b, 0x66, 0x9e, 0x1e, 0xf1, 0x6e, 0x6f, 0x52, 0xc3, 0x16, 0x4d, + 0xf4, 0xfb, 0x79, 0x30, 0xe9, 0xe4, 0xe5, 0x88, 0x57, 0xb6, 0xac, + 0x7d, 0x5f, 0x42, 0xd6, 0x9f, 0x6d, 0x18, 0x77, 0x63, 0xcf, 0x1d, + 0x55, 0x03, 0x40, 0x04, 0x87, 0xf5, 0x5b, 0xa5, 0x7e, 0x31, 0xcc, + 0x7a, 0x71, 0x35, 0xc8, 0x86, 0xef, 0xb4, 0x31, 0x8a, 0xed, 0x6a, + 0x1e, 0x01, 0x2d, 0x9e, 0x68, 0x32, 0xa9, 0x07, 0x60, 0x0a, 0x91, + 0x81, 0x30, 0xc4, 0x6d, 0xc7, 0x78, 0xf9, 0x71, 0xad, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xa3, 0x33, 0xcb, 0x8b, 0x7a, 0x1a, 0x1d, 0xb9, + 0x3d, 0x71, 0x40, 0x00, 0x3c, 0x2a, 0x4e, 0xce, 0xa9, 0xf9, 0x8d, + 0x0a, 0xcc, 0x0a, 0x82, 0x91, 0xcd, 0xce, 0xc9, 0x7d, 0xcf, 0x8e, + 0xc9, 0xb5, 0x5a, 0x7f, 0x88, 0xa4, 0x6b, 0x4d, 0xb5, 0xa8, 0x51, + 0xf4, 0x41, 0x82, 0xe1, 0xc6, 0x8a, 0x00, 0x7e +}; + +/** FFDHE non-Euler length */ +#define FFDHE_PAD_LEN ( 8 /* high */ + 4 /* lsb32 */ + 8 /* low */ ) + +/** An FFDHE prime modulus */ +#define ffdhe_modulus_t( len ) \ + struct { \ + uint64_t high; \ + uint8_t euler[ len - FFDHE_PAD_LEN ]; \ + uint32_t lsb32; \ + uint64_t low; \ + } __attribute__ (( packed )) + +/** Maximum length of big integer values */ +#define FFDHE_LEN ( sizeof ( euler ) + FFDHE_PAD_LEN ) + +/** Maximum number of elements in big integer values */ +#define FFDHE_SIZE bigint_required_size ( FFDHE_LEN ) + +/** Maximally sized big integer */ +typedef bigint_t ( FFDHE_SIZE ) ffdhe_t; + +/** Temporary storage */ +static struct { + /** Prime modulus */ + ffdhe_t modulus; + /** Base */ + ffdhe_t base; + /** Result */ + ffdhe_t result; + /** Temporary working space */ + union { + uint8_t mod_exp[ bigint_mod_exp_tmp_len ( (ffdhe_t *) NULL ) ]; + uint8_t raw[FFDHE_LEN]; + } tmp; +} ffdhe_temp; + +/** + * Calculate FFDHE result + * + * @v group FFDHE group + * @v public Base public value, or NULL to use generator + * @v private Private exponent + * @v shared Shared result to fill in + * @ret rc Return status code + */ +int ffdhe ( struct ffdhe_group *group, const void *public, const void *private, + void *shared ) { + unsigned int expsize = group->expsize; + unsigned int size = group->size; + size_t explen = group->explen; + size_t len = group->len; + ffdhe_modulus_t ( len ) *tmp = ( ( void * ) &ffdhe_temp.tmp ); + bigint_t ( size ) *modulus = ( ( void * ) &ffdhe_temp.modulus ); + bigint_t ( size ) *base = ( ( void * ) &ffdhe_temp.base ); + bigint_t ( size ) *result = ( ( void * ) &ffdhe_temp.result ); + bigint_t ( expsize ) exponent; + static const uint8_t two[1] = { 2 }; + + /* Construct modulus */ + assert ( sizeof ( *tmp ) == len ); + memset ( tmp, 0xff, sizeof ( *tmp ) ); + memcpy ( tmp->euler, euler, sizeof ( tmp->euler ) ); + tmp->lsb32 = group->lsb32; + bigint_init ( modulus, tmp, len ); + DBGC ( group, "FFDHE %s mod: %s\n", + group->name, bigint_ntoa ( modulus ) ); + + /* Construct base */ + if ( public ) { + bigint_init ( base, public, len ); + } else { + bigint_init ( base, two, sizeof ( two ) ); + } + DBGC ( group, "FFDHE %s %s: %s\n", group->name, + ( public ? "pub" : "gen" ), bigint_ntoa ( base ) ); + + /* Construct exponent */ + bigint_init ( &exponent, private, explen ); + DBGC ( group, "FFDHE %s exp: %s\n", + group->name, bigint_ntoa ( &exponent ) ); + + /* Calculate result */ + bigint_mod_exp ( base, modulus, &exponent, result, &ffdhe_temp.tmp ); + DBGC ( group, "FFDHE %s %s: %s\n", group->name, + ( public ? "shr" : "pub" ), bigint_ntoa ( result ) ); + bigint_done ( result, shared, len ); + + /* Validate result */ + bigint_init ( base, two, sizeof ( two ) ); + if ( ! bigint_is_geq ( result, base ) ) { + /* Result is 0 or 1 */ + DBGC ( group, "FFDHE %s invalid result\n", group->name ); + return -EPERM; + } + bigint_add ( base, result ); + if ( ! bigint_is_geq ( modulus, result ) ) { + /* Result is p-1 */ + DBGC ( group, "FFDHE %s invalid result\n", group->name ); + return -EPERM; + } + + return 0; +} + +/* Supported groups */ +FFDHE_GROUP ( ffdhe2048, ffdhe2048_algorithm, 2048, 225, 0x61285c97 ); +FFDHE_GROUP ( ffdhe3072, ffdhe3072_algorithm, 3072, 275, 0x66c62e37 ); +FFDHE_GROUP ( ffdhe4096, ffdhe4096_algorithm, 4096, 325, 0x5e655f6a ); diff --git a/src/include/ipxe/bigint.h b/src/include/ipxe/bigint.h index 9c31f4540..790be4c1c 100644 --- a/src/include/ipxe/bigint.h +++ b/src/include/ipxe/bigint.h @@ -358,11 +358,8 @@ FILE_SECBOOT ( PERMITTED ); * @v modulus Big integer modulus * @ret len Length of temporary working space */ -#define bigint_mod_exp_tmp_len( modulus ) ( { \ - unsigned int size = bigint_size (modulus); \ - sizeof ( struct { \ - bigint_t ( size ) temp[4]; \ - } ); } ) +#define bigint_mod_exp_tmp_len( modulus ) \ + sizeof ( struct { typeof ( *(modulus) ) temp[4]; } ) #include diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h index 