[crypto] Add RFC 7919 FFDHE key exchange algorithms

We currently support fully parameterized finite field Diffie-Hellman
key exchange, where the peer provides not only its public key but also
the (fully arbitrary) selection of the field prime and generator.

RFC 7919 defines a family of finite fields all constructed from the
natural logarithm constant "e", intended to be used as well-known
fields where the peer simply names the field (e.g. "ffdhe2048") rather
than providing the raw prime and generator values.

Add support for this family of finite fields as key exchange
algorithms, to allow for protocols such as TLS version 1.3 where
parameterized fields are not permitted.

We choose to support only up to ffdhe4096, since this is sufficient to
exceed the security strength of our RNG (128 bits).

Support for ffdhe6144 and ffdhe8192 could trivially be added by simply
extending the "euler" constant and adding the relevant FFDHE_GROUP()
declarations.  Doing so would approximately double the space
requirements for both read-only data (from 0.5kB to 1kB) and for
uninitialised data (from 3.5kB to 7kB).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/ffdhe.c

@@ -0,0 +1,204 @@
+/*
+ * Copyright (C) 2026 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
+
+/** @file
+ *
+ * Finite Field Diffie-Hellman Ephemeral key exchange
+ *
+ * RFC 7919 defines a family of finite fields all constructed from the
+ * natural logarithm constant "e".
+ *
+ * We choose to support only up to ffdhe4096, since this is sufficient
+ * to exceed the security strength of our RNG (128 bits).
+ *
+ * Support for ffdhe6144 and ffdhe8192 could trivially be added by
+ * simply extending the "euler" constant and adding the relevant
+ * FFDHE_GROUP() declarations.  Doing so would approximately double
+ * the space requirements for both read-only data (from 0.5kB to 1kB)
+ * and for uninitialised data (from 3.5kB to 7kB).
+ */
+
+#include <stdint.h>
+#include <errno.h>
+#include <ipxe/ffdhe.h>
+
+/** Euler's number ("e") */
+static const uint8_t euler[] = {
+	0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56,
+	0x20, 0x27, 0x3d, 0x3c, 0xf1, 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d,
+	0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, 0xcc,
+	0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, 0x7d, 0x2f, 0xe3, 0x63,
+	0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61,
+	0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, 0x24, 0x33,
+	0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55, 0x3d,
+	0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
+	0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89,
+	0xda, 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad,
+	0xe7, 0x35, 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc,
+	0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b,
+	0xb2, 0xc8, 0xe3, 0xfb, 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4,
+	0x68, 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56,
+	0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, 0x0b, 0x07, 0xa7, 0xc8, 0xee,
+	0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
+	0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, 0x91, 0x72, 0xfe,
+	0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2,
+	0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, 0x3b,
+	0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83,
+	0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef,
+	0xfa, 0x88, 0x6b, 0x42, 0x38, 0x61, 0x1f, 0xcf, 0xdc, 0xde, 0x35,
+	0x5b, 0x3b, 0x65, 0x19, 0x03, 0x5b, 0xbc, 0x34, 0xf4, 0xde, 0xf9,
+	0x9c, 0x02, 0x38, 0x61, 0xb4, 0x6f, 0xc9, 0xd6, 0xe6, 0xc9, 0x07,
+	0x7a, 0xd9, 0x1d, 0x26, 0x91, 0xf7, 0xf7, 0xee, 0x59, 0x8c, 0xb0,
+	0xfa, 0xc1, 0x86, 0xd9, 0x1c, 0xae, 0xfe, 0x13, 0x09, 0x85, 0x13,
+	0x92, 0x70, 0xb4, 0x13, 0x0c, 0x93, 0xbc, 0x43, 0x79, 0x44, 0xf4,
+	0xfd, 0x44, 0x52, 0xe2, 0xd7, 0x4d, 0xd3, 0x64, 0xf2, 0xe2, 0x1e,
+	0x71, 0xf5, 0x4b, 0xff, 0x5c, 0xae, 0x82, 0xab, 0x9c, 0x9d, 0xf6,
+	0x9e, 0xe8, 0x6d, 0x2b, 0xc5, 0x22, 0x36, 0x3a, 0x0d, 0xab, 0xc5,
+	0x21, 0x97, 0x9b, 0x0d, 0xea, 0xda, 0x1d, 0xbf, 0x9a, 0x42, 0xd5,
+	0xc4, 0x48, 0x4e, 0x0a, 0xbc, 0xd0, 0x6b, 0xfa, 0x53, 0xdd, 0xef,
+	0x3c, 0x1b, 0x20, 0xee, 0x3f, 0xd5, 0x9d, 0x7c, 0x25, 0xe4, 0x1d,
+	0x2b, 0x66, 0x9e, 0x1e, 0xf1, 0x6e, 0x6f, 0x52, 0xc3, 0x16, 0x4d,
+	0xf4, 0xfb, 0x79, 0x30, 0xe9, 0xe4, 0xe5, 0x88, 0x57, 0xb6, 0xac,
+	0x7d, 0x5f, 0x42, 0xd6, 0x9f, 0x6d, 0x18, 0x77, 0x63, 0xcf, 0x1d,
+	0x55, 0x03, 0x40, 0x04, 0x87, 0xf5, 0x5b, 0xa5, 0x7e, 0x31, 0xcc,
+	0x7a, 0x71, 0x35, 0xc8, 0x86, 0xef, 0xb4, 0x31, 0x8a, 0xed, 0x6a,
+	0x1e, 0x01, 0x2d, 0x9e, 0x68, 0x32, 0xa9, 0x07, 0x60, 0x0a, 0x91,
+	0x81, 0x30, 0xc4, 0x6d, 0xc7, 0x78, 0xf9, 0x71, 0xad, 0x00, 0x38,
+	0x09, 0x29, 0x99, 0xa3, 0x33, 0xcb, 0x8b, 0x7a, 0x1a, 0x1d, 0xb9,
+	0x3d, 0x71, 0x40, 0x00, 0x3c, 0x2a, 0x4e, 0xce, 0xa9, 0xf9, 0x8d,
+	0x0a, 0xcc, 0x0a, 0x82, 0x91, 0xcd, 0xce, 0xc9, 0x7d, 0xcf, 0x8e,
+	0xc9, 0xb5, 0x5a, 0x7f, 0x88, 0xa4, 0x6b, 0x4d, 0xb5, 0xa8, 0x51,
+	0xf4, 0x41, 0x82, 0xe1, 0xc6, 0x8a, 0x00, 0x7e
+};
+
+/** FFDHE non-Euler length */
+#define FFDHE_PAD_LEN ( 8 /* high */ + 4 /* lsb32 */ + 8 /* low */ )
+
+/** An FFDHE prime modulus */
+#define ffdhe_modulus_t( len )						\
+	struct {							\
+		uint64_t high;						\
+		uint8_t euler[ len - FFDHE_PAD_LEN ];			\
+		uint32_t lsb32;						\
+		uint64_t low;						\
+	} __attribute__ (( packed ))
+
+/** Maximum length of big integer values */
+#define FFDHE_LEN ( sizeof ( euler ) + FFDHE_PAD_LEN )
+
+/** Maximum number of elements in big integer values */
+#define FFDHE_SIZE bigint_required_size ( FFDHE_LEN )
+
+/** Maximally sized big integer */
+typedef bigint_t ( FFDHE_SIZE ) ffdhe_t;
+
+/** Temporary storage */
+static struct {
+	/** Prime modulus */
+	ffdhe_t modulus;
+	/** Base */
+	ffdhe_t base;
+	/** Result */
+	ffdhe_t result;
+	/** Temporary working space */
+	union {
+		uint8_t mod_exp[ bigint_mod_exp_tmp_len ( (ffdhe_t *) NULL ) ];
+		uint8_t raw[FFDHE_LEN];
+	} tmp;
+} ffdhe_temp;
+
+/**
+ * Calculate FFDHE result
+ *
+ * @v group		FFDHE group
+ * @v public		Base public value, or NULL to use generator
+ * @v private		Private exponent
+ * @v shared		Shared result to fill in
+ * @ret rc		Return status code
+ */
+int ffdhe ( struct ffdhe_group *group, const void *public, const void *private,
+	    void *shared ) {
+	unsigned int expsize = group->expsize;
+	unsigned int size = group->size;
+	size_t explen = group->explen;
+	size_t len = group->len;
+	ffdhe_modulus_t ( len ) *tmp = ( ( void * ) &ffdhe_temp.tmp );
+	bigint_t ( size ) *modulus = ( ( void * ) &ffdhe_temp.modulus );
+	bigint_t ( size ) *base = ( ( void * ) &ffdhe_temp.base );
+	bigint_t ( size ) *result = ( ( void * ) &ffdhe_temp.result );
+	bigint_t ( expsize ) exponent;
+	static const uint8_t two[1] = { 2 };
+
+	/* Construct modulus */
+	assert ( sizeof ( *tmp ) == len );
+	memset ( tmp, 0xff, sizeof ( *tmp ) );
+	memcpy ( tmp->euler, euler, sizeof ( tmp->euler ) );
+	tmp->lsb32 = group->lsb32;
+	bigint_init ( modulus, tmp, len );
+	DBGC ( group, "FFDHE %s mod: %s\n",
+	       group->name, bigint_ntoa ( modulus ) );
+
+	/* Construct base */
+	if ( public ) {
+		bigint_init ( base, public, len );
+	} else {
+		bigint_init ( base, two, sizeof ( two ) );
+	}
+	DBGC ( group, "FFDHE %s %s: %s\n", group->name,
+	       ( public ? "pub" : "gen" ), bigint_ntoa ( base ) );
+
+	/* Construct exponent */
+	bigint_init ( &exponent, private, explen );
+	DBGC ( group, "FFDHE %s exp: %s\n",
+	       group->name, bigint_ntoa ( &exponent ) );
+
+	/* Calculate result */
+	bigint_mod_exp ( base, modulus, &exponent, result, &ffdhe_temp.tmp );
+	DBGC ( group, "FFDHE %s %s: %s\n", group->name,
+	       ( public ? "shr" : "pub" ), bigint_ntoa ( result ) );
+	bigint_done ( result, shared, len );
+
+	/* Validate result */
+	bigint_init ( base, two, sizeof ( two ) );
+	if ( ! bigint_is_geq ( result, base ) ) {
+		/* Result is 0 or 1 */
+		DBGC ( group, "FFDHE %s invalid result\n", group->name );
+		return -EPERM;
+	}
+	bigint_add ( base, result );
+	if ( ! bigint_is_geq ( modulus, result ) ) {
+		/* Result is p-1 */
+		DBGC ( group, "FFDHE %s invalid result\n", group->name );
+		return -EPERM;
+	}
+
+	return 0;
+}
+
+/* Supported groups */
+FFDHE_GROUP ( ffdhe2048, ffdhe2048_algorithm, 2048, 225, 0x61285c97 );
+FFDHE_GROUP ( ffdhe3072, ffdhe3072_algorithm, 3072, 275, 0x66c62e37 );
+FFDHE_GROUP ( ffdhe4096, ffdhe4096_algorithm, 4096, 325, 0x5e655f6a );

