[openssl-users] fips_ecdhvs failing for non Prime Curves

Bala Duvvuri b_duvvuri at yahoo.com
Mon Feb 23 10:25:42 UTC 2015

Hi All,

I am trying to test the FIPS ECDH support present in OpenSSL i.e trying to run the fips_ecdhvs.c test.

The test vectors " ECC CDH Primitive Test Vectors" from NIST website have been downloaded - http://csrc.nist.gov/groups/STM/cavp/#09 and given as the input.

The test passes for the vectors that have the field type - NID_X9_62_prime_field (NIST Prime-Curve P-192, P-256 etc ) but outputs wrong shared key for other curves like (NIST Binary-Curve K-163/B-163/K-233 etc)

The test is run using the command - ./fips_ecdhvs ecdhver KAS_ECC_CDH_PrimitiveTest.txt Out

One observation is the non prime test vectors have 0 at the begining:

QIUTx = 000000071f8b2877d6027d9c1ade4244f2dea12692ef23d5
QIUTy = 00000005c15ee776221c72b84b347ce383f38067b89c3e9a

If we print the EC key using ec_print_key, we find the leading 0's missing, is this ok?

QIUTx = 071f8b2877d6027d9c1ade4244f2dea12692ef23d5
QIUTy = 05c15ee776221c72b84b347ce383f38067b89c3e9a

Please let me know how to make the above test work?


More information about the openssl-users mailing list