048cbe6c6..1398346e0 100644 --- a/src/include/ipxe/errfile.h +++ b/src/include/ipxe/errfile.h @@ -450,6 +450,7 @@ FILE_SECBOOT ( PERMITTED ); #define ERRFILE_ecdhe ( ERRFILE_OTHER | 0x00680000 ) #define ERRFILE_ecdsa ( ERRFILE_OTHER | 0x00690000 ) #define ERRFILE_crypto_null ( ERRFILE_OTHER | 0x006a0000 ) +#define ERRFILE_ffdhe ( ERRFILE_OTHER | 0x006b0000 ) /** @} */ diff --git a/src/include/ipxe/ffdhe.h b/src/include/ipxe/ffdhe.h new file mode 100644 index 000000000..6f6d9e878 --- /dev/null +++ b/src/include/ipxe/ffdhe.h @@ -0,0 +1,70 @@ +#ifndef _IPXE_FFDHE_H +#define _IPXE_FFDHE_H + +/** @file + * + * Finite Field Diffie-Hellman Ephemeral key exchange + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); + +#include +#include +#include +#include + +/** A finite field DHE group */ +struct ffdhe_group { + /** Group name */ + const char *name; + /** Length of raw scalar values */ + size_t len; + /** Number of elements in scalar values */ + unsigned int size; + /** Length of (short) exponents */ + size_t explen; + /** Number of elements in exponent values */ + unsigned int expsize; + /** Least significant interesting bits of modulus (big-endian) */ + uint32_t lsb32; +}; + +extern int ffdhe ( struct ffdhe_group *group, const void *public, + const void *private, void *shared ); + +/** Define a finite field DHE group */ +#define FFDHE_GROUP( _name, _exchange, _bits, _expbits, _lsb ) \ + static struct ffdhe_group _name ## _group = { \ + .name = #_name, \ + .len = ( _bits / 8 ), \ + .size = bigint_required_size ( _bits / 8 ), \ + .explen = ( ( _expbits + 7 ) / 8 ), \ + .expsize = bigint_required_size ( ( _expbits + 7 ) / 8 ), \ + .lsb32 = cpu_to_be32 ( _lsb ), \ + }; \ + static void _name ## _public ( const void *private, \ + void *public ) { \ + ffdhe ( &_name ## _group, NULL, private, public ); \ + } \ + static int _name ## _shared ( const void *private, \ + const void *partner, \ + void *shared ) { \ + return ffdhe ( &_name ## _group, partner, private, \ + shared ); \ + } \ + struct exchange_algorithm _exchange = { \ + .name = #_name, \ + .privsize = ( ( _expbits + 7 ) / 8 ), \ + .pubsize = ( _bits / 8 ), \ + .sharedsize = ( _bits / 8 ), \ + .public = _name ## _public, \ + .shared = _name ## _shared, \ + } + +extern struct exchange_algorithm ffdhe2048_algorithm; +extern struct exchange_algorithm ffdhe3072_algorithm; +extern struct exchange_algorithm ffdhe4096_algorithm; + +#endif /* _IPXE_FFDHE_H */ diff --git a/src/tests/ffdhe_test.c b/src/tests/ffdhe_test.c new file mode 100644 index 000000000..9b6fea281 --- /dev/null +++ b/src/tests/ffdhe_test.c @@ -0,0 +1,611 @@ +/* + * Copyright (C) 2025 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +/** @file + * + * Finite Field Diffie-Hellman Ephemeral key exchange self-tests + * + * Test vectors were generated using openssl. + * + */ + +/* Forcibly enable assertions */ +#undef NDEBUG + +#include +#include +#include "exchange_test.h" + +/* FFDHE2048, randomly generated keys */ +EXCHANGE_TEST ( ffdhe2048_random, &ffdhe2048_algorithm, + PRIVATE ( 0x00, 0xd6, 0xe1, 0xe7, 0x2a, 0x2e, 0xfc, 0x68, 0xbb, 0xee, + 0xa0, 0x10, 0xdf, 0x04, 0x98, 0xfd, 0xd5, 0xeb, 0x8f, 0x7e, + 0x07, 0x35, 0x5f, 0x61, 0x9f, 0xc2, 0x75, 0xa6, 0xd0 ), + PARTNER ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52, + 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02, + 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17, + 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6, + 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55, + 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e, + 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64, + 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d, + 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1, + 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2, + 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f, + 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4, + 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d, + 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22, + 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4, + 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8, + 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a, + 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82, + 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56, + 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b, + 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28, + 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1, + 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c, + 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50, + 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1, + 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ), + PUBLIC ( 0x9e, 0x03, 