src/include/ipxe/bigint.h

@@ -358,11 +358,8 @@ FILE_SECBOOT ( PERMITTED );
  * @v modulus		Big integer modulus
  * @ret len		Length of temporary working space
  */
-#define bigint_mod_exp_tmp_len( modulus ) ( {				\
+#define bigint_mod_exp_tmp_len( modulus )				\
-	unsigned int size = bigint_size (modulus);			\
+	sizeof ( struct { typeof ( *(modulus) ) temp[4]; } )
-	sizeof ( struct {						\
-		bigint_t ( size ) temp[4];				\
-	} ); } )
 
 #include <bits/bigint.h>
 

src/include/ipxe/errfile.h

@@ -450,6 +450,7 @@ FILE_SECBOOT ( PERMITTED );
 #define ERRFILE_ecdhe		      ( ERRFILE_OTHER | 0x00680000 )
 #define ERRFILE_ecdsa		      ( ERRFILE_OTHER | 0x00690000 )
 #define ERRFILE_crypto_null	      ( ERRFILE_OTHER | 0x006a0000 )
+#define ERRFILE_ffdhe		      ( ERRFILE_OTHER | 0x006b0000 )
 
 /** @} */
 

src/include/ipxe/ffdhe.h

@@ -0,0 +1,70 @@
+#ifndef _IPXE_FFDHE_H
+#define _IPXE_FFDHE_H
+
+/** @file
+ *
+ * Finite Field Diffie-Hellman Ephemeral key exchange
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
+
+#include <stddef.h>
+#include <byteswap.h>
+#include <ipxe/bigint.h>
+#include <ipxe/crypto.h>
+
+/** A finite field DHE group */
+struct ffdhe_group {
+	/** Group name */
+	const char *name;
+	/** Length of raw scalar values */
+	size_t len;
+	/** Number of elements in scalar values */
+	unsigned int size;
+	/** Length of (short) exponents */
+	size_t explen;
+	/** Number of elements in exponent values */
+	unsigned int expsize;
+	/** Least significant interesting bits of modulus (big-endian) */
+	uint32_t lsb32;
+};
+
+extern int ffdhe ( struct ffdhe_group *group, const void *public,
+		   const void *private, void *shared );
+
+/** Define a finite field DHE group */
+#define FFDHE_GROUP( _name, _exchange, _bits, _expbits, _lsb )		  \
+	static struct ffdhe_group _name ## _group = {			  \
+		.name = #_name,					  	  \
+		.len = ( _bits / 8 ),					  \
+		.size = bigint_required_size ( _bits / 8 ),		  \
+		.explen = ( ( _expbits + 7 ) / 8 ),			  \
+		.expsize = bigint_required_size ( ( _expbits + 7 ) / 8 ), \
+		.lsb32 = cpu_to_be32 ( _lsb ),				  \
+	};								  \
+	static void _name ## _public ( const void *private,		  \
+				       void *public ) {			  \
+		ffdhe ( &_name ## _group, NULL, private, public );	  \
+	}								  \
+	static int _name ## _shared ( const void *private,		  \
+				      const void *partner,		  \
+				      void *shared ) {			  \
+		return ffdhe ( &_name ## _group, partner, private,	  \
+			       shared );				  \
+	}								  \
+	struct exchange_algorithm _exchange = {				  \
+		.name = #_name,						  \
+		.privsize = ( ( _expbits + 7 ) / 8 ),			  \
+		.pubsize = ( _bits / 8 ),				  \
+		.sharedsize = ( _bits / 8 ),				  \
+		.public = _name ## _public,				  \
+		.shared = _name ## _shared,				  \
+	}
+
+extern struct exchange_algorithm ffdhe2048_algorithm;
+extern struct exchange_algorithm ffdhe3072_algorithm;
+extern struct exchange_algorithm ffdhe4096_algorithm;
+
+#endif /* _IPXE_FFDHE_H */

