Google Git
Sign in
boringssl/boringssl.git/1c55e54eda2cb8d099c047cac43db3f3f0680aef^!/.
commit
1c55e54eda2cb8d099c047cac43db3f3f0680aef
[log]
author
David Benjamin <davidben@google.com>
Sun Dec 30 19:18:43 2018 +0000
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Wed Jan 02 23:29:31 2019 +0000
tree
4f08d38533c91349c392854fa85a90fd7958b807
parent
fb3f0638bac682058cd14ba379801a01575c5255 [diff]
Refresh p256-x86_64_tests.txt.

The old points weren't even on the curve. I probably had no clue what I
was doing at the time when I generated them. Refresh them with a
checked-in generate script.

Change-Id: Ib4613fe922edcf45fc4ea49fc4c2cc23a9a2a9bd
Reviewed-on: https://boringssl-review.googlesource.com/c/33944
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/crypto/fipsmodule/ec/make_p256-x86_64-tests.go b/crypto/fipsmodule/ec/make_p256-x86_64-tests.go
new file mode 100644
index 0000000..958a97a
--- /dev/null
+++ b/crypto/fipsmodule/ec/make_p256-x86_64-tests.go

@@ -0,0 +1,232 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+package main
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/elliptic"
+	"crypto/rand"
+	"fmt"
+	"io"
+	"math/big"
+)
+
+var (
+	p256                  elliptic.Curve
+	zero, one, p, R, Rinv *big.Int
+	deterministicRand     io.Reader
+)
+
+type coordinates int
+
+const (
+	affine coordinates = iota
+	jacobian
+)
+
+func init() {
+	p256 = elliptic.P256()
+
+	zero = new(big.Int)
+	one = new(big.Int).SetInt64(1)
+
+	p = p256.Params().P
+
+	R = new(big.Int)
+	R.SetBit(R, 256, 1)
+	R.Mod(R, p)
+
+	Rinv = new(big.Int).ModInverse(R, p)
+
+	deterministicRand = newDeterministicRand()
+}
+
+func modMul(z, x, y *big.Int) *big.Int {
+	z.Mul(x, y)
+	return z.Mod(z, p)
+}
+
+func toMontgomery(z, x *big.Int) *big.Int {
+	return modMul(z, x, R)
+}
+
+func fromMontgomery(z, x *big.Int) *big.Int {
+	return modMul(z, x, Rinv)
+}
+
+func isAffineInfinity(x, y *big.Int) bool {
+	// Infinity, in affine coordinates, is represented as (0, 0) by
+	// both Go and p256-x86_64-asm.pl.
+	return x.Sign() == 0 && y.Sign() == 0
+}
+
+func randNonZeroInt(max *big.Int) *big.Int {
+	for {
+		r, err := rand.Int(deterministicRand, max)
+		if err != nil {
+			panic(err)
+		}
+		if r.Sign() != 0 {
+			return r
+		}
+	}
+}
+
+func randPoint() (x, y *big.Int) {
+	k := randNonZeroInt(p256.Params().N)
+	return p256.ScalarBaseMult(k.Bytes())
+}
+
+func toJacobian(xIn, yIn *big.Int) (x, y, z *big.Int) {
+	if isAffineInfinity(xIn, yIn) {
+		// The Jacobian representation of infinity has Z = 0. Depending
+		// on the implementation, X and Y may be further constrained.
+		// Generalizing the curve equation to Jacobian coordinates for
+		// non-zero Z gives:
+		//
+		//   y² = x³ - 3x + b, where x = X/Z² and y = Y/Z³
+		//   Y² = X³ + aXZ⁴ + bZ⁶
+		//
+		// Taking that formula at Z = 0 gives Y² = X³. This constraint
+		// allows removing a special case in the point-on-curve check.
+		//
+		// BoringSSL, however, historically generated infinities with
+		// arbitrary X and Y and include the special case. We also have
+		// not verified that add and double preserve this
+		// property. Thus, generate test vectors with unrelated X and Y,
+		// to test that p256-x86_64-asm.pl correctly handles
+		// unconstrained representations of infinity.
+		x = randNonZeroInt(p)
+		y = randNonZeroInt(p)
+		z = zero
+		return
+	}
+
+	z = randNonZeroInt(p)
+
+	// X = xZ²
+	y = modMul(new(big.Int), z, z)
+	x = modMul(new(big.Int), xIn, y)
+
+	// Y = yZ³
+	modMul(y, y, z)
+	modMul(y, y, yIn)
+	return
+}
+
+func printMontgomery(name string, a *big.Int) {
+	a = toMontgomery(new(big.Int), a)
+	fmt.Printf("%s = %064x\n", name, a)
+}
+
+func printTestCase(ax, ay *big.Int, aCoord coordinates, bx, by *big.Int, bCoord coordinates) {
+	rx, ry := p256.Add(ax, ay, bx, by)
+
+	var az *big.Int
+	if aCoord == jacobian {
+		ax, ay, az = toJacobian(ax, ay)
+	} else if isAffineInfinity(ax, ay) {
+		az = zero
+	} else {
+		az = one
+	}
+
+	var bz *big.Int
+	if bCoord == jacobian {
+		bx, by, bz = toJacobian(bx, by)
+	} else if isAffineInfinity(bx, by) {
+		bz = zero
+	} else {
+		bz = one
+	}
+
+	fmt.Printf("Test = PointAdd\n")
+	printMontgomery("A.X", ax)
+	printMontgomery("A.Y", ay)
+	printMontgomery("A.Z", az)
+	printMontgomery("B.X", bx)
+	printMontgomery("B.Y", by)
+	printMontgomery("B.Z", bz)
+	printMontgomery("Result.X", rx)
+	printMontgomery("Result.Y", ry)
+	fmt.Printf("\n")
+}
+
+func main() {
+	fmt.Printf("# ∞ + ∞ = ∞.\n")
+	printTestCase(zero, zero, affine, zero, zero, affine)
+
+	fmt.Printf("# ∞ + ∞ = ∞, with an alternate representation of ∞.\n")
+	printTestCase(zero, zero, jacobian, zero, zero, jacobian)
+
+	gx, gy := p256.Params().Gx, p256.Params().Gy
+	fmt.Printf("# g + ∞ = g.\n")
+	printTestCase(gx, gy, affine, zero, zero, affine)
+
+	fmt.Printf("# g + ∞ = g, with an alternate representation of ∞.\n")
+	printTestCase(gx, gy, affine, zero, zero, jacobian)
+
+	fmt.Printf("# g + -g = ∞.\n")
+	minusGy := new(big.Int).Sub(p, gy)
+	printTestCase(gx, gy, affine, gx, minusGy, affine)
+
+	fmt.Printf("# Test some random Jacobian sums.\n")
+	for i := 0; i < 4; i++ {
+		ax, ay := randPoint()
+		bx, by := randPoint()
+		printTestCase(ax, ay, jacobian, bx, by, jacobian)
+	}
+
+	fmt.Printf("# Test some random Jacobian doublings.\n")
+	for i := 0; i < 4; i++ {
+		ax, ay := randPoint()
+		printTestCase(ax, ay, jacobian, ax, ay, jacobian)
+	}
+
+	fmt.Printf("# Test some random affine sums.\n")
+	for i := 0; i < 4; i++ {
+		ax, ay := randPoint()
+		bx, by := randPoint()
+		printTestCase(ax, ay, affine, bx, by, affine)
+	}
+
+	fmt.Printf("# Test some random affine doublings.\n")
+	for i := 0; i < 4; i++ {
+		ax, ay := randPoint()
+		printTestCase(ax, ay, affine, ax, ay, affine)
+	}
+}
+
+type deterministicRandom struct {
+	stream cipher.Stream
+}
+
+func newDeterministicRand() io.Reader {
+	block, err := aes.NewCipher(make([]byte, 128/8))
+	if err != nil {
+		panic(err)
+	}
+	stream := cipher.NewCTR(block, make([]byte, block.BlockSize()))
+	return &deterministicRandom{stream}
+}
+
+func (r *deterministicRandom) Read(b []byte) (n int, err error) {
+	for i := range b {
+		b[i] = 0
+	}
+	r.stream.XORKeyStream(b, b)
+	return len(b), nil
+}

diff --git a/crypto/fipsmodule/ec/p256-x86_64_tests.txt b/crypto/fipsmodule/ec/p256-x86_64_tests.txt
index d1fdad0..8bc301e 100644
--- a/crypto/fipsmodule/ec/p256-x86_64_tests.txt
+++ b/crypto/fipsmodule/ec/p256-x86_64_tests.txt

@@ -1186,8 +1186,9 @@
 
 # Point adding tests.
 #
-# The following tests satisfy Result = A + B, where Result is in affine
-# coordinates and A and B are in Jacobian coordinates in the Montgomery domain.
+# The following tests satisfy Result = A + B. Result is in affine coordinates,
+# with infinity represented as (0, 0). A and B are in Jacobian coordinates. All
+# field elements are fully reduced and in the Montgomery domain.
 