0x99, 0x2b, 0xb0, 0x68, 0xa2, 0x42, 0xb8, 0xbf, + 0x1b, 0x3f, 0x6b, 0xca, 0x80, 0x57, 0x00, 0x52, 0x26, 0x41, + 0xab, 0x37, 0x2e, 0xaa, 0xfb, 0xc7, 0x6e, 0xe3, 0x3a, 0x05, + 0x11, 0x38, 0x98, 0x3d, 0x9c, 0xe2, 0x0c, 0xe5, 0x0b, 0x98, + 0x12, 0xd0, 0x34, 0x27, 0x64, 0x46, 0x61, 0x43, 0x5f, 0x0b, + 0x81, 0x80, 0x13, 0x95, 0x07, 0x13, 0x56, 0x47, 0xce, 0x98, + 0xa3, 0x08, 0xc7, 0x99, 0xb5, 0x7c, 0x2e, 0xee, 0x54, 0x0c, + 0x0e, 0x0b, 0x3e, 0xee, 0x99, 0x0f, 0x20, 0xe0, 0x4a, 0x63, + 0xf3, 0xaf, 0x1d, 0x4f, 0x26, 0x84, 0xbe, 0xb3, 0x51, 0x42, + 0x81, 0x12, 0x51, 0x84, 0x71, 0xff, 0x93, 0x75, 0x4e, 0x73, + 0x11, 0xbb, 0xc1, 0x95, 0x54, 0x6d, 0x42, 0x5f, 0x5e, 0xba, + 0xf9, 0xc6, 0xa0, 0x64, 0xcf, 0x91, 0x80, 0x6b, 0x1b, 0x0a, + 0x15, 0x8b, 0x0b, 0xf6, 0x48, 0x33, 0xc2, 0xe7, 0x39, 0xfb, + 0x45, 0xee, 0x8e, 0x31, 0xad, 0x65, 0xe5, 0x13, 0xfb, 0xd6, + 0xc6, 0x51, 0x9f, 0x8d, 0x79, 0x6a, 0xad, 0xbc, 0x2e, 0xb3, + 0xe5, 0xc8, 0xdf, 0xfb, 0xb8, 0x20, 0x66, 0x4a, 0x15, 0xc8, + 0x19, 0x93, 0xb6, 0x1c, 0x50, 0x2f, 0x41, 0x30, 0x5e, 0x12, + 0x45, 0x8a, 0x6c, 0x0c, 0x41, 0xf5, 0x35, 0x85, 0x53, 0x0e, + 0x48, 0x3d, 0xae, 0x11, 0xbc, 0x71, 0x05, 0x92, 0x99, 0xbc, + 0xc3, 0x2f, 0x6f, 0x1b, 0x67, 0x72, 0x35, 0xfd, 0xde, 0x47, + 0x5c, 0x99, 0x5c, 0xf0, 0x3a, 0x54, 0xd2, 0x7b, 0x81, 0x45, + 0x7b, 0x06, 0xdd, 0x69, 0xb7, 0xf9, 0x9d, 0x7d, 0x70, 0xa4, + 0x7d, 0x52, 0x0a, 0x55, 0x30, 0xda, 0xd1, 0x79, 0xc1, 0x78, + 0x5e, 0xed, 0xc7, 0x25, 0xe2, 0xc1, 0x7c, 0x8f, 0x80, 0x7a, + 0x84, 0xe5, 0x46, 0xc6, 0x1e, 0xef, 0xb2, 0x0a, 0x88, 0xdf, + 0xa9, 0x76, 0xbe, 0x9f, 0x0e, 0x79 ), + SHARED ( 0xc8, 0x10, 0x83, 0xa1, 0xc1, 0x21, 0xbe, 0x34, 0x90, 0xdd, + 0x90, 0x18, 0x74, 0x71, 0xb2, 0x6d, 0x6f, 0x07, 0x82, 0xe4, + 0xe2, 0x0f, 0x60, 0x47, 0x3b, 0x29, 0x1a, 0x24, 0x20, 0x9e, + 0xd8, 0x2f, 0xfe, 0xbe, 0x68, 0x74, 0x38, 0x15, 0xf7, 0x2b, + 0x65, 0xdb, 0xd8, 0x52, 0x55, 0x20, 0xf6, 0x64, 0x04, 0xf1, + 0x46, 0x74, 0x26, 0x9a, 0x88, 0x85, 0xf9, 0x14, 0x9f, 0xcb, + 0xc6, 0x56, 0x40, 0x6a, 0xbb, 0xed, 0xd3, 0x01, 0xd4, 0x9e, + 0xb1, 0xa8, 0x1c, 0xf9, 0x22, 0x1c, 0xd1, 0x79, 0x09, 0x58, + 0x1e, 0xfe, 0xac, 0xc0, 0xa9, 0x4b, 0xea, 0x81, 0xf2, 0xc3, + 0xf2, 0x64, 0x92, 0xfd, 0x14, 0x7b, 0x7e, 0xd0, 0x36, 0x67, + 0x60, 0x53, 0x1c, 0xfb, 0x62, 0x7c, 0x6e, 0xfd, 0x0a, 0x83, + 0xa9, 0xe4, 0xb9, 0xe5, 0xc0, 0x22, 0xa5, 0xc4, 0xe0, 0xcc, + 0xd4, 0xda, 0x76, 0x0e, 0xdc, 0x8e, 0x59, 0x39, 0x19, 0xa4, + 0x47, 0xce, 0x46, 0x10, 0x15, 0x42, 0x39, 0xc1, 0x34, 0xa2, + 0x76, 0xb0, 0x5f, 0x86, 0xee, 0xa6, 0xf8, 0x0e, 0x1e, 0x49, + 0x4a, 0x71, 0xa2, 0x20, 0xb8, 0x56, 0x52, 0x18, 0x18, 0x5a, + 0xd3, 0xa9, 0xaf, 0xbf, 0x40, 0x02, 0x6a, 0x1e, 0x4c, 0xb2, + 0xe4, 0x5f, 0xee, 0x05, 0x7a, 0x10, 0x2a, 0xb2, 0x99, 0x9f, + 0x22, 0xb4, 0xa2, 0xfa, 0x5e, 0xd1, 0xf7, 0x93, 0x0f, 0x0c, + 0x04, 0x30, 0x01, 0xf6, 0xc4, 0x32, 0x64, 0xe6, 0x1a, 0x7e, + 0xc4, 0x83, 0xf2, 0x43, 0x86, 0xf0, 0x3d, 0xcd, 0x7a, 0x17, + 0xbf, 0xed, 0xff, 0xb8, 0x09, 0xaf, 0x6f, 0x0f, 0xc7, 0x71, + 0x4c, 0x8b, 0xc6, 0x1d, 0xb4, 0xaa, 0x40, 0xb9, 0x3f, 0x74, + 0x06, 0x86, 0xe5, 0x84, 0x41, 0x5c, 0x98, 0x1f, 0x06, 0xc5, + 0xe3, 0xee, 0x0b, 0xa6, 0x8b, 0x43, 0x65, 0x64, 0x47, 0xc5, + 0x72, 0xef, 0x89, 0xb8, 0xdc, 0x6a ) ); + +/* FFDHE3072, randomly generated keys */ +EXCHANGE_TEST ( ffdhe3072_random, &ffdhe3072_algorithm, + PRIVATE ( 0x04, 0x4a, 0x8b, 0xe6, 0x30, 0x2c, 0xfd, 0x0e, 0xf4, 0x63, + 0xe7, 0x5e, 0x1c, 0x18, 0x61, 0x4b, 0x2c, 0x55, 0x68, 0xfb, + 0x87, 0x80, 0x15, 0xbc, 0x18, 0x5b, 0x3a, 0x7b, 0x54, 0xe5, + 0x85, 0xd8, 0xdd, 0x1f, 0xdc ), + PARTNER ( 0xc4, 0x41, 0x0e, 0x17, 0x21, 0xc7, 0x3c, 0x07, 0x7c, 0x34, + 0x5e, 0x37, 0xa7, 0x2f, 0x33, 0x4f, 0x49, 0xb3, 0xfb, 0x50, + 0x20, 0x80, 0x71, 0x0f, 0x1a, 0x02, 0x1f, 0xc4, 0xc8, 0xe7, + 0xe5, 0x6d, 0x10, 0x84, 0xf7, 0x93, 0x6a, 0x1b, 0x8b, 0x08, + 0x8b, 0x3d, 0x73, 0xc8, 0x07, 0x2f, 0xae, 0x80, 0xe1, 0xac, + 0x11, 0x62, 0x42, 0x44, 0xde, 0xe9, 0xa9, 0x84, 0xc9, 0x7e, + 0xe5, 0x3d, 0x9c, 0x20, 0xfd, 0x7f, 0x99, 0xea, 0xa8, 0x94, + 0x47, 0xda, 0xb2, 0x03, 0xc0, 0xd5, 0x34, 0x53, 0xa0, 0xef, + 0xba, 0xdf, 0x6b, 0xbe, 0x28, 0x27, 0x88, 0x14, 0x92, 0xd3, + 0xc6, 0xbf, 0xf3, 0x1a, 0x02, 0x98, 0xf8, 0x2c, 0x94, 0xa7, + 0x1e, 0x0d, 0x0e, 0x15, 0x8e, 0x2b, 0x9b, 0x45, 0x5e, 0x44, + 0x09, 0x82, 0x41, 0xdd, 0xd5, 0x03, 0x82, 0x4a, 0xbc, 0x2b, + 0xa2, 0x24, 0x8f, 0xcf, 0x1c, 0xd4, 0x78, 0x49, 0x66, 0x48, + 0x89, 0x81, 0x55, 0x34, 0xee, 0x41, 0xf6, 0x0f, 0x7e, 0x48, + 0x6b, 0x05, 0xd0, 0x84, 0xc1, 0xb6, 0xd2, 0xe2, 0xed, 0xdd, + 0x3d, 0x87, 0x96, 0x59, 0xd7, 0xb6, 0xca, 0x5c, 0xed, 0x8e, + 0x33, 0xe9, 0x8e, 0x47, 0xa5, 0xab, 0xcd, 0xe9, 0xec, 0x05, + 0xae, 0x2e, 0xa3, 0xcb, 0xe5, 0xb4, 0xfb, 0xb8, 0xde, 0xfb, + 0x7e, 0xc3, 0xfe, 0x50, 0x27, 0xb6, 0xec, 0x3d, 0x7b, 0xc4, + 0xbd, 0xf4, 0x19, 0xed, 0x1e, 0xc6, 0x4a, 0x33, 0xc7, 0x29, + 0x3f, 0x83, 0x1a, 