src/tests/ffdhe_test.c

@@ -0,0 +1,611 @@
+/*
+ * Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+/** @file
+ *
+ * Finite Field Diffie-Hellman Ephemeral key exchange self-tests
+ *
+ * Test vectors were generated using openssl.
+ *
+ */
+
+/* Forcibly enable assertions */
+#undef NDEBUG
+
+#include <ipxe/ffdhe.h>
+#include <ipxe/test.h>
+#include "exchange_test.h"
+
+/* FFDHE2048, randomly generated keys */
+EXCHANGE_TEST ( ffdhe2048_random, &ffdhe2048_algorithm,
+	PRIVATE ( 0x00, 0xd6, 0xe1, 0xe7, 0x2a, 0x2e, 0xfc, 0x68, 0xbb, 0xee,
+		  0xa0, 0x10, 0xdf, 0x04, 0x98, 0xfd, 0xd5, 0xeb, 0x8f, 0x7e,
+		  0x07, 0x35, 0x5f, 0x61, 0x9f, 0xc2, 0x75, 0xa6, 0xd0 ),
+	PARTNER ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52,
+		  0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02,
+		  0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17,
+		  0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6,
+		  0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55,
+		  0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e,
+		  0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64,
+		  0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d,
+		  0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1,
+		  0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2,
+		  0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f,
+		  0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4,
+		  0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d,
+		  0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22,
+		  0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4,
+		  0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8,
+		  0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a,
+		  0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82,
+		  0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56,
+		  0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b,
+		  0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28,
+		  0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1,
+		  0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c,
+		  0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50,
+		  0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1,
+		  0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ),
+	PUBLIC ( 0x9e, 0x03, 0x99, 0x2b, 0xb0, 0x68, 0xa2, 0x42, 0xb8, 0xbf,
+		 0x1b, 0x3f, 0x6b, 0xca, 0x80, 0x57, 0x00, 0x52, 0x26, 0x41,
+		 0xab, 0x37, 0x2e, 0xaa, 0xfb, 0xc7, 0x6e, 0xe3, 0x3a, 0x05,
+		 0x11, 0x38, 0x98, 0x3d, 0x9c, 0xe2, 0x0c, 0xe5, 0x0b, 0x98,
+		 0x12, 0xd0, 0x34, 0x27, 0x64, 0x46, 0x61, 0x43, 0x5f, 0x0b,
+		 0x81, 0x80, 0x13, 0x95, 0x07, 0x13, 0x56, 0x47, 0xce, 0x98,
+		 0xa3, 0x08, 0xc7, 0x99, 0xb5, 0x7c, 0x2e, 0xee, 0x54, 0x0c,
+		 0x0e, 0x0b, 0x3e, 0xee, 0x99, 0x0f, 0x20, 0xe0, 0x4a, 0x63,
+		 0xf3, 0xaf, 0x1d, 0x4f, 0x26, 0x84, 0xbe, 0xb3, 0x51, 0x42,
+		 0x81, 0x12, 0x51, 0x84, 0x71, 0xff, 0x93, 0x75, 0x4e, 0x73,
+		 0x11, 0xbb, 0xc1, 0x95, 0x54, 0x6d, 0x42, 0x5f, 0x5e, 0xba,
+		 0xf9, 0xc6, 0xa0, 0x64, 0xcf, 0x91, 0x80, 0x6b, 0x1b, 0x0a,
+		 0x15, 0x8b, 0x0b, 0xf6, 0x48, 0x33, 0xc2, 0xe7, 0x39, 0xfb,
+		 0x45, 0xee, 0x8e, 0x31, 0xad, 0x65, 0xe5, 0x13, 0xfb, 0xd6,
+		 0xc6, 0x51, 0x9f, 0x8d, 0x79, 0x6a, 0xad, 0xbc, 0x2e, 0xb3,
+		 0xe5, 0xc8, 0xdf, 0xfb, 0xb8, 0x20, 0x66, 0x4a, 0x15, 0xc8,
+		 0x19, 0x93, 0xb6, 0x1c, 0x50, 0x2f, 0x41, 0x30, 0x5e, 0x12,
+		 0x45, 0x8a, 0x6c, 0x0c, 0x41, 0xf5, 0x35, 0x85, 0x53, 0x0e,
+		 0x48, 0x3d, 0xae, 0x11, 0xbc, 0x71, 0x05, 0x92, 0x99, 0xbc,
+		 0xc3, 0x2f, 0x6f, 0x1b, 0x67, 0x72, 0x35, 0xfd, 0xde, 0x47,
+		 0x5c, 0x99, 0x5c, 0xf0, 0x3a, 0x54, 0xd2, 0x7b, 0x81, 0x45,
+		 0x7b, 0x06, 0xdd, 0x69, 0xb7, 0xf9, 0x9d, 0x7d, 0x70, 0xa4,
+		 0x7d, 0x52, 0x0a, 0x55, 0x30, 0xda, 0xd1, 0x79, 0xc1, 0x78,
+		 0x5e, 0xed, 0xc7, 0x25, 0xe2, 0xc1, 0x7c, 0x8f, 0x80, 0x7a,
+		 0x84, 0xe5, 0x46, 0xc6, 0x1e, 0xef, 0xb2, 0x0a, 0x88, 0xdf,
+		 0xa9, 0x76, 0xbe, 0x9f, 0x0e, 0x79 ),
+	SHARED ( 0xc8, 0x10, 0x83, 0xa1, 0xc1, 0x21, 0xbe, 0x34, 0x90, 0xdd,
+		 0x90, 0x18, 0x74, 0x71, 0xb2, 0x6d, 0x6f, 0x07, 0x82, 0xe4,
+		 0xe2, 0x0f, 0x60, 0x47, 0x3b, 0x29, 0x1a, 0x24, 0x20, 0x9e,
+		 0xd8, 0x2f, 0xfe, 0xbe, 0x68, 0x74, 0x38, 0x15, 0xf7, 0x2b,
+		 0x65, 0xdb, 0xd8, 0x52, 0x55, 0x20, 0xf6, 0x64, 0x04, 0xf1,
+		 0x46, 0x74, 0x26, 0x9a, 0x88, 0x85, 0xf9, 0x14, 0x9f, 0xcb,
+		 0xc6, 0x56, 0x40, 0x6a, 0xbb, 0xed, 0xd3, 0x01, 0xd4, 0x9e,
+		 0xb1, 0xa8, 0x1c, 0xf9, 0x22, 0x1c, 0xd1, 0x79, 0x09, 0x58,
+		 0x1e, 0xfe, 0xac, 0xc0, 0xa9, 0x4b, 0xea, 0x81, 0xf2, 0xc3,
+		 0xf2, 0x64, 0x92, 0xfd, 0x14, 0x7b, 0x7e, 0xd0, 0x36, 0x67,
+		 0x60, 0x53, 0x1c, 0xfb, 0x62, 0x7c, 0x6e, 0xfd, 0x0a, 0x83,
+		 0xa9, 0xe4, 0xb9, 0xe5, 0xc0, 0x22, 0xa5, 0xc4, 0xe0, 0xcc,
+		 0xd4, 0xda, 0x76, 0x0e, 0xdc, 0x8e, 0x59, 0x39, 0x19, 0xa4,
+		 0x47, 0xce, 0x46, 0x10, 0x15, 0x42, 0x39, 0xc1, 0x34, 0xa2,
+		 0x76, 0xb0, 0x5f, 0x86, 0xee, 0xa6, 0xf8, 0x0e, 0x1e, 0x49,
+		 0x4a, 0x71, 0xa2, 0x20, 0xb8, 0x56, 0x52, 0x18, 0x18, 0x5a,
+		 0xd3, 0xa9, 0xaf, 0xbf, 0x40, 0x02, 0x6a, 0x1e, 0x4c, 0xb2,
+		 0xe4, 0x5f, 0xee, 0x05, 0x7a, 0x10, 0x2a, 0xb2, 0x99, 0x9f,
+		 0x22, 0xb4, 0xa2, 0xfa, 0x5e, 0xd1, 0xf7, 0x93, 0x0f, 0x0c,
+		 0x04, 0x30, 0x01, 0xf6, 0xc4, 0x32, 0x64, 0xe6, 0x1a, 0x7e,
+		 0xc4, 0x83, 0xf2, 0x43, 0x86, 0xf0, 0x3d, 0xcd, 0x7a, 0x17,
+		 0xbf, 0xed, 0xff, 0xb8, 0x09, 0xaf, 0x6f, 0x0f, 0xc7, 0x71,