 # ∞ + ∞ = ∞.
 Test = PointAdd
@@ -1202,11 +1203,11 @@
 
 # ∞ + ∞ = ∞, with an alternate representation of ∞.
 Test = PointAdd
-A.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af
-A.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0
+A.X = 33c0d6224957b40403366bcf638f29928c2b9bcc74a0bac58808b02040781420
+A.Y = f9698d488fd517306a66a397e92542d435a7ee54e978c2b4782da38fcf613c6e
 A.Z = 0000000000000000000000000000000000000000000000000000000000000000
-B.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af
-B.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0
+B.X = 5dd08e3206a651cf2320dc98a3a173baef07fbd04bdc6eee2d79ddb13c63ac2e
+B.Y = 2270fd1d5dde52ec8f1e53816c2a0fcc9836d990894106894d8f99e89edbc335
 B.Z = 0000000000000000000000000000000000000000000000000000000000000000
 Result.X = 0000000000000000000000000000000000000000000000000000000000000000
 Result.Y = 0000000000000000000000000000000000000000000000000000000000000000
@@ -1227,8 +1228,8 @@
 A.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c
 A.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 2b11cb945c8cf152ffa4c9c2b1c965b019b35d0b7626919ef0ae6cb9d232f8af
-B.Y = 6d333da42e30f7011245b6281015ded14e0f100968e758a1b6c3c083afc14ea0
+B.X = edc21713cc3b51b9632b37925b5369a13aa3eab989f2d9a720154c1786eca076
+B.Y = 8da43525eb9de2a56c5a3fd7447258d96ccb60337e474b830d1fa37c0da1da8f
 B.Z = 0000000000000000000000000000000000000000000000000000000000000000
 Result.X = 18905f76a53755c679fb732b7762251075ba95fc5fedb60179e730d418a9143c
 Result.Y = 8571ff1825885d85d2e88688dd21f3258b4ab8e4ba19e45cddf25357ce95560a
@@ -1244,165 +1245,169 @@
 Result.X = 0000000000000000000000000000000000000000000000000000000000000000
 Result.Y = 0000000000000000000000000000000000000000000000000000000000000000
 