0xc8, 0x52, 0x00, 0x65, 0x43, 0x04, 0xa4, + 0xdc, 0x78, 0x22, 0x90, 0xdd, 0x29, 0x50, 0x54, 0x12, 0xd7, + 0x3a, 0xcc, 0x66, 0x02, 0xbb, 0xfd, 0xac, 0xde, 0xf8, 0x67, + 0x55, 0x6d, 0xb7, 0xb2, 0x12, 0x1f, 0x54, 0x72, 0xfb, 0x92, + 0x16, 0x8b, 0x28, 0x1c, 0x48, 0x59, 0x36, 0x39, 0x8a, 0x21, + 0x76, 0x71, 0xdc, 0x86, 0x94, 0x64, 0xf6, 0x15, 0xd0, 0xe6, + 0xf3, 0x7e, 0x2e, 0xfc, 0x78, 0x8a, 0x48, 0x02, 0xce, 0xeb, + 0xe0, 0x5a, 0xd0, 0x8b, 0x1d, 0x89, 0xcf, 0x6f, 0xf1, 0xb9, + 0xd8, 0x67, 0x80, 0xd8, 0xb8, 0x4f, 0xdc, 0x9c, 0xcb, 0xfe, + 0xe9, 0xc6, 0x12, 0x23, 0xb2, 0x80, 0x70, 0x19, 0xd9, 0x0f, + 0x50, 0x13, 0x00, 0x14, 0x7a, 0x6b, 0x75, 0x51, 0xf9, 0x93, + 0xcc, 0x87, 0x1b, 0xdd, 0x2e, 0x8e, 0x20, 0x9f, 0x69, 0xab, + 0xc2, 0x7f, 0x13, 0x93, 0x26, 0x1e, 0x37, 0x9e, 0x82, 0x1b, + 0x54, 0xf0, 0x38, 0x96, 0x09, 0x6a, 0x4d, 0x1b, 0x1b, 0x42, + 0xe7, 0x4e, 0x78, 0x9e, 0xa6, 0x23, 0x1e, 0xce, 0x55, 0xca, + 0xd9, 0xb5, 0x19, 0xc6, 0x1e, 0x15, 0xcf, 0xb5, 0x2f, 0x79, + 0xd7, 0xf9, 0x18, 0xf6, 0x7d, 0xcf, 0x02, 0x3d, 0x30, 0xc0, + 0xed, 0xaa, 0xb6, 0xf4, 0x5e, 0x59, 0xea, 0x52, 0xf8, 0x37, + 0xae, 0xe5, 0xa6, 0x38 ), + PUBLIC ( 0x8b, 0x1a, 0xab, 0x89, 0x32, 0xcc, 0x56, 0x58, 0x1c, 0x9b, + 0x66, 0x90, 0x41, 0xf5, 0xd1, 0xba, 0x57, 0x65, 0x5f, 0xa5, + 0x44, 0x7f, 0x6e, 0xa2, 0xcc, 0xef, 0x02, 0x5c, 0xa6, 0xf0, + 0xb2, 0x60, 0x1d, 0x74, 0xa7, 0xd0, 0xe7, 0x17, 0x5b, 0x19, + 0x76, 0xa2, 0x72, 0xc5, 0x52, 0x8d, 0xb8, 0x0f, 0x77, 0x0d, + 0x01, 0xa4, 0xa4, 0xee, 0x54, 0xe4, 0x27, 0xc8, 0xd3, 0xc3, + 0x2a, 0xa7, 0x72, 0xc2, 0x94, 0x0a, 0xc4, 0x6f, 0xbf, 0x11, + 0x47, 0x10, 0xca, 0x39, 0xe5, 0x68, 0xa4, 0xc4, 0xfe, 0x99, + 0x99, 0x98, 0x11, 0xd1, 0xbb, 0xe0, 0xa4, 0xd7, 0x86, 0x1d, + 0x3a, 0xd6, 0xba, 0x66, 0x3e, 0xc7, 0x9a, 0xeb, 0x74, 0xd7, + 0x5b, 0xbe, 0x86, 0x7a, 0x04, 0x09, 0x83, 0xf6, 0x30, 0xb5, + 0xc3, 0xe8, 0x20, 0x8d, 0x8b, 0xf8, 0xf1, 0x5a, 0xd3, 0xe8, + 0x64, 0xbe, 0xf4, 0xed, 0x11, 0xb2, 0xdd, 0xd4, 0x03, 0x98, + 0x77, 0xca, 0x57, 0x58, 0xff, 0x4f, 0x47, 0x31, 0xb5, 0x8d, + 0xc8, 0x8a, 0xd2, 0x5a, 0xb7, 0x5b, 0xf3, 0xeb, 0xc6, 0x1d, + 0x25, 0x22, 0x5a, 0x43, 0x8f, 0xf7, 0x1c, 0x19, 0xa8, 0x5c, + 0xc9, 0x68, 0x00, 0x33, 0x61, 0xe9, 0x12, 0x81, 0xee, 0x65, + 0x56, 0x0c, 0x74, 0x39, 0xd8, 0x3d, 0x5c, 0x32, 0x96, 0x1f, + 0x75, 0xb2, 0x29, 0xf9, 0xc6, 0x70, 0xf7, 0x58, 0x34, 0x60, + 0xaf, 0x95, 0x76, 0xfc, 0xdf, 0xe2, 0xe4, 0xe4, 0x71, 0x85, + 0xe5, 0xb2, 0x92, 0xa5, 0x48, 0x3a, 0xf3, 0xba, 0x2d, 0x67, + 0x25, 0xc9, 0x30, 0xbf, 0xf8, 0x32, 0x37, 0x08, 0x9f, 0x4b, + 0x46, 0xc8, 0x91, 0x66, 0xc4, 0xe9, 0x69, 0x01, 0x05, 0xe6, + 0xa6, 0x96, 0x10, 0x32, 0x9b, 0xf8, 0x87, 0x1a, 0x56, 0x3e, + 0x65, 0x54, 0x51, 0x0d, 0x54, 0xf3, 0x99, 0x19, 0x6a, 0x9b, + 0x0e, 0xe5, 0xf9, 0xc7, 0x1a, 0xeb, 0xaf, 0x06, 0x00, 0xa0, + 0xfe, 0xc4, 0x8f, 0xb6, 0xea, 0x31, 0xd4, 0xd7, 0xcb, 0x4b, + 0x4b, 0x9d, 0xd0, 0xf6, 0xbc, 0x52, 0xbc, 0xda, 0xb9, 0xcc, + 0xde, 0xc2, 0x0b, 0x28, 0x8f, 0x09, 0x59, 0x96, 0x48, 0x28, + 0xd5, 0xae, 0xc8, 0x39, 0x32, 0xdc, 0xcc, 0xb9, 0x47, 0x12, + 0xe5, 0xf2, 0xef, 0xfc, 0x62, 0xe5, 0xc3, 0xaa, 0xd7, 0xc3, + 0x97, 0x97, 0xf5, 0x99, 0x4e, 0xe2, 0xf0, 0xf1, 0x17, 0x4e, + 0x62, 0x88, 0xd5, 0xb3, 0x8f, 0x93, 0xd4, 0xda, 0x5c, 0xa9, + 0xfc, 0xc9, 0x00, 0x13, 0xf7, 0xaf, 0x6d, 0xf0, 0x87, 0x96, + 0x27, 0x9b, 0xee, 0x74, 0x59, 0xf9, 0x68, 0x28, 0x45, 0x56, + 0x29, 0x81, 0xc8, 0xf4, 0x99, 0x25, 0x5c, 0x42, 0x86, 0xd1, + 0x27, 0x1a, 0xd6, 0xc5, 0x15, 0x8c, 0x6b, 0xd9, 0xde, 0x9f, + 0xc1, 0x60, 0xcd, 0xe0, 0xa8, 0x33, 0x5a, 0x1d, 0x28, 0x23, + 0xfc, 0xfb, 0xdb, 0x2f ), + SHARED ( 0x3c, 0xe4, 0x44, 0xab, 0x5a, 0xd5, 0x32, 0x0a, 0x70, 0x80, + 0x70, 0x3d, 0x3b, 0xfd, 0xdc, 0xd4, 0xf7, 0x9d, 0x1c, 0x87, + 0x22, 0x8f, 0x39, 0x39, 0xcd, 0x8e, 0xa2, 0x9c, 0x14, 0x28, + 0x9f, 0xfa, 0xaf, 0x92, 0xd6, 0x7c, 0x62, 0xf3, 0x75, 0x7b, + 0x94, 0x3c, 0xe4, 0xf7, 0x70, 0xbd, 0x82, 0xf7, 0x9b, 0xe5, + 0xb0, 0xb9, 0xb5, 0x4c, 0xd8, 0x0e, 0xa1, 0xf7, 0x8a, 0x92, + 0xa5, 0x4a, 0x51, 0x79, 0x86, 0x31, 0x19, 0x53, 0xa0, 0x5a, + 0x3d, 0xac, 0x90, 0xcc, 0xdd, 0x4e, 0x68, 0xb2, 0x04, 0x1a, + 0xe1, 0xcf, 0x67, 0x5f, 0x52, 0xe0, 0x52, 0xe4, 0x30, 0x40, + 0x6f, 0x8f, 0x9f, 0x96, 0x29, 0x8c, 0x0d, 0x61, 0x50, 0x92, + 0x36, 0xf4, 0x13, 0xa6, 0xe5, 0x99, 0x62, 0x49, 0xcb, 0xcd, + 0x58, 0x05, 0x9c, 0x95, 0xe2, 0xee, 0xa1, 0x51, 0x0e, 0x12, + 0xe7, 0x37, 0xdc, 0x66, 0x73, 0xad, 0x4b, 0x25, 0xa5, 0x79, + 0xf8, 0x2e, 0x12, 0x67, 0x54, 0x0a, 0x6a, 0xa4, 0x77, 0xfa, + 0x4e, 0x07, 0xbb, 0xbe, 0x1e, 0xf4, 0x74, 0xeb, 0x15, 0xbd, + 0x06, 0x92, 0x45, 0xef, 0x73, 0x12, 0xc9, 0x75, 0xa7, 0x05, + 0x5c, 0x1e, 0x1d, 0x0b, 0xb1, 0xec, 0xd0, 0xe4, 0x7d, 0x4a, + 0x2c, 0x38, 0x93, 0xf9, 0xec, 0xeb, 0x68, 0xfa, 0xa1, 0x0e, + 0x69, 0x5f, 0xc4, 0xa6, 0x45, 0xb7, 0xb2, 0xf8, 0xc0, 0x3c, + 0x5f, 0xe1, 0x57, 0x0a, 0xc2, 0x5b, 0xe1, 0x30, 0x3c, 0x2e, + 0x3f, 