+		 0x4c, 0x8b, 0xc6, 0x1d, 0xb4, 0xaa, 0x40, 0xb9, 0x3f, 0x74,
+		 0x06, 0x86, 0xe5, 0x84, 0x41, 0x5c, 0x98, 0x1f, 0x06, 0xc5,
+		 0xe3, 0xee, 0x0b, 0xa6, 0x8b, 0x43, 0x65, 0x64, 0x47, 0xc5,
+		 0x72, 0xef, 0x89, 0xb8, 0xdc, 0x6a ) );
+
+/* FFDHE3072, randomly generated keys */
+EXCHANGE_TEST ( ffdhe3072_random, &ffdhe3072_algorithm,
+	PRIVATE ( 0x04, 0x4a, 0x8b, 0xe6, 0x30, 0x2c, 0xfd, 0x0e, 0xf4, 0x63,
+		  0xe7, 0x5e, 0x1c, 0x18, 0x61, 0x4b, 0x2c, 0x55, 0x68, 0xfb,
+		  0x87, 0x80, 0x15, 0xbc, 0x18, 0x5b, 0x3a, 0x7b, 0x54, 0xe5,
+		  0x85, 0xd8, 0xdd, 0x1f, 0xdc ),
+	PARTNER ( 0xc4, 0x41, 0x0e, 0x17, 0x21, 0xc7, 0x3c, 0x07, 0x7c, 0x34,
+		  0x5e, 0x37, 0xa7, 0x2f, 0x33, 0x4f, 0x49, 0xb3, 0xfb, 0x50,
+		  0x20, 0x80, 0x71, 0x0f, 0x1a, 0x02, 0x1f, 0xc4, 0xc8, 0xe7,
+		  0xe5, 0x6d, 0x10, 0x84, 0xf7, 0x93, 0x6a, 0x1b, 0x8b, 0x08,
+		  0x8b, 0x3d, 0x73, 0xc8, 0x07, 0x2f, 0xae, 0x80, 0xe1, 0xac,
+		  0x11, 0x62, 0x42, 0x44, 0xde, 0xe9, 0xa9, 0x84, 0xc9, 0x7e,
+		  0xe5, 0x3d, 0x9c, 0x20, 0xfd, 0x7f, 0x99, 0xea, 0xa8, 0x94,
+		  0x47, 0xda, 0xb2, 0x03, 0xc0, 0xd5, 0x34, 0x53, 0xa0, 0xef,
+		  0xba, 0xdf, 0x6b, 0xbe, 0x28, 0x27, 0x88, 0x14, 0x92, 0xd3,
+		  0xc6, 0xbf, 0xf3, 0x1a, 0x02, 0x98, 0xf8, 0x2c, 0x94, 0xa7,
+		  0x1e, 0x0d, 0x0e, 0x15, 0x8e, 0x2b, 0x9b, 0x45, 0x5e, 0x44,
+		  0x09, 0x82, 0x41, 0xdd, 0xd5, 0x03, 0x82, 0x4a, 0xbc, 0x2b,
+		  0xa2, 0x24, 0x8f, 0xcf, 0x1c, 0xd4, 0x78, 0x49, 0x66, 0x48,
+		  0x89, 0x81, 0x55, 0x34, 0xee, 0x41, 0xf6, 0x0f, 0x7e, 0x48,
+		  0x6b, 0x05, 0xd0, 0x84, 0xc1, 0xb6, 0xd2, 0xe2, 0xed, 0xdd,
+		  0x3d, 0x87, 0x96, 0x59, 0xd7, 0xb6, 0xca, 0x5c, 0xed, 0x8e,
+		  0x33, 0xe9, 0x8e, 0x47, 0xa5, 0xab, 0xcd, 0xe9, 0xec, 0x05,
+		  0xae, 0x2e, 0xa3, 0xcb, 0xe5, 0xb4, 0xfb, 0xb8, 0xde, 0xfb,
+		  0x7e, 0xc3, 0xfe, 0x50, 0x27, 0xb6, 0xec, 0x3d, 0x7b, 0xc4,
+		  0xbd, 0xf4, 0x19, 0xed, 0x1e, 0xc6, 0x4a, 0x33, 0xc7, 0x29,
+		  0x3f, 0x83, 0x1a, 0xc8, 0x52, 0x00, 0x65, 0x43, 0x04, 0xa4,
+		  0xdc, 0x78, 0x22, 0x90, 0xdd, 0x29, 0x50, 0x54, 0x12, 0xd7,
+		  0x3a, 0xcc, 0x66, 0x02, 0xbb, 0xfd, 0xac, 0xde, 0xf8, 0x67,
+		  0x55, 0x6d, 0xb7, 0xb2, 0x12, 0x1f, 0x54, 0x72, 0xfb, 0x92,
+		  0x16, 0x8b, 0x28, 0x1c, 0x48, 0x59, 0x36, 0x39, 0x8a, 0x21,
+		  0x76, 0x71, 0xdc, 0x86, 0x94, 0x64, 0xf6, 0x15, 0xd0, 0xe6,
+		  0xf3, 0x7e, 0x2e, 0xfc, 0x78, 0x8a, 0x48, 0x02, 0xce, 0xeb,
+		  0xe0, 0x5a, 0xd0, 0x8b, 0x1d, 0x89, 0xcf, 0x6f, 0xf1, 0xb9,
+		  0xd8, 0x67, 0x80, 0xd8, 0xb8, 0x4f, 0xdc, 0x9c, 0xcb, 0xfe,
+		  0xe9, 0xc6, 0x12, 0x23, 0xb2, 0x80, 0x70, 0x19, 0xd9, 0x0f,
+		  0x50, 0x13, 0x00, 0x14, 0x7a, 0x6b, 0x75, 0x51, 0xf9, 0x93,
+		  0xcc, 0x87, 0x1b, 0xdd, 0x2e, 0x8e, 0x20, 0x9f, 0x69, 0xab,
+		  0xc2, 0x7f, 0x13, 0x93, 0x26, 0x1e, 0x37, 0x9e, 0x82, 0x1b,
+		  0x54, 0xf0, 0x38, 0x96, 0x09, 0x6a, 0x4d, 0x1b, 0x1b, 0x42,
+		  0xe7, 0x4e, 0x78, 0x9e, 0xa6, 0x23, 0x1e, 0xce, 0x55, 0xca,
+		  0xd9, 0xb5, 0x19, 0xc6, 0x1e, 0x15, 0xcf, 0xb5, 0x2f, 0x79,
+		  0xd7, 0xf9, 0x18, 0xf6, 0x7d, 0xcf, 0x02, 0x3d, 0x30, 0xc0,
+		  0xed, 0xaa, 0xb6, 0xf4, 0x5e, 0x59, 0xea, 0x52, 0xf8, 0x37,
+		  0xae, 0xe5, 0xa6, 0x38 ),
+	PUBLIC ( 0x8b, 0x1a, 0xab, 0x89, 0x32, 0xcc, 0x56, 0x58, 0x1c, 0x9b,
+		 0x66, 0x90, 0x41, 0xf5, 0xd1, 0xba, 0x57, 0x65, 0x5f, 0xa5,
+		 0x44, 0x7f, 0x6e, 0xa2, 0xcc, 0xef, 0x02, 0x5c, 0xa6, 0xf0,
+		 0xb2, 0x60, 0x1d, 0x74, 0xa7, 0xd0, 0xe7, 0x17, 0x5b, 0x19,
+		 0x76, 0xa2, 0x72, 0xc5, 0x52, 0x8d, 0xb8, 0x0f, 0x77, 0x0d,
+		 0x01, 0xa4, 0xa4, 0xee, 0x54, 0xe4, 0x27, 0xc8, 0xd3, 0xc3,
+		 0x2a, 0xa7, 0x72, 0xc2, 0x94, 0x0a, 0xc4, 0x6f, 0xbf, 0x11,
+		 0x47, 0x10, 0xca, 0x39, 0xe5, 0x68, 0xa4, 0xc4, 0xfe, 0x99,
+		 0x99, 0x98, 0x11, 0xd1, 0xbb, 0xe0, 0xa4, 0xd7, 0x86, 0x1d,
+		 0x3a, 0xd6, 0xba, 0x66, 0x3e, 0xc7, 0x9a, 0xeb, 0x74, 0xd7,
+		 0x5b, 0xbe, 0x86, 0x7a, 0x04, 0x09, 0x83, 0xf6, 0x30, 0xb5,
+		 0xc3, 0xe8, 0x20, 0x8d, 0x8b, 0xf8, 0xf1, 0x5a, 0xd3, 0xe8,
+		 0x64, 0xbe, 0xf4, 0xed, 0x11, 0xb2, 0xdd, 0xd4, 0x03, 0x98,
+		 0x77, 0xca, 0x57, 0x58, 0xff, 0x4f, 0x47, 0x31, 0xb5, 0x8d,
+		 0xc8, 0x8a, 0xd2, 0x5a, 0xb7, 0x5b, 0xf3, 0xeb, 0xc6, 0x1d,
+		 0x25, 0x22, 0x5a, 0x43, 0x8f, 0xf7, 0x1c, 0x19, 0xa8, 0x5c,
+		 0xc9, 0x68, 0x00, 0x33, 0x61, 0xe9, 0x12, 0x81, 0xee, 0x65,
+		 0x56, 0x0c, 0x74, 0x39, 0xd8, 0x3d, 0x5c, 0x32, 0x96, 0x1f,
+		 0x75, 0xb2, 0x29, 0xf9, 0xc6, 0x70, 0xf7, 0x58, 0x34, 0x60,
+		 0xaf, 0x95, 0x76, 0xfc, 0xdf, 0xe2, 0xe4, 0xe4, 0x71, 0x85,
+		 0xe5, 0xb2, 0x92, 0xa5, 0x48, 0x3a, 0xf3, 0xba, 0x2d, 0x67,
+		 0x25, 0xc9, 0x30, 0xbf, 0xf8, 0x32, 0x37, 0x08, 0x9f, 0x4b,
+		 0x46, 0xc8, 0x91, 0x66, 0xc4, 0xe9, 0x69, 0x01, 0x05, 0xe6,
+		 0xa6, 0x96, 0x10, 0x32, 0x9b, 0xf8, 0x87, 0x1a, 0x56, 0x3e,
+		 0x65, 0x54, 0x51, 0x0d, 0x54, 0xf3, 0x99, 0x19, 0x6a, 0x9b,
+		 0x0e, 0xe5, 0xf9, 0xc7, 0x1a, 0xeb, 0xaf, 0x06, 0x00, 0xa0,
+		 0xfe, 0xc4, 0x8f, 0xb6, 0xea, 0x31, 0xd4, 0xd7, 0xcb, 0x4b,
+		 0x4b, 0x9d, 0xd0, 0xf6, 0xbc, 0x52, 0xbc, 0xda, 0xb9, 0xcc,
+		 0xde, 0xc2, 0x0b, 0x28, 0x8f, 0x09, 0x59, 0x96, 0x48, 0x28,
+		 0xd5, 0xae, 0xc8, 0x39, 0x32, 0xdc, 0xcc, 0xb9, 0x47, 0x12,
+		 0xe5, 0xf2, 0xef, 0xfc, 0x62, 0xe5, 0xc3, 0xaa, 0xd7, 0xc3,
+		 0x97, 0x97, 0xf5, 0x99, 0x4e, 0xe2, 0xf0, 0xf1, 0x17, 0x4e,
+		 0x62, 0x88, 0xd5, 0xb3, 0x8f, 0x93, 0xd4, 0xda, 0x5c, 0xa9,
+		 0xfc, 0xc9, 0x00, 0x13, 0xf7, 0xaf, 0x6d, 0xf0, 0x87, 0x96,
+		 0x27, 0x9b, 0xee, 0x74, 0x59, 0xf9, 0x68, 0x28, 0x45, 0x56,