+# Test some random Jacobian sums.
 Test = PointAdd
-A.X = bcba3eebf2b0af1174a4b874b155b4dc74bd5fb57c70214561aaabb105635580
-A.Y = 1dc33ce74f651305dd89263c1d314edd2773ef6dd043742a6f47f29542b9eb07
+A.X = cb8dea3327057fe69b5159e0323e60486cda3400545f7e2c60559ac7c8d0d89d
+A.Y = 553de89b31719830c3c3300aa8ad50ea81f40762a4f33ccf81a2d3bcc93a2d53
+A.Z = 4589e40df2efc546b2572c1f45eda26fc191b8d56376f2063fd9470fb277d181
+B.X = 32ad56497c6c6e8399de6814efd21b3eb949bb80dab578073cf0b0aa92054341
+B.Y = 57b33b7acfeee75ef6a31eb7ca0244b375f2d0962a3ce65c06afaa02688399e0
+B.Z = 337d5e1ec2fc711b12fd6c7a51a2f474a922cb107f592b657617d2e0b4f1d35f
+Result.X = 120c6ddd6f8ebc798c5740005bad5a2586575202df9cc3dd07401fe84d8cfdd4
+Result.Y = 966bc89126349ce41738be691f32c1a068e54a654ab2cb0eac39ef15ee17f0df
+
+Test = PointAdd
+A.X = a858b5249026ccc4d25fbd85db17826afa3c5963c26815cbf8511d84dce62a25
+A.Y = bd753e125579388da968036d50067fe0e8eccb531c4d6f1a69c61bc8259c6d76
+A.Z = 82f9cdd9abf991ac27f0caa494b7b7b2851cc6591c6362ef02d1bd2c33fd116c
+B.X = 3e5790fd7ff28a376586c8ef5625b906f2d5d7e6656191f5a530154eecd4c988
+B.Y = 6e6c91011cc5996a7db4e5539eee635ce84780a85a17778da06353048fdf6bd3
+B.Z = a9ef3402e9f15e7a91aef4a53431b2b2068914e4a09ebdafc8aa654351f32331
+Result.X = de9d6bb4dfdee64193d3eaebb9208a86e764b80e1459fd10a2e01c202e33c5e2
+Result.Y = 370e67dbb7cfa6b79adaeec48b1535f0c329856401102d546c695d0dfe1d0db5
+
+Test = PointAdd
+A.X = a2d85e21bf520691b397ac9e0c1360218cef96a8a6f4c2b24d21791360ce4d9e
+A.Y = 0cc1c5493edf586cd24f7a9f40185c1ceefa727369ed159a9fc09b700ba64f78
+A.Z = ad3083a5bd23ee1fdbd3a25abdee815052209bb1a8b22d3f7d8600442b760a61
+B.X = 7d8850dafe2c48d86b6c3f3f44453670aa7169712238d024dbd08cb4e95b9cc1
+B.Y = 6a2698c143609306fe2c402acdf26e3b42874f5ae3ea2e95898c305e791984b8
+B.Z = c81bc8988c6edabf4a03fcc456ce0c445e225c33b76a79552af0b818350ad6b0
+Result.X = 67c5f8af069b5a5636647eee50da847dff8f5f6ef71780a5d1330453db5c8a04
+Result.Y = cec9200fa541b602d94c694f1289d1d073e64f47054baa40a9921c20ca090643
+
+Test = PointAdd
+A.X = 4f9a035ffeddcc36846906cacc812ffae7f3110fe46bf7da12d0b19ec54c3873
+A.Y = 73539ed620938543f94c358dba87319dca40ae4d13d0a888527f007d26d73d74
+A.Z = 922e97056fbf12d89984346368087375560990c3fb2f337d9f46429f2022d634
+B.X = de6fa333804b1da9f046896634e498d5f456288f8f03cc41fc7ba4b1e978429a
+B.Y = fd45f1d5e905c448b947fd65bc2897928d6014425c8c502a1b2838ba882f5813
+B.Z = 50bb4c98bce36b8aad5662b8db35428bb5c1f298e17347caa5d4f542f278a1d9
+Result.X = 5c3cb05b52ec59f3cbb666b0059163afae885676cf81d64cadc943a1c0bb3a86
+Result.Y = 2871d088271faa9258e60ff28115f72294b938ef3d7b927e59177f9b41d5747e
+
+# Test some random Jacobian doublings.
+Test = PointAdd
+A.X = 75da62f76d1887e18a06483bb6b53c3ec42879ed73b7851ed4748e307653714c
+A.Y = a6f0d0d3bb492bf488d99d549aff3f0c3a48f0c35a5931578fe697b8c5f486f7
+A.Z = 6d6a50229164869f24865148a19a24d57d94ebd09dc06b5e4fc3946a95f9124f
+B.X = 3b225af8c7b6155d66061c75a03d23d94e01a2167fa7f44c5bd1e9d9c48c7421