0xd0, 0x0d, 0x95, 0x07, 0xbe, 0xf8, 0x41, 0x6f, 0x89, + 0xdf, 0x6b, 0xf4, 0x47, 0xec, 0x69, 0x81, 0x48, 0xc6, 0xb7, + 0xa9, 0x5b, 0x0d, 0xd3, 0x37, 0xd9, 0x8b, 0x2a, 0x74, 0xeb, + 0x5c, 0x5f, 0x18, 0xbf, 0xa2, 0x58, 0x3f, 0xb1, 0x9f, 0xc4, + 0x05, 0x8b, 0xfd, 0xd3, 0xa1, 0xba, 0x07, 0x6b, 0xcd, 0xa4, + 0x26, 0x14, 0x1a, 0x80, 0x64, 0x32, 0x7e, 0xb7, 0xb4, 0xe0, + 0x39, 0xb3, 0x1c, 0x92, 0xb9, 0x40, 0x60, 0x28, 0x16, 0x0e, + 0xfa, 0x44, 0xa7, 0x5f, 0x6c, 0xa1, 0xd6, 0x74, 0x89, 0x4b, + 0x68, 0xef, 0xe3, 0x58, 0x8c, 0x92, 0x79, 0x49, 0x41, 0x4c, + 0xc6, 0xfd, 0xbe, 0x52, 0xb4, 0xbb, 0x5f, 0x24, 0x7c, 0x28, + 0xfb, 0x2e, 0x7a, 0x40, 0xda, 0x99, 0x4b, 0xe3, 0xc0, 0x7a, + 0x52, 0x65, 0xdc, 0x19, 0xb3, 0x10, 0xbb, 0xa4, 0xba, 0x3c, + 0xb4, 0x7f, 0xd5, 0x71, 0x40, 0x11, 0x69, 0x95, 0x1a, 0xee, + 0xf8, 0x7c, 0x99, 0x7d, 0x8d, 0x0c, 0x0a, 0x49, 0x94, 0x57, + 0x52, 0x14, 0x54, 0x77, 0xc4, 0xfd, 0x05, 0x57, 0x0a, 0x15, + 0x68, 0x84, 0x22, 0x14, 0xdc, 0x1a, 0x37, 0x42, 0x7a, 0x9f, + 0x7a, 0x46, 0xc1, 0x38, 0xba, 0x93, 0x98, 0x9d, 0xcc, 0x59, + 0xd6, 0x51, 0xb7, 0x98, 0x36, 0xb7, 0xbb, 0x8b, 0x50, 0xfc, + 0x1a, 0xc2, 0x1a, 0x5e ) ); + +/* FFDHE4096, randomly generated keys */ +EXCHANGE_TEST ( ffdhe4096_random, &ffdhe4096_algorithm, + PRIVATE ( 0x06, 0xd6, 0x8e, 0x42, 0x2a, 0x6e, 0xe1, 0xdc, 0x04, 0x7e, + 0x5d, 0x89, 0x3a, 0x6d, 0xb3, 0xc8, 0x03, 0xa0, 0x80, 0xa6, + 0xf3, 0x3d, 0x05, 0x3c, 0xf4, 0xd5, 0x8e, 0x69, 0x09, 0x78, + 0xef, 0xb1, 0xe5, 0x61, 0xf2, 0xa1, 0x1a, 0x9f, 0x33, 0xb1, + 0x70 ), + PARTNER ( 0x1f, 0x7d, 0x7d, 0x55, 0x84, 0x47, 0xe9, 0x37, 0x45, 0x6d, + 0x67, 0x77, 0x14, 0xe7, 0x67, 0x48, 0x69, 0x8b, 0x7c, 0x1c, + 0xd3, 0x5e, 0x7b, 0x24, 0xc8, 0x7c, 0xf6, 0x6c, 0x92, 0xc2, + 0x99, 0xca, 0x21, 0x2b, 0x67, 0x7e, 0x01, 0x53, 0xb9, 0x98, + 0x10, 0x06, 0xc7, 0x01, 0xbe, 0x3e, 0x16, 0xdc, 0x4d, 0xeb, + 0x4c, 0x3f, 0x2a, 0xca, 0x81, 0x35, 0x95, 0xde, 0x2a, 0xcd, + 0x52, 0xa0, 0xc1, 0x16, 0x97, 0x75, 0x97, 0xe0, 0x31, 0x57, + 0xc0, 0xdb, 0x62, 0xcc, 0xa8, 0x9b, 0xe5, 0x90, 0xa1, 0x96, + 0x0e, 0x96, 0x06, 0x7a, 0x03, 0x5f, 0x60, 0x0e, 0xc4, 0xa6, + 0xcf, 0xde, 0xfc, 0x32, 0xe5, 0x7f, 0x4a, 0xa5, 0xf1, 0x7c, + 0xa3, 0xc4, 0xfd, 0xd2, 0xed, 0xd8, 0x2f, 0xc8, 0x9a, 0x8c, + 0xa3, 0x1c, 0x77, 0x71, 0x61, 0xae, 0x89, 0x04, 0xea, 0xe1, + 0x00, 0xb8, 0xb5, 0x2d, 0x93, 0x81, 0xb4, 0xfb, 0x1c, 0x79, + 0x19, 0x32, 0x6b, 0xd9, 0x5e, 0xa5, 0x89, 0xf0, 0x3e, 0x57, + 0xf8, 0x61, 0x6f, 0xef, 0x8c, 0x3f, 0x51, 0x6d, 0xa1, 0xe6, + 0x7c, 0x5d, 0xe1, 0xec, 0xeb, 0xef, 0x39, 0x36, 0x92, 0x1a, + 0x7e, 0x44, 0x59, 0x8d, 0x1c, 0x0e, 0xf7, 0xc4, 0xd9, 0x6f, + 0xcc, 0x93, 0x2e, 0x14, 0x1a, 0x10, 0xd4, 0xf1, 0x32, 0xae, + 0xd3, 0x84, 0x39, 0x9d, 0x40, 0xaa, 0xde, 0xf8, 0xbd, 0x80, + 0x29, 0x20, 0x5b, 0x4b, 0x07, 0x35, 0xb1, 0xac, 0xa5, 0xa3, + 0x18, 0x72, 0xb1, 0x98, 0xf8, 0x7f, 0xb6, 0x76, 0xd3, 0x77, + 0x2e, 0xfe, 0x94, 0xe0, 0x02, 0xde, 0xb4, 0x2d, 0x25, 0xdb, + 0x75, 0x13, 0x9c, 0xd9, 0x92, 0xad, 0x63, 0xc8, 0x1b, 0x5f, + 0x2f, 0x55, 0x62, 0x84, 0x6d, 0xbf, 0x56, 0x25, 0x30, 0x9a, + 0x03, 0x1d, 0x58, 0xf9, 0x29, 0x42, 0xa0, 0x3b, 0x3d, 0xcc, + 0xa0, 0x74, 0xf3, 0x56, 0xe4, 0x61, 0xba, 0x4a, 0xb7, 0x5d, + 0xf3, 0xd2, 0x04, 0x1e, 0x69, 0x6c, 0xde, 0xd0, 0x02, 0xd4, + 0x59, 0x73, 0x97, 0x22, 0x9a, 0xf9, 0x6b, 0x50, 0x85, 0x80, + 0x28, 0xfd, 0x43, 0x8c, 0x5c, 0x9a, 0xe2, 0xa3, 0x22, 0xb3, + 0x5b, 0x53, 0x33, 0xbd, 0x5e, 0xd6, 0xa7, 0xed, 0xd7, 0xc9, + 0xd8, 0x04, 0x95, 0x86, 0x52, 0xa9, 0x3a, 0x27, 0x7f, 0x9d, + 0x29, 0xd6, 0x52, 0xa8, 0xa2, 0x3d, 0x29, 0x4f, 0x92, 0xbe, + 0x27, 0x68, 0xf9, 0x6e, 0x2b, 0x25, 0x43, 0xe8, 0x02, 0xae, + 0x9e, 0x2d, 0xfa, 0xcb, 0xe5, 0x85, 0xf2, 0x45, 0x1b, 0xd0, + 0xcf, 0xfc, 0xd5, 0x12, 0xe7, 0xac, 0x4a, 0xc7, 0x1c, 0x30, + 0x28, 0x62, 0x5e, 0xbd, 0x5e, 0x62, 0x2f, 0xc1, 0x58, 0x8b, + 0x5c, 0x26, 0x5b, 0xe3, 0x89, 0xb2, 0xfe, 0xbe, 0x90, 0xa0, + 0x1f, 0xf8, 0x26, 0x11, 0x77, 0x86, 0x03, 0x0e, 0xc6, 0xf9, + 0x30, 0xe4, 0xc9, 0xf0, 0x1a, 0xdf, 0x19, 0x9e, 0x00, 0x95, + 0xd7, 0xe2, 0x47, 0x18, 0xf1, 0x4f, 0x41, 0xdf, 0xa1, 0x41, + 0x59, 0x19, 0xfe, 0x02, 0x4a, 0x70, 0x12, 0xdc, 0x19, 0xf8, + 0xea, 0xc7, 0xb3, 0xf2, 0xc5, 0xb8, 0x1e, 0x0a, 0x11, 0x21, + 0x8f, 0xc7, 0xe9, 0x7d, 0x01, 0x87, 0x41, 0xd0, 0xe4, 0x93, + 0x11, 0x8c, 0x26, 0xfa, 0xc7, 0xc1, 0x62, 0xdb, 0x8b, 0x40, + 0xda, 0x57, 0xa5, 0xf6, 0x9d, 0x52, 0x2e, 0xdf, 0x3f, 0x57, + 0x02, 0xe4, 0x2f, 0xb1, 0xfa, 0xcf, 0x12, 0x1e, 0x41, 0xbf, + 0xfd, 0xb2, 0x16, 0xc3, 0x81, 0x37, 0xfd, 0x36, 0x43, 0x9b, + 0x7d, 0xc5, 0xd4, 0x97, 0x3f, 0xc0, 0x15, 0x1a, 0x59, 0x17, + 0x84, 0x31, 0x63, 0xbd, 0xf1, 0x9e, 0xef, 0xed, 0xb3, 0xe1, + 0x3b, 0x01, 0xd7, 0x65, 0xb0, 0x3c, 0x51, 0x67, 0xa7, 0xec, + 0xb8, 0xbc, 0x1c, 0xca, 0xc4, 0xb2, 0x38, 0x54, 0x1f, 0xf7, + 0x08, 0x63 ), + PUBLIC ( 0xac, 0xbf, 0x0b, 0xbc, 0x80, 0x25, 0x44, 0xcc, 0x5e, 0x99, + 0x4f, 