+		 0x29, 0x81, 0xc8, 0xf4, 0x99, 0x25, 0x5c, 0x42, 0x86, 0xd1,
+		 0x27, 0x1a, 0xd6, 0xc5, 0x15, 0x8c, 0x6b, 0xd9, 0xde, 0x9f,
+		 0xc1, 0x60, 0xcd, 0xe0, 0xa8, 0x33, 0x5a, 0x1d, 0x28, 0x23,
+		 0xfc, 0xfb, 0xdb, 0x2f ),
+	SHARED ( 0x3c, 0xe4, 0x44, 0xab, 0x5a, 0xd5, 0x32, 0x0a, 0x70, 0x80,
+		 0x70, 0x3d, 0x3b, 0xfd, 0xdc, 0xd4, 0xf7, 0x9d, 0x1c, 0x87,
+		 0x22, 0x8f, 0x39, 0x39, 0xcd, 0x8e, 0xa2, 0x9c, 0x14, 0x28,
+		 0x9f, 0xfa, 0xaf, 0x92, 0xd6, 0x7c, 0x62, 0xf3, 0x75, 0x7b,
+		 0x94, 0x3c, 0xe4, 0xf7, 0x70, 0xbd, 0x82, 0xf7, 0x9b, 0xe5,
+		 0xb0, 0xb9, 0xb5, 0x4c, 0xd8, 0x0e, 0xa1, 0xf7, 0x8a, 0x92,
+		 0xa5, 0x4a, 0x51, 0x79, 0x86, 0x31, 0x19, 0x53, 0xa0, 0x5a,
+		 0x3d, 0xac, 0x90, 0xcc, 0xdd, 0x4e, 0x68, 0xb2, 0x04, 0x1a,
+		 0xe1, 0xcf, 0x67, 0x5f, 0x52, 0xe0, 0x52, 0xe4, 0x30, 0x40,
+		 0x6f, 0x8f, 0x9f, 0x96, 0x29, 0x8c, 0x0d, 0x61, 0x50, 0x92,
+		 0x36, 0xf4, 0x13, 0xa6, 0xe5, 0x99, 0x62, 0x49, 0xcb, 0xcd,
+		 0x58, 0x05, 0x9c, 0x95, 0xe2, 0xee, 0xa1, 0x51, 0x0e, 0x12,
+		 0xe7, 0x37, 0xdc, 0x66, 0x73, 0xad, 0x4b, 0x25, 0xa5, 0x79,
+		 0xf8, 0x2e, 0x12, 0x67, 0x54, 0x0a, 0x6a, 0xa4, 0x77, 0xfa,
+		 0x4e, 0x07, 0xbb, 0xbe, 0x1e, 0xf4, 0x74, 0xeb, 0x15, 0xbd,
+		 0x06, 0x92, 0x45, 0xef, 0x73, 0x12, 0xc9, 0x75, 0xa7, 0x05,
+		 0x5c, 0x1e, 0x1d, 0x0b, 0xb1, 0xec, 0xd0, 0xe4, 0x7d, 0x4a,
+		 0x2c, 0x38, 0x93, 0xf9, 0xec, 0xeb, 0x68, 0xfa, 0xa1, 0x0e,
+		 0x69, 0x5f, 0xc4, 0xa6, 0x45, 0xb7, 0xb2, 0xf8, 0xc0, 0x3c,
+		 0x5f, 0xe1, 0x57, 0x0a, 0xc2, 0x5b, 0xe1, 0x30, 0x3c, 0x2e,
+		 0x3f, 0xd0, 0x0d, 0x95, 0x07, 0xbe, 0xf8, 0x41, 0x6f, 0x89,
+		 0xdf, 0x6b, 0xf4, 0x47, 0xec, 0x69, 0x81, 0x48, 0xc6, 0xb7,
+		 0xa9, 0x5b, 0x0d, 0xd3, 0x37, 0xd9, 0x8b, 0x2a, 0x74, 0xeb,
+		 0x5c, 0x5f, 0x18, 0xbf, 0xa2, 0x58, 0x3f, 0xb1, 0x9f, 0xc4,
+		 0x05, 0x8b, 0xfd, 0xd3, 0xa1, 0xba, 0x07, 0x6b, 0xcd, 0xa4,
+		 0x26, 0x14, 0x1a, 0x80, 0x64, 0x32, 0x7e, 0xb7, 0xb4, 0xe0,
+		 0x39, 0xb3, 0x1c, 0x92, 0xb9, 0x40, 0x60, 0x28, 0x16, 0x0e,
+		 0xfa, 0x44, 0xa7, 0x5f, 0x6c, 0xa1, 0xd6, 0x74, 0x89, 0x4b,
+		 0x68, 0xef, 0xe3, 0x58, 0x8c, 0x92, 0x79, 0x49, 0x41, 0x4c,
+		 0xc6, 0xfd, 0xbe, 0x52, 0xb4, 0xbb, 0x5f, 0x24, 0x7c, 0x28,
+		 0xfb, 0x2e, 0x7a, 0x40, 0xda, 0x99, 0x4b, 0xe3, 0xc0, 0x7a,
+		 0x52, 0x65, 0xdc, 0x19, 0xb3, 0x10, 0xbb, 0xa4, 0xba, 0x3c,
+		 0xb4, 0x7f, 0xd5, 0x71, 0x40, 0x11, 0x69, 0x95, 0x1a, 0xee,
+		 0xf8, 0x7c, 0x99, 0x7d, 0x8d, 0x0c, 0x0a, 0x49, 0x94, 0x57,
+		 0x52, 0x14, 0x54, 0x77, 0xc4, 0xfd, 0x05, 0x57, 0x0a, 0x15,
+		 0x68, 0x84, 0x22, 0x14, 0xdc, 0x1a, 0x37, 0x42, 0x7a, 0x9f,
+		 0x7a, 0x46, 0xc1, 0x38, 0xba, 0x93, 0x98, 0x9d, 0xcc, 0x59,
+		 0xd6, 0x51, 0xb7, 0x98, 0x36, 0xb7, 0xbb, 0x8b, 0x50, 0xfc,
+		 0x1a, 0xc2, 0x1a, 0x5e ) );
+
+/* FFDHE4096, randomly generated keys */
+EXCHANGE_TEST ( ffdhe4096_random, &ffdhe4096_algorithm,
+	PRIVATE ( 0x06, 0xd6, 0x8e, 0x42, 0x2a, 0x6e, 0xe1, 0xdc, 0x04, 0x7e,
+		  0x5d, 0x89, 0x3a, 0x6d, 0xb3, 0xc8, 0x03, 0xa0, 0x80, 0xa6,
+		  0xf3, 0x3d, 0x05, 0x3c, 0xf4, 0xd5, 0x8e, 0x69, 0x09, 0x78,
+		  0xef, 0xb1, 0xe5, 0x61, 0xf2, 0xa1, 0x1a, 0x9f, 0x33, 0xb1,
+		  0x70 ),
+	PARTNER ( 0x1f, 0x7d, 0x7d, 0x55, 0x84, 0x47, 0xe9, 0x37, 0x45, 0x6d,
+		  0x67, 0x77, 0x14, 0xe7, 0x67, 0x48, 0x69, 0x8b, 0x7c, 0x1c,
+		  0xd3, 0x5e, 0x7b, 0x24, 0xc8, 0x7c, 0xf6, 0x6c, 0x92, 0xc2,
+		  0x99, 0xca, 0x21, 0x2b, 0x67, 0x7e, 0x01, 0x53, 0xb9, 0x98,
+		  0x10, 0x06, 0xc7, 0x01, 0xbe, 0x3e, 0x16, 0xdc, 0x4d, 0xeb,
+		  0x4c, 0x3f, 0x2a, 0xca, 0x81, 0x35, 0x95, 0xde, 0x2a, 0xcd,
+		  0x52, 0xa0, 0xc1, 0x16, 0x97, 0x75, 0x97, 0xe0, 0x31, 0x57,
+		  0xc0, 0xdb, 0x62, 0xcc, 0xa8, 0x9b, 0xe5, 0x90, 0xa1, 0x96,
+		  0x0e, 0x96, 0x06, 0x7a, 0x03, 0x5f, 0x60, 0x0e, 0xc4, 0xa6,
+		  0xcf, 0xde, 0xfc, 0x32, 0xe5, 0x7f, 0x4a, 0xa5, 0xf1, 0x7c,
+		  0xa3, 0xc4, 0xfd, 0xd2, 0xed, 0xd8, 0x2f, 0xc8, 0x9a, 0x8c,
+		  0xa3, 0x1c, 0x77, 0x71, 0x61, 0xae, 0x89, 0x04, 0xea, 0xe1,
+		  0x00, 0xb8, 0xb5, 0x2d, 0x93, 0x81, 0xb4, 0xfb, 0x1c, 0x79,
+		  0x19, 0x32, 0x6b, 0xd9, 0x5e, 0xa5, 0x89, 0xf0, 0x3e, 0x57,
+		  0xf8, 0x61, 0x6f, 0xef, 0x8c, 0x3f, 0x51, 0x6d, 0xa1, 0xe6,
+		  0x7c, 0x5d, 0xe1, 0xec, 0xeb, 0xef, 0x39, 0x36, 0x92, 0x1a,
+		  0x7e, 0x44, 0x59, 0x8d, 0x1c, 0x0e, 0xf7, 0xc4, 0xd9, 0x6f,
+		  0xcc, 0x93, 0x2e, 0x14, 0x1a, 0x10, 0xd4, 0xf1, 0x32, 0xae,
+		  0xd3, 0x84, 0x39, 0x9d, 0x40, 0xaa, 0xde, 0xf8, 0xbd, 0x80,
+		  0x29, 0x20, 0x5b, 0x4b, 0x07, 0x35, 0xb1, 0xac, 0xa5, 0xa3,
+		  0x18, 0x72, 0xb1, 0x98, 0xf8, 0x7f, 0xb6, 0x76, 0xd3, 0x77,
+		  0x2e, 0xfe, 0x94, 0xe0, 0x02, 0xde, 0xb4, 0x2d, 0x25, 0xdb,
+		  0x75, 0x13, 0x9c, 0xd9, 0x92, 0xad, 0x63, 0xc8, 0x1b, 0x5f,
+		  0x2f, 0x55, 0x62, 0x84, 0x6d, 0xbf, 0x56, 0x25, 0x30, 0x9a,
+		  0x03, 0x1d, 0x58, 0xf9, 0x29, 0x42, 0xa0, 0x3b, 0x3d, 0xcc,
+		  0xa0, 0x74, 0xf3, 0x56, 0xe4, 0x61, 0xba, 0x4a, 0xb7, 0x5d,
+		  0xf3, 0xd2, 0x04, 0x1e, 0x69, 0x6c, 0xde, 0xd0, 0x02, 0xd4,
+		  0x59, 0x73, 0x97, 0x22, 0x9a, 0xf9, 0x6b, 0x50, 0x85, 0x80,
+		  0x28, 0xfd, 0x43, 0x8c, 0x5c, 0x9a, 0xe2, 0xa3, 0x22, 0xb3,
+		  0x5b, 0x53, 0x33, 0xbd, 0x5e, 0xd6, 0xa7, 0xed, 0xd7, 0xc9,
+		  0xd8, 0x04, 0x95, 0x86, 0x52, 0xa9, 0x3a, 0x27, 0x7f, 0x9d,
+		  0x29, 0xd6, 0x52, 0xa8, 0xa2, 0x3d, 0x29, 0x4f, 0x92, 0xbe,
+		  0x27, 0x68, 0xf9, 0x6e, 0x2b, 0x25, 0x43, 0xe8, 0x02, 0xae,
+		  0x9e, 0x2d, 0xfa, 0xcb, 0xe5, 0x85, 0xf2, 0x45, 0x1b, 0xd0,