+B.Y = af58b0e38531d1e08187c61a36b33693ef534ecae23dca4542667d93f1844d75
+B.Z = 86ed2be859c4af1d5cf99041840f3bcb7c9b8e8986811393c96e8bf57fcad872
+Result.X = ab0f931fb86a621102e67336eadcf01afe3127aeaf5b4f89e8f34628c8e1afd9
+Result.Y = 52c50e2783d69dde29d6bc75fa359ffe72e7115c2fc89a9699a499cac25e3383
+
+Test = PointAdd
+A.X = f0d499f2e3775de88ed997feeb4589506f061f93766abb0c1251d25630c4c24d
+A.Y = e8de27c3369ba718adbab5597fbaad9581f5b59ae3b758e7d664bae81d895be4
+A.Z = c62dc820a597f75518734f12b2d3c076e5b872303e37b3663636912ade79c058
+B.X = c2845b3faaa995eb88e13a44b08d8a6fdb37103f7bbcc585302c9d090be3fc5b
+B.Y = 733e5ef1b0314754b70b5b98da63cbb7475918ddb85a715e21aade0c2f2e5611
+B.Z = b8505e4a057d108b49f5d0b20884674be18bba48bbc37f765c2c32c5cc4aba5d
+Result.X = 266f2961b9352b44e61902a235b33f766f82f8199c176920dae25ad2cbad5cc9
+Result.Y = 8560e62047908b13c4247b7e4d2657f2bdecab41e73c846ba18523e5f2918a9b
+
+Test = PointAdd
+A.X = f0ca07297738d8687bffcd3f1433966241f437fa1c3381cf2d13f0fc714bc83a
+A.Y = 1181b9d61c6982e743f1c32de5d14da745290ecaf27297c36ff3ef20a7526a55
+A.Z = 93159618ca5a9f9240df7016ddc983e046126d1290e14478dfcc6a4bae9090bd
+B.X = 3a2d75803ccad665f6b785c828eaa96821cb0e81979641b9e59b5fd488fcc755
+B.Y = 99e7f820abdbcdda23d90a88788e30d67303dac86987816dbbed447431e33f3f
+B.Z = a870186c8137cdbd247d16f3aa18782de1e4c5848f49da3437223eb13d7a9ae2
+Result.X = 36a104368d39214d5a3a1a348a1de1389d1aa23009aee37464b5b3256ed4b28c
+Result.Y = da5b14dbd75f6c333929bdff88e53af7253c27e166e15ead6d778631036b7d38
+
+Test = PointAdd
+A.X = a6256508926caca56a31414aba2d5f5b04dcabdb065352a572e215b043df6e01
+A.Y = e6567d330ffb11a86ec29b406b8e3d5cce8ca46f55f38515d842dd856d6852dd
+A.Z = ec172618c8cdbfc0f4fd6dffb77858bb292f229e6d10b5c70d0d9ba75fa3ab44
+B.X = 0251f6715dbba02e6072c12ab1f89a562d35ed0ff68e021b3b5276b9faf57c52
+B.Y = d2d74ff4740ad968fa7e816bc2178458efee797669bef2e634e2857de1658e62
+B.Z = abbecea633d31f569297a4a9ec28f708c7a097cb2423ebaca66ac0e42b1c8ee4
+Result.X = d2a071d4dd72ad7e63834b58b23c4a034ed7950f5c80fad51bf96959b535d55b
+Result.Y = 3cb8dcbe25f49099b9d8dd1a9cb6073368bf6556130f2aa02637dfcff430e869
+
+# Test some random affine sums.
+Test = PointAdd
+A.X = fabada657e477f088883b2987042e595559d669de3a047b27e3ad339fb3fa5f0
+A.Y = 0551992531a68d55a8409d8466034f02808637610ce6d6bcd9cfceb8da1c3e85
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = f9e0b98b1a87b6c49c4cc5fc47efd157e5f12cf5543d71cfa38187a3793d6791
-B.Y = 3b2de94df438554381037c9f9d2c21991c6975d83c0acd42ef1a8419a040436f
+B.X = 3a831cf2b316ce371994a5622e31749407fdf59660dc88322d14c37ebb2d68d2
+B.Y = 849c511908abdfa2bcadc43f9beae88052fdb00573c783fbb1b34b99687b9a6b
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = 6bd7b4e06d7862f749901a398417e941618c11c48dffcce719e4026220b77477
-Result.Y = 1e2ffd71e8c206acc19032d26a53ea275fefea51a2c90e4dd3c8b7c6acc51ab6
+Result.X = d5dc9241b457d33b9bda849fb7aba8baaff8b6eea92974a8adf4b95fbfa849f0
+Result.Y = 089a66780811a8ce455c139c4bea6c5c16234c095a41b9e31c617689bdc6bd0f
 