0xce, 0x6b, 0xdc, 0xae, 0xa9, 0xee, 0x02, 0xd1, 0x8a, + 0xed, 0x7e, 0x70, 0x3f, 0x94, 0xec, 0xb2, 0x8a, 0x3d, 0xa2, + 0xb2, 0x16, 0x82, 0xae, 0x42, 0xf6, 0x24, 0xef, 0x7d, 0xf0, + 0xb9, 0x82, 0xa7, 0x34, 0x91, 0x7b, 0x74, 0x6f, 0x41, 0x5a, + 0xa2, 0x08, 0x44, 0x73, 0x43, 0x66, 0x3b, 0x98, 0x90, 0x00, + 0xa6, 0xf1, 0x32, 0xea, 0x19, 0xf6, 0x14, 0x7a, 0xd0, 0x85, + 0x8a, 0x81, 0xee, 0xc4, 0x80, 0xc8, 0x7c, 0x04, 0x70, 0x1c, + 0x2f, 0x2f, 0x40, 0xb9, 0x71, 0x4f, 0x5e, 0xa8, 0x59, 0xe0, + 0x0e, 0x09, 0x51, 0xa5, 0xdc, 0x72, 0xcf, 0x5d, 0x6f, 0x57, + 0x8c, 0x4f, 0x6c, 0x0c, 0xaa, 0x64, 0x11, 0xf6, 0xc3, 0x81, + 0xcb, 0x72, 0x00, 0xc8, 0x2c, 0x15, 0x2e, 0x12, 0x83, 0x95, + 0x34, 0x1c, 0x75, 0xad, 0xe2, 0xd3, 0x1a, 0x98, 0x64, 0xaf, + 0xdf, 0x37, 0x21, 0x5e, 0xf2, 0xef, 0xd2, 0x56, 0xed, 0xfa, + 0xf0, 0xa2, 0x74, 0xdc, 0xad, 0xb7, 0xd0, 0x5a, 0xed, 0x2b, + 0x66, 0xce, 0x82, 0xc2, 0x92, 0x55, 0x0c, 0xd9, 0x27, 0x07, + 0x57, 0x5f, 0xcb, 0x7b, 0xf1, 0xad, 0x16, 0x60, 0x7f, 0x0e, + 0xa5, 0xea, 0x69, 0x95, 0x03, 0x21, 0xf7, 0xc6, 0xdc, 0x74, + 0x9a, 0x99, 0x1f, 0x6a, 0x1e, 0x53, 0x67, 0x3c, 0xbb, 0x7a, + 0xa4, 0x8b, 0x47, 0x39, 0x0e, 0x43, 0xfa, 0x55, 0x3d, 0x42, + 0x11, 0x77, 0x45, 0xa5, 0x32, 0x6f, 0xe2, 0x2c, 0x2d, 0x9c, + 0x53, 0x3c, 0x6a, 0xb9, 0x22, 0xc9, 0x2c, 0xd2, 0xde, 0xbc, + 0x0f, 0x6f, 0xfb, 0x73, 0x53, 0xe6, 0x84, 0xa8, 0x5f, 0x57, + 0xf0, 0xde, 0xc7, 0xed, 0x4c, 0xd3, 0x97, 0xbc, 0xe0, 0xfd, + 0xc1, 0xb8, 0x3f, 0xe7, 0x53, 0x21, 0x43, 0xfd, 0xcd, 0x52, + 0xca, 0x88, 0x52, 0x25, 0x24, 0x69, 0xc8, 0x71, 0x82, 0x2f, + 0x4e, 0x66, 0xa4, 0x0b, 0x59, 0x10, 0x8c, 0x98, 0xce, 0xe7, + 0xb1, 0x07, 0xc4, 0xc6, 0xf8, 0x9d, 0x84, 0xf0, 0xd5, 0xa6, + 0x28, 0x8d, 0xec, 0xce, 0xc9, 0x14, 0x6a, 0xf6, 0x17, 0x81, + 0x01, 0xfb, 0xd0, 0x46, 0x85, 0x62, 0x71, 0x23, 0xc4, 0x37, + 0x0a, 0x2f, 0xb5, 0x1e, 0xb1, 0xd9, 0xa7, 0x0a, 0x6e, 0x54, + 0x9b, 0x8f, 0xbc, 0xde, 0x1d, 0x98, 0x76, 0x46, 0x2d, 0xc1, + 0xfc, 0xc5, 0x17, 0xee, 0x9e, 0xc5, 0x4a, 0x5f, 0xda, 0x90, + 0x77, 0xa0, 0xf4, 0x85, 0xe6, 0xab, 0x9c, 0x7f, 0xb5, 0x84, + 0x20, 0xc4, 0xad, 0x7f, 0x9c, 0xf2, 0x86, 0x6e, 0xdc, 0x50, + 0xf1, 0x66, 0x25, 0xca, 0x65, 0x75, 0x33, 0x18, 0x9d, 0x6e, + 0x2e, 0x1c, 0x40, 0xec, 0x7c, 0x31, 0xd9, 0x83, 0x60, 0x2f, + 0x46, 0x30, 0x28, 0x8a, 0xd1, 0xfb, 0xd3, 0x8f, 0x35, 0xf7, + 0xbc, 0x94, 0xd9, 0x34, 0x58, 0x5e, 0x34, 0x35, 0x54, 0x2d, + 0xe0, 0x51, 0x9a, 0xca, 0x55, 0x8f, 0x36, 0x05, 0x1c, 0x39, + 0xb1, 0xfc, 0x96, 0x70, 0x83, 0xb0, 0x41, 0x11, 0x38, 0x79, + 0x2b, 0x05, 0xf5, 0x88, 0xa0, 0x31, 0xf6, 0x37, 0xe0, 0xd8, + 0xfe, 0x38, 0x6e, 0x93, 0x30, 0xbe, 0x0f, 0xa7, 0x78, 0xea, + 0x34, 0xe4, 0x78, 0xab, 0xce, 0xf4, 0xe0, 0x27, 0x9a, 0x92, + 0x12, 0xd5, 0x8c, 0x6e, 0x22, 0x0e, 0xf7, 0x8d, 0x42, 0x73, + 0x1d, 0x2a, 0xd1, 0xb5, 0x02, 0xb9, 0x15, 0x03, 0x1b, 0x36, + 0xca, 0xbf, 0x3d, 0xda, 0x61, 0xc3, 0xe4, 0xa1, 0xe2, 0x8e, + 0xca, 0x40, 0xec, 0x12, 0xa6, 0x8e, 0xb4, 0x9e, 0xbd, 0xa1, + 0x14, 0x1d, 0xa8, 0x34, 0xdf, 0x06, 0x52, 0xc0, 0x81, 0x23, + 0xc8, 0x06, 0x1a, 0x28, 0x57, 0xbb, 0x17, 0xef, 0x5c, 0x4f, + 0x1a, 0x10, 0x5f, 0x99, 0x97, 0xd1, 0xe5, 0x2b, 0x3f, 0xc0, + 0xb8, 0x43 ), + SHARED ( 0xda, 0xe9, 0xbd, 0x55, 0x39, 0x5a, 0x45, 0xbf, 0x6e, 0x4c, + 0xc7, 0xde, 0xff, 0x12, 0x73, 0xf4, 0x07, 0xb6, 0xf8, 0xf9, + 0x46, 0xe2, 0x53, 0xfb, 0x0c, 0xb6, 0x19, 0x42, 0x5a, 0x70, + 0x39, 0x7c, 0xa2, 0x12, 0xca, 0x97, 0x09, 0x16, 0x7d, 0xc1, + 0xb1, 0xb6, 0x54, 0xdf, 0xa2, 0x47, 0x43, 0xd6, 0xfd, 0xb9, + 0x65, 0xc8, 0x51, 0xb7, 0x35, 0x0c, 0xae, 0xef, 0xb1, 0x51, + 0xf1, 0x9c, 0x1f, 0x02, 0x80, 0xda, 0xc4, 0x38, 0x8e, 0x8d, + 0xef, 0x52, 0x92, 0x6d, 0x52, 0x1a, 0xd0, 0xbf, 0x39, 0x96, + 0x89, 0xb3, 0xf1, 0xa2, 0x6b, 0xe3, 0xa1, 0x0f, 0xc9, 0x16, + 0xb1, 0xbc, 0xd5, 0xf2, 0x2a, 0x1b, 0x8b, 0xd2, 0xe6, 0xcc, + 0x76, 0x50, 0xf0, 0x12, 0x4d, 0x68, 0xdd, 0x4e, 0xaa, 0x4f, + 0x9b, 0xd7, 0x4a, 0x58, 0xe0, 0x26, 0x82, 0x81, 0x41, 0x52, + 0x35, 0x5c, 0xb7, 0xad, 0x3e, 0xaa, 0x3a, 0xc0, 0x0f, 0x39, + 0x48, 0xf6, 0x2c, 0x35, 0x40, 0x5c, 0xae, 0x90, 0x22, 0xf4, + 0x5d, 0x05, 0x53, 0xf2, 0x9d, 0x46, 0x54, 0x0d, 0x78, 0xcc, + 0xfe, 0xe4, 0x6d, 0x3e, 0x3e, 0xaf, 0xeb, 0x82, 0x2d, 0x4b, + 0xad, 0x5d, 0x41, 0xa4, 0x18, 0xd6, 0xf2, 0xc1, 0xd6, 0xa8, + 0x1b, 0xda, 0x4d, 0x29, 0x9d, 0x71, 0xd7, 0x0f, 0x77, 0x36, + 0x31, 0xa3, 0xfb, 0x08, 0x2d, 0x63, 0x9a, 0x35, 0x9c, 0x46, + 0xfd, 0x22, 0x54, 0xd8, 0xec, 0xec, 0x01, 0x2f, 0x77, 0xe2, + 0x2d, 0x84, 0xb7, 0x26, 0xf9, 0x4a, 0xf1, 0xf8, 0x79, 0x64, + 0x61, 0x19, 0x49, 0xae, 0x6c, 0xa6, 0xa1, 0x5f, 0x83, 0xde, + 0x70, 0x19, 0x3e, 0xb7, 0xa1, 0xf7, 0xd3, 0x35, 0x53, 0xb4, + 0x9b, 0xe9, 0xdb, 0x3f, 0x07, 0x53, 0x0d, 0x25, 0xda, 0x20, + 0x1a, 0xb0, 0x95, 0x41, 0x81, 0x23, 0x5d, 0x0b, 0x72, 0xfd, + 0xf7, 0xb0, 0xd2, 0x59, 0x3a, 0xdd, 0xab, 0xc3, 0xa7, 0x34, + 0x63, 0x7b, 0x84, 0x1a, 0x8c, 0x7e, 0x35, 