+		  0xcf, 0xfc, 0xd5, 0x12, 0xe7, 0xac, 0x4a, 0xc7, 0x1c, 0x30,
+		  0x28, 0x62, 0x5e, 0xbd, 0x5e, 0x62, 0x2f, 0xc1, 0x58, 0x8b,
+		  0x5c, 0x26, 0x5b, 0xe3, 0x89, 0xb2, 0xfe, 0xbe, 0x90, 0xa0,
+		  0x1f, 0xf8, 0x26, 0x11, 0x77, 0x86, 0x03, 0x0e, 0xc6, 0xf9,
+		  0x30, 0xe4, 0xc9, 0xf0, 0x1a, 0xdf, 0x19, 0x9e, 0x00, 0x95,
+		  0xd7, 0xe2, 0x47, 0x18, 0xf1, 0x4f, 0x41, 0xdf, 0xa1, 0x41,
+		  0x59, 0x19, 0xfe, 0x02, 0x4a, 0x70, 0x12, 0xdc, 0x19, 0xf8,
+		  0xea, 0xc7, 0xb3, 0xf2, 0xc5, 0xb8, 0x1e, 0x0a, 0x11, 0x21,
+		  0x8f, 0xc7, 0xe9, 0x7d, 0x01, 0x87, 0x41, 0xd0, 0xe4, 0x93,
+		  0x11, 0x8c, 0x26, 0xfa, 0xc7, 0xc1, 0x62, 0xdb, 0x8b, 0x40,
+		  0xda, 0x57, 0xa5, 0xf6, 0x9d, 0x52, 0x2e, 0xdf, 0x3f, 0x57,
+		  0x02, 0xe4, 0x2f, 0xb1, 0xfa, 0xcf, 0x12, 0x1e, 0x41, 0xbf,
+		  0xfd, 0xb2, 0x16, 0xc3, 0x81, 0x37, 0xfd, 0x36, 0x43, 0x9b,
+		  0x7d, 0xc5, 0xd4, 0x97, 0x3f, 0xc0, 0x15, 0x1a, 0x59, 0x17,
+		  0x84, 0x31, 0x63, 0xbd, 0xf1, 0x9e, 0xef, 0xed, 0xb3, 0xe1,
+		  0x3b, 0x01, 0xd7, 0x65, 0xb0, 0x3c, 0x51, 0x67, 0xa7, 0xec,
+		  0xb8, 0xbc, 0x1c, 0xca, 0xc4, 0xb2, 0x38, 0x54, 0x1f, 0xf7,
+		  0x08, 0x63 ),
+	PUBLIC ( 0xac, 0xbf, 0x0b, 0xbc, 0x80, 0x25, 0x44, 0xcc, 0x5e, 0x99,
+		 0x4f, 0xce, 0x6b, 0xdc, 0xae, 0xa9, 0xee, 0x02, 0xd1, 0x8a,
+		 0xed, 0x7e, 0x70, 0x3f, 0x94, 0xec, 0xb2, 0x8a, 0x3d, 0xa2,
+		 0xb2, 0x16, 0x82, 0xae, 0x42, 0xf6, 0x24, 0xef, 0x7d, 0xf0,
+		 0xb9, 0x82, 0xa7, 0x34, 0x91, 0x7b, 0x74, 0x6f, 0x41, 0x5a,
+		 0xa2, 0x08, 0x44, 0x73, 0x43, 0x66, 0x3b, 0x98, 0x90, 0x00,
+		 0xa6, 0xf1, 0x32, 0xea, 0x19, 0xf6, 0x14, 0x7a, 0xd0, 0x85,
+		 0x8a, 0x81, 0xee, 0xc4, 0x80, 0xc8, 0x7c, 0x04, 0x70, 0x1c,
+		 0x2f, 0x2f, 0x40, 0xb9, 0x71, 0x4f, 0x5e, 0xa8, 0x59, 0xe0,
+		 0x0e, 0x09, 0x51, 0xa5, 0xdc, 0x72, 0xcf, 0x5d, 0x6f, 0x57,
+		 0x8c, 0x4f, 0x6c, 0x0c, 0xaa, 0x64, 0x11, 0xf6, 0xc3, 0x81,
+		 0xcb, 0x72, 0x00, 0xc8, 0x2c, 0x15, 0x2e, 0x12, 0x83, 0x95,
+		 0x34, 0x1c, 0x75, 0xad, 0xe2, 0xd3, 0x1a, 0x98, 0x64, 0xaf,
+		 0xdf, 0x37, 0x21, 0x5e, 0xf2, 0xef, 0xd2, 0x56, 0xed, 0xfa,
+		 0xf0, 0xa2, 0x74, 0xdc, 0xad, 0xb7, 0xd0, 0x5a, 0xed, 0x2b,
+		 0x66, 0xce, 0x82, 0xc2, 0x92, 0x55, 0x0c, 0xd9, 0x27, 0x07,
+		 0x57, 0x5f, 0xcb, 0x7b, 0xf1, 0xad, 0x16, 0x60, 0x7f, 0x0e,
+		 0xa5, 0xea, 0x69, 0x95, 0x03, 0x21, 0xf7, 0xc6, 0xdc, 0x74,
+		 0x9a, 0x99, 0x1f, 0x6a, 0x1e, 0x53, 0x67, 0x3c, 0xbb, 0x7a,
+		 0xa4, 0x8b, 0x47, 0x39, 0x0e, 0x43, 0xfa, 0x55, 0x3d, 0x42,
+		 0x11, 0x77, 0x45, 0xa5, 0x32, 0x6f, 0xe2, 0x2c, 0x2d, 0x9c,
+		 0x53, 0x3c, 0x6a, 0xb9, 0x22, 0xc9, 0x2c, 0xd2, 0xde, 0xbc,
+		 0x0f, 0x6f, 0xfb, 0x73, 0x53, 0xe6, 0x84, 0xa8, 0x5f, 0x57,
+		 0xf0, 0xde, 0xc7, 0xed, 0x4c, 0xd3, 0x97, 0xbc, 0xe0, 0xfd,
+		 0xc1, 0xb8, 0x3f, 0xe7, 0x53, 0x21, 0x43, 0xfd, 0xcd, 0x52,
+		 0xca, 0x88, 0x52, 0x25, 0x24, 0x69, 0xc8, 0x71, 0x82, 0x2f,
+		 0x4e, 0x66, 0xa4, 0x0b, 0x59, 0x10, 0x8c, 0x98, 0xce, 0xe7,
+		 0xb1, 0x07, 0xc4, 0xc6, 0xf8, 0x9d, 0x84, 0xf0, 0xd5, 0xa6,
+		 0x28, 0x8d, 0xec, 0xce, 0xc9, 0x14, 0x6a, 0xf6, 0x17, 0x81,
+		 0x01, 0xfb, 0xd0, 0x46, 0x85, 0x62, 0x71, 0x23, 0xc4, 0x37,
+		 0x0a, 0x2f, 0xb5, 0x1e, 0xb1, 0xd9, 0xa7, 0x0a, 0x6e, 0x54,
+		 0x9b, 0x8f, 0xbc, 0xde, 0x1d, 0x98, 0x76, 0x46, 0x2d, 0xc1,
+		 0xfc, 0xc5, 0x17, 0xee, 0x9e, 0xc5, 0x4a, 0x5f, 0xda, 0x90,
+		 0x77, 0xa0, 0xf4, 0x85, 0xe6, 0xab, 0x9c, 0x7f, 0xb5, 0x84,
+		 0x20, 0xc4, 0xad, 0x7f, 0x9c, 0xf2, 0x86, 0x6e, 0xdc, 0x50,
+		 0xf1, 0x66, 0x25, 0xca, 0x65, 0x75, 0x33, 0x18, 0x9d, 0x6e,
+		 0x2e, 0x1c, 0x40, 0xec, 0x7c, 0x31, 0xd9, 0x83, 0x60, 0x2f,
+		 0x46, 0x30, 0x28, 0x8a, 0xd1, 0xfb, 0xd3, 0x8f, 0x35, 0xf7,
+		 0xbc, 0x94, 0xd9, 0x34, 0x58, 0x5e, 0x34, 0x35, 0x54, 0x2d,
+		 0xe0, 0x51, 0x9a, 0xca, 0x55, 0x8f, 0x36, 0x05, 0x1c, 0x39,
+		 0xb1, 0xfc, 0x96, 0x70, 0x83, 0xb0, 0x41, 0x11, 0x38, 0x79,
+		 0x2b, 0x05, 0xf5, 0x88, 0xa0, 0x31, 0xf6, 0x37, 0xe0, 0xd8,
+		 0xfe, 0x38, 0x6e, 0x93, 0x30, 0xbe, 0x0f, 0xa7, 0x78, 0xea,
+		 0x34, 0xe4, 0x78, 0xab, 0xce, 0xf4, 0xe0, 0x27, 0x9a, 0x92,
+		 0x12, 0xd5, 0x8c, 0x6e, 0x22, 0x0e, 0xf7, 0x8d, 0x42, 0x73,
+		 0x1d, 0x2a, 0xd1, 0xb5, 0x02, 0xb9, 0x15, 0x03, 0x1b, 0x36,
+		 0xca, 0xbf, 0x3d, 0xda, 0x61, 0xc3, 0xe4, 0xa1, 0xe2, 0x8e,
+		 0xca, 0x40, 0xec, 0x12, 0xa6, 0x8e, 0xb4, 0x9e, 0xbd, 0xa1,
+		 0x14, 0x1d, 0xa8, 0x34, 0xdf, 0x06, 0x52, 0xc0, 0x81, 0x23,
+		 0xc8, 0x06, 0x1a, 0x28, 0x57, 0xbb, 0x17, 0xef, 0x5c, 0x4f,
+		 0x1a, 0x10, 0x5f, 0x99, 0x97, 0xd1, 0xe5, 0x2b, 0x3f, 0xc0,
+		 0xb8, 0x43 ),
+	SHARED ( 0xda, 0xe9, 0xbd, 0x55, 0x39, 0x5a, 0x45, 0xbf, 0x6e, 0x4c,
+		 0xc7, 0xde, 0xff, 0x12, 0x73, 0xf4, 0x07, 0xb6, 0xf8, 0xf9,
+		 0x46, 0xe2, 0x53, 0xfb, 0x0c, 0xb6, 0x19, 0x42, 0x5a, 0x70,
+		 0x39, 0x7c, 0xa2, 0x12, 0xca, 0x97, 0x09, 0x16, 0x7d, 0xc1,
+		 0xb1, 0xb6, 0x54, 0xdf, 0xa2, 0x47, 0x43, 0xd6, 0xfd, 0xb9,
+		 0x65, 0xc8, 0x51, 0xb7, 0x35, 0x0c, 0xae, 0xef, 0xb1, 0x51,
+		 0xf1, 0x9c, 0x1f, 0x02, 0x80, 0xda, 0xc4, 0x38, 0x8e, 0x8d,
+		 0xef, 0x52, 0x92, 0x6d, 0x52, 0x1a, 0xd0, 0xbf, 0x39, 0x96,
+		 0x89, 0xb3, 0xf1, 0xa2, 0x6b, 0xe3, 0xa1, 0x0f, 0xc9, 0x16,
+		 0xb1, 0xbc, 0xd5, 0xf2, 0x2a, 0x1b, 0x8b, 0xd2, 0xe6, 0xcc,
+		 0x76, 0x50, 0xf0, 0x12, 0x4d, 0x68, 0xdd, 0x4e, 0xaa, 0x4f,
+		 0x9b, 0xd7, 0x4a, 0x58, 0xe0, 0x26, 0x82, 0x81, 0x41, 0x52,
+		 0x35, 0x5c, 0xb7, 0xad, 0x3e, 0xaa, 0x3a, 0xc0, 0x0f, 0x39,
+		 0x48, 0xf6, 0x2c, 0x35, 0x40, 0x5c, 0xae, 0x90, 0x22, 0xf4,
+		 0x5d, 0x05, 0x53, 0xf2, 0x9d, 0x46, 0x54, 0x0d, 0x78, 0xcc,