 Test = PointAdd
-A.X = d71c6da129f6e867bf525563e1d8bdbd2f90a9bac7de867a6ea2317a5d6cb507
-A.Y = 125e0cc1ba0c93caa19edb419a764f88d955289c4c6e77d02d90e4e31d47c9a2
+A.X = 9dfe6299e62453bb943356b6f7d90c8b6c646728ba3550bb7c1548f2ba5920cb
+A.Y = 60a4e342a89837c0e7d61c0e3e88a943633028f5260eff6af5ae8a6063f7a5da
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 334c2200ec08896808ab12a76820ff674fcdccff6d85afa2e586b31fc944de33
-B.Y = b5ee8cfa25896d4075588c60926a2582a099c7a5acbcfec78fba457c4886301c
+B.X = 924d7305f867afecd3cc550f4c05c83a2b4c981ba0e7ff20fd2035fabe2ccc92
+B.Y = 73934620746c23be03a40edb0662c09ef1776506bd50d6397c2654d340629bf5
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = 93e9d4e6f7736f80da1b00d221024ccfd17f2927d6b505a5bcefe0801fe6f0a9
-Result.Y = 4824eeb2d5da27d57e1d50c2dae000acdcddcbaf534d8b7e7d97854ed3dc939e
+Result.X = 7384f658ccbe08afcf6b423bfdd092a8a95b03d81254a519b31517b9b9670155
+Result.Y = e922a56146b94776f805a0fbdee9084dd87be1df54f76145bf83e07cd31a083a
 