0x29, 0x9c, 0x56, + 0xe4, 0x60, 0xd5, 0x5b, 0xb5, 0x15, 0x77, 0x39, 0x41, 0x5b, + 0x2a, 0x79, 0x91, 0x85, 0x6c, 0xf1, 0xaf, 0x1d, 0x63, 0x57, + 0x53, 0xbc, 0x5f, 0x2f, 0xac, 0x73, 0xdb, 0x0d, 0xab, 0x4d, + 0x63, 0xf1, 0x40, 0xb0, 0xcc, 0x82, 0x2f, 0xab, 0x15, 0xba, + 0x32, 0x98, 0x10, 0x3b, 0x03, 0xcc, 0x05, 0x8a, 0x51, 0x49, + 0xc1, 0x09, 0x90, 0xff, 0xd3, 0xdf, 0x70, 0x8c, 0x14, 0x21, + 0xef, 0x96, 0xfc, 0x91, 0x65, 0xfd, 0xa6, 0x5a, 0x78, 0xd7, + 0x24, 0x39, 0xf1, 0x8c, 0xed, 0x67, 0x49, 0xd4, 0x6a, 0x55, + 0x82, 0x4a, 0x47, 0x44, 0xec, 0xa2, 0x67, 0xf7, 0x68, 0xc2, + 0x7c, 0xb0, 0x2a, 0xd0, 0x1a, 0x2a, 0x17, 0x46, 0x7c, 0x57, + 0xd8, 0x8a, 0x78, 0x1e, 0x78, 0xf7, 0x81, 0x3f, 0x1f, 0x84, + 0xb5, 0x82, 0xdb, 0xea, 0x92, 0x27, 0x82, 0x2a, 0xa4, 0xcf, + 0x2c, 0x37, 0x44, 0xe9, 0x32, 0x4c, 0xea, 0xaa, 0x8a, 0x53, + 0x39, 0xe4, 0x19, 0x7f, 0x14, 0x22, 0x93, 0x8c, 0xe8, 0x52, + 0xf4, 0xec, 0x27, 0x33, 0xa6, 0xdc, 0xbf, 0x09, 0x5b, 0x83, + 0x41, 0x30, 0x15, 0x26, 0xaf, 0xf8, 0x4c, 0xe4, 0xce, 0x26, + 0xff, 0x78, 0x6a, 0x80, 0xb9, 0xcb, 0x4d, 0x70, 0x54, 0x96, + 0x0e, 0x3f, 0xd6, 0x0c, 0x35, 0xe4, 0x50, 0x08, 0xd9, 0xc1, + 0x9b, 0xc9, 0x43, 0x1c, 0x71, 0x74, 0x7d, 0xf5, 0x40, 0x02, + 0x7f, 0x18, 0xb5, 0x11, 0xc4, 0x17, 0xcb, 0x3e, 0xd4, 0xf2, + 0x32, 0x8a, 0x8c, 0x82, 0xd3, 0x59, 0x45, 0xd4, 0x3c, 0xc3, + 0xb2, 0x16, 0xad, 0x09, 0xca, 0x77, 0x36, 0x42, 0xac, 0xad, + 0xe1, 0x1c, 0x31, 0x5d, 0x54, 0x1c, 0x87, 0x34, 0xcc, 0xd0, + 0x88, 0x17, 0xa7, 0x05, 0x4f, 0x43, 0xe4, 0xd2, 0xbf, 0x6b, + 0x77, 0x08 ) ); + +/* FFDHE2048, invalid partner key (0) */ +EXCHANGE_TEST ( ffdhe2048_zero, &ffdhe2048_algorithm, + PRIVATE ( 0x00, 0xd2, 0xf5, 0xb3, 0xfb, 0x1d, 0xbd, 0x64, 0x6e, 0xcf, + 0x00, 0x6d, 0xd7, 0x02, 0x6a, 0x26, 0x6c, 0x34, 0xef, 0x0c, + 0x4b, 0xdc, 0x44, 0x42, 0xda, 0xf9, 0x12, 0x2a, 0x93 ), + PARTNER ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ), + PUBLIC ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52, + 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02, + 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17, + 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6, + 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55, + 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e, + 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64, + 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d, + 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1, + 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2, + 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f, + 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4, + 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d, + 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22, + 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4, + 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8, + 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a, + 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82, + 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56, + 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b, + 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28, + 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1, + 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c, + 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50, + 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1, + 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ), + SHARED_FAIL ); + +/* FFDHE2048, invalid partner key (1) */ +EXCHANGE_TEST ( ffdhe2048_one, &ffdhe2048_algorithm, + PRIVATE ( 0x00, 0xd2, 0xf5, 0xb3, 0xfb, 0x1d, 0xbd, 0x64, 0x6e, 0xcf, + 0x00, 0x6d, 0xd7, 0x02, 0x6a, 0x26, 0x6c, 0x34, 0xef, 0x0c, + 0x4b, 0xdc, 0x44, 0x42, 0xda, 0xf9, 0x12, 0x2a, 0x93 ), + PARTNER ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ), + PUBLIC ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52, + 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02, + 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17, + 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6, + 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55, + 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e, + 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64, + 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d, + 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1, + 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2, + 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f, + 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4, + 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d, + 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22, + 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4, + 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8, + 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a, + 