+		 0xfe, 0xe4, 0x6d, 0x3e, 0x3e, 0xaf, 0xeb, 0x82, 0x2d, 0x4b,
+		 0xad, 0x5d, 0x41, 0xa4, 0x18, 0xd6, 0xf2, 0xc1, 0xd6, 0xa8,
+		 0x1b, 0xda, 0x4d, 0x29, 0x9d, 0x71, 0xd7, 0x0f, 0x77, 0x36,
+		 0x31, 0xa3, 0xfb, 0x08, 0x2d, 0x63, 0x9a, 0x35, 0x9c, 0x46,
+		 0xfd, 0x22, 0x54, 0xd8, 0xec, 0xec, 0x01, 0x2f, 0x77, 0xe2,
+		 0x2d, 0x84, 0xb7, 0x26, 0xf9, 0x4a, 0xf1, 0xf8, 0x79, 0x64,
+		 0x61, 0x19, 0x49, 0xae, 0x6c, 0xa6, 0xa1, 0x5f, 0x83, 0xde,
+		 0x70, 0x19, 0x3e, 0xb7, 0xa1, 0xf7, 0xd3, 0x35, 0x53, 0xb4,
+		 0x9b, 0xe9, 0xdb, 0x3f, 0x07, 0x53, 0x0d, 0x25, 0xda, 0x20,
+		 0x1a, 0xb0, 0x95, 0x41, 0x81, 0x23, 0x5d, 0x0b, 0x72, 0xfd,
+		 0xf7, 0xb0, 0xd2, 0x59, 0x3a, 0xdd, 0xab, 0xc3, 0xa7, 0x34,
+		 0x63, 0x7b, 0x84, 0x1a, 0x8c, 0x7e, 0x35, 0x29, 0x9c, 0x56,
+		 0xe4, 0x60, 0xd5, 0x5b, 0xb5, 0x15, 0x77, 0x39, 0x41, 0x5b,
+		 0x2a, 0x79, 0x91, 0x85, 0x6c, 0xf1, 0xaf, 0x1d, 0x63, 0x57,
+		 0x53, 0xbc, 0x5f, 0x2f, 0xac, 0x73, 0xdb, 0x0d, 0xab, 0x4d,
+		 0x63, 0xf1, 0x40, 0xb0, 0xcc, 0x82, 0x2f, 0xab, 0x15, 0xba,
+		 0x32, 0x98, 0x10, 0x3b, 0x03, 0xcc, 0x05, 0x8a, 0x51, 0x49,
+		 0xc1, 0x09, 0x90, 0xff, 0xd3, 0xdf, 0x70, 0x8c, 0x14, 0x21,
+		 0xef, 0x96, 0xfc, 0x91, 0x65, 0xfd, 0xa6, 0x5a, 0x78, 0xd7,
+		 0x24, 0x39, 0xf1, 0x8c, 0xed, 0x67, 0x49, 0xd4, 0x6a, 0x55,
+		 0x82, 0x4a, 0x47, 0x44, 0xec, 0xa2, 0x67, 0xf7, 0x68, 0xc2,
+		 0x7c, 0xb0, 0x2a, 0xd0, 0x1a, 0x2a, 0x17, 0x46, 0x7c, 0x57,
+		 0xd8, 0x8a, 0x78, 0x1e, 0x78, 0xf7, 0x81, 0x3f, 0x1f, 0x84,
+		 0xb5, 0x82, 0xdb, 0xea, 0x92, 0x27, 0x82, 0x2a, 0xa4, 0xcf,
+		 0x2c, 0x37, 0x44, 0xe9, 0x32, 0x4c, 0xea, 0xaa, 0x8a, 0x53,
+		 0x39, 0xe4, 0x19, 0x7f, 0x14, 0x22, 0x93, 0x8c, 0xe8, 0x52,
+		 0xf4, 0xec, 0x27, 0x33, 0xa6, 0xdc, 0xbf, 0x09, 0x5b, 0x83,
+		 0x41, 0x30, 0x15, 0x26, 0xaf, 0xf8, 0x4c, 0xe4, 0xce, 0x26,
+		 0xff, 0x78, 0x6a, 0x80, 0xb9, 0xcb, 0x4d, 0x70, 0x54, 0x96,
+		 0x0e, 0x3f, 0xd6, 0x0c, 0x35, 0xe4, 0x50, 0x08, 0xd9, 0xc1,
+		 0x9b, 0xc9, 0x43, 0x1c, 0x71, 0x74, 0x7d, 0xf5, 0x40, 0x02,
+		 0x7f, 0x18, 0xb5, 0x11, 0xc4, 0x17, 0xcb, 0x3e, 0xd4, 0xf2,
+		 0x32, 0x8a, 0x8c, 0x82, 0xd3, 0x59, 0x45, 0xd4, 0x3c, 0xc3,
+		 0xb2, 0x16, 0xad, 0x09, 0xca, 0x77, 0x36, 0x42, 0xac, 0xad,
+		 0xe1, 0x1c, 0x31, 0x5d, 0x54, 0x1c, 0x87, 0x34, 0xcc, 0xd0,
+		 0x88, 0x17, 0xa7, 0x05, 0x4f, 0x43, 0xe4, 0xd2, 0xbf, 0x6b,
+		 0x77, 0x08 ) );
+
+/* FFDHE2048, invalid partner key (0) */
+EXCHANGE_TEST ( ffdhe2048_zero, &ffdhe2048_algorithm,
+	PRIVATE ( 0x00, 0xd2, 0xf5, 0xb3, 0xfb, 0x1d, 0xbd, 0x64, 0x6e, 0xcf,
+		  0x00, 0x6d, 0xd7, 0x02, 0x6a, 0x26, 0x6c, 0x34, 0xef, 0x0c,
+		  0x4b, 0xdc, 0x44, 0x42, 0xda, 0xf9, 0x12, 0x2a, 0x93 ),
+	PARTNER ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+	PUBLIC ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52,
+		 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02,
+		 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17,
+		 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6,
+		 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55,
+		 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e,
+		 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64,
+		 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d,
+		 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1,
+		 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2,
+		 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f,
+		 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4,
+		 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d,
+		 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22,
+		 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4,
+		 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8,
+		 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a,
+		 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82,
+		 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56,
+		 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b,
+		 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28,
+		 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1,
+		 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c,
+		 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50,
+		 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1,
+		 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ),
+	SHARED_FAIL );
+
+/* FFDHE2048, invalid partner key (1) */
+EXCHANGE_TEST ( ffdhe2048_one, &ffdhe2048_algorithm,
+	PRIVATE ( 0x00, 0xd2, 0xf5, 0xb3, 0xfb, 0x1d, 0xbd, 0x64, 0x6e, 0xcf,
+		  0x00, 0x6d, 0xd7, 0x02, 0x6a, 0x26, 0x6c, 0x34, 0xef, 0x0c,
+		  0x4b, 0xdc, 0x44, 0x42, 0xda, 0xf9, 0x12, 0x2a, 0x93 ),
+	PARTNER ( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		  0x00, 0x00, 0x00, 0x00, 0x00, 0x01 ),
+	PUBLIC ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52,
+		 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02,
+		 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17,
+		 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6,
+		 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55,
+		 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e,
+		 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64,
+		 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d,
+		 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1,
+		 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2,
+		 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f,
+		 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4,
+		 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d,
+		 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22,
+		 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4,
+		 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8,
+		 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a,
+		 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82,
+		 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56,
+		 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b,
+		 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28,
+		 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1,
+		 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c,
+		 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50,
+		 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1,
+		 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ),
+	SHARED_FAIL );
+
+/* FFDHE2048, invalid partner key (p - 1) */
+EXCHANGE_TEST ( ffdhe2048_minus_one, &ffdhe2048_algorithm,
+	PRIVATE ( 0x00, 0xd2, 0xf5, 0xb3, 0xfb, 0x1d, 0xbd, 0x64, 0x6e, 0xcf,
+		  0x00, 0x6d, 0xd7, 0x02, 0x6a, 0x26, 0x6c, 0x34, 0xef, 0x0c,
+		  0x4b, 0xdc, 0x44, 0x42, 0xda, 0xf9, 0x12, 0x2a, 0x93 ),
+	PARTNER ( 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8,
+		  0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56,	0x20,
+		  0x27, 0x3d, 0x3c, 0xf1, 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d,
+		  0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
+		  0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, 0x7d, 0x2f,
+		  0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02,
+		  0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd,
+		  0x65, 0x61, 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
+		  0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57,
+		  0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, 0x98, 0x4f, 0x0c, 0x70,
+		  0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef,
+		  0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
+		  0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a,
+		  0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b,
+		  0xb2, 0xc8, 0xe3, 0xfb, 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7,
+		  0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
+		  0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, 0x0b, 0x07,
+		  0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1,
+		  0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34,
+		  0x2f, 0x61, 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
+		  0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe,
+		  0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, 0x3b, 0xb5, 0xfc, 0xbc,
+		  0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16,
+		  0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
+		  0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff,
+		  0xff, 0xff, 0xff, 0xff, 0xff, 0xfe ),
+	PUBLIC ( 0xbf, 0x9c, 0xd7, 0x17, 0xf2, 0x35, 0x14, 0x81, 0x79, 0x52,
+		 0xb9, 0x57, 0x4a, 0xbe, 0x19, 0x22, 0xdb, 0xab, 0x2b, 0x02,
+		 0xed, 0x30, 0x09, 0x02, 0xcd, 0x08, 0xcc, 0x70, 0x3c, 0x17,
+		 0x38, 0xbb, 0xcb, 0x40, 0xf6, 0x48, 0x1e, 0x70, 0xc0, 0xc6,
+		 0x89, 0x67, 0xc8, 0xc6, 0xd9, 0x77, 0x7e, 0x2f, 0x99, 0x55,
+		 0x4d, 0xbb, 0x99, 0xc9, 0x47, 0xfc, 0xb6, 0x31, 0xc8, 0x1e,
+		 0xde, 0x5d, 0x6d, 0x93, 0x11, 0x67, 0x87, 0xdf, 0x66, 0x64,
+		 0x2b, 0xc9, 0x07, 0x08, 0xe5, 0x29, 0x39, 0x28, 0x1b, 0x8d,
+		 0x3d, 0x45, 0xf7, 0x12, 0x23, 0x9f, 0x01, 0x7f, 0xd6, 0xd1,
+		 0x59, 0x48, 0x41, 0xe2, 0xa0, 0x33, 0x6e, 0xa6, 0x10, 0xb2,
+		 0x2c, 0xa4, 0x72, 0xe1, 0xed, 0x1d, 0x15, 0x13, 0x7e, 0x8f,
+		 0x18, 0xf7, 0x84, 0x87, 0x1f, 0x1c, 0x49, 0xd0, 0xce, 0xb4,
+		 0xba, 0x64, 0x86, 0x74, 0xde, 0x7f, 0x51, 0xae, 0x51, 0x3d,
+		 0x83, 0x98, 0xb7, 0xe7, 0x18, 0x90, 0x76, 0x2c, 0x30, 0x22,
+		 0x14, 0x44, 0x17, 0x6d, 0xb7, 0xa6, 0x87, 0x4d, 0xb7, 0xa4,
+		 0xf2, 0xc1, 0xe1, 0x38, 0x50, 0xb6, 0x85, 0x22, 0x42, 0xa8,
+		 0x8e, 0x61, 0x38, 0x03, 0x2a, 0xf0, 0x2b, 0xf2, 0x1e, 0x5a,
+		 0xf5, 0x79, 0xca, 0x55, 0xf0, 0xce, 0xce, 0x0b, 0xbc, 0x82,
+		 0x2c, 0x4a, 0x0b, 0x7d, 0x10, 0x1c, 0x8d, 0x4b, 0xd4, 0x56,
+		 0xbb, 0x7a, 0x74, 0x93, 0x88, 0x8e, 0xb0, 0x92, 0xe8, 0x0b,
+		 0x43, 0x01, 0x05, 0x11, 0x4b, 0x70, 0x22, 0x80, 0xc3, 0x28,
+		 0x34, 0xae, 0xb4, 0x94, 0x5d, 0x5b, 0x46, 0x13, 0xb9, 0xc1,
+		 0x65, 0x97, 0xef, 0x84, 0x65, 0x68, 0x6d, 0x84, 0x0c, 0x2c,
+		 0xf8, 0xba, 0x57, 0x3f, 0xaf, 0x6c, 0x2c, 0x43, 0xee, 0x50,
+		 0x67, 0x08, 0xab, 0x3c, 0xbf, 0x90, 0x2e, 0x66, 0x9f, 0xc1,
+		 0xd5, 0x9d, 0xa6, 0x0e, 0x50, 0x33 ),
+	SHARED_FAIL );
+
+/**
+ * Perform FFDHE self-test
+ *
+ */
+static void ffdhe_test_exec ( void ) {
+
+	/* Randomly generated valid keys */
+	exchange_ok ( &ffdhe2048_random );
+	exchange_ok ( &ffdhe3072_random );
+	exchange_ok ( &ffdhe4096_random );
+
+	/* Invalid partner keys */
+	exchange_ok ( &ffdhe2048_zero );
+	exchange_ok ( &ffdhe2048_one );
+	exchange_ok ( &ffdhe2048_minus_one );
+}
+
+/** FFDHE self-test */
+struct self_test ffdhe_test __self_test = {
+	.name = "ffdhe",
+	.exec = ffdhe_test_exec,
+};

src/tests/tests.c

@@ -93,3 +93,4 @@ REQUIRE_OBJECT ( cpio_test );
 REQUIRE_OBJECT ( fdt_test );
 REQUIRE_OBJECT ( ecdsa_test );
 REQUIRE_OBJECT ( hkdf_test );
+REQUIRE_OBJECT ( ffdhe_test );