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82, + 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56, + 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b, + 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28, + 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1, + 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c, + 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50, + 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1, + 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ), + SHARED_FAIL ); + +/* FFDHE2048, invalid partner key (p - 1) */ +EXCHANGE_TEST ( ffdhe2048_minus_one, &ffdhe2048_algorithm, + PRIVATE ( 0x00, 0xd2, 0xf5, 0xb3, 0xfb, 0x1d, 0xbd, 0x64, 0x6e, 0xcf, + 0x00, 0x6d, 0xd7, 0x02, 0x6a, 0x26, 0x6c, 0x34, 0xef, 0x0c, + 0x4b, 0xdc, 0x44, 0x42, 0xda, 0xf9, 0x12, 0x2a, 0x93 ), + PARTNER ( 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, + 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, + 0x27, 0x3d, 0x3c, 0xf1, 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, + 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, + 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, 0x7d, 0x2f, + 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02, + 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, + 0x65, 0x61, 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, + 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, + 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, 0x98, 0x4f, 0x0c, 0x70, + 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, + 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, + 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, + 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, + 0xb2, 0xc8, 0xe3, 0xfb, 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, + 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, + 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, 0x0b, 0x07, + 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1, + 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, + 0x2f, 0x61, 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, + 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, + 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, 0x3b, 0xb5, 0xfc, 0xbc, + 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, + 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, + 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe ), + PUBLIC ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52, + 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02, + 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17, + 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6, + 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55, + 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e, + 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64, + 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d, + 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1, + 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2, + 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f, + 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4, + 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d, + 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22, + 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4, + 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8, + 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a, + 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82, + 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56, + 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b, + 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28, + 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1, + 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c, + 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50, + 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1, + 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ), + SHARED_FAIL ); + +/** + * Perform FFDHE self-test + * + */ +static void ffdhe_test_exec ( void ) { + + /* Randomly generated valid keys */ + exchange_ok ( &ffdhe2048_random ); + exchange_ok ( &ffdhe3072_random ); + exchange_ok ( &ffdhe4096_random ); + + /* Invalid partner keys */ + exchange_ok ( &ffdhe2048_zero ); + exchange_ok ( &ffdhe2048_one ); + exchange_ok ( &ffdhe2048_minus_one ); +} + +/** FFDHE self-test */ +struct self_test ffdhe_test __self_test = { + .name = "ffdhe", + .exec = ffdhe_test_exec, +}; diff --git a/src/tests/tests.c b/src/tests/tests.c index 9a98a32f6..2b27b187e 100644 --- a/src/tests/tests.c +++ b/src/tests/tests.c @@ -93,3 +93,4 @@ REQUIRE_OBJECT ( cpio_test ); REQUIRE_OBJECT ( fdt_test ); REQUIRE_OBJECT ( ecdsa_test ); REQUIRE_OBJECT ( hkdf_test ); +REQUIRE_OBJECT ( ffdhe_test );