 Test = PointAdd
-A.X = 0daba41be2b418e7d160a363e6cbdcbff5d433f96b0d5be3812c0a7adfab8ed4
-A.Y = 3ae4dd97c4d2987a63df16c5fb8c494164e14b93eeebd5585d74bd26e2201499
+A.X = 9b6642b661f06c5b3ef2a0950b3c03d35f42d3d0dcbe105a895f40132c40bd9e
+A.Y = 90cbe0ed40e47923257f064886f1e309a310cb82fc21282f8e8fa4f6c975aed6
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 87135fb06383ec8b282fdc028eb38fd447ac1ecc76922e37f0cc454febb11aee
-B.Y = 98ab966087531eb3eea1e5e36189271a02f7ee8e381f9c78d6f346a301f96f81
+B.X = 587f6b4c4bb3ab3d59ba8d31457615b3df9f9f9466df3563f4419db731f494ea
+B.Y = 38135b314572346439c8d4535b892a26e5da650ae1dc9ac2d5aeb85ade24174f
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = 2e096c2fabf06a5b838c7e07fda436d068dd1c4e3ff4f5704f89ab9df6b4be5b
-Result.Y = 59ca6304321ae1e41bfa30f52e7ef27fceeade8507f20837654383d70e8a41df
+Result.X = 97e94b6d485f8de6779e4ad19cc7bede6d70ff4853a56eb6d5fd4e5caac60858
+Result.Y = 303bf4d62cf569370ae5393fac46b64efe98ee8222b9982bc3dc61b8e32411c5
 
 Test = PointAdd
-A.X = 356db98c21c2169899b9b296edcacb7d531524f2572913b75edb7b73196f5682
-A.Y = 47a26c52b1b2f229109e8aca7f5b4af768baf053a15ff8f58051c7e4e1b7f818
+A.X = da49658b6c64fc7a7441b177987abbbdbfcfc3c2c569ed97696d706f7af91ca0
+A.Y = 9a66906a6e313603e9d78f99fbbda837e521e75bbbad9455ffd43f51f5e30ee5
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 56956f6d3bbbd4aece299f29bb4c537355f312f391c207c6ec6efe646362b288
-B.Y = a69fc73c0636c9928764cc9d6e1482577b6ca06f277c098f571108356a858cab
+B.X = fe32e5885d0005fa1962166142d2aea201af9c4ca41cdddc5446dc2472f71f42
+B.Y = a2f9b4d35ea19303a101034e96870a7caed371a980965bf86291b03b5c85af60
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = ca0ddd995a77173a1438473bf82734cb3a09fafe7050bda9bd592a1cf078fa38
-Result.Y = 379da87952d36c5396b934a2ce8b003ee8fc4155b3b488f2f550734e2a82ce7d
+Result.X = 5375c5ea3e33c1862ca5f09322ce2012c2b4fbee9a299b66e4882e016908cc2a
+Result.Y = 936e4f12ed144cf6fcd0ab085a4929e5e3e7c28641692b1fc2ad9a3b3d447b31
 
+# Test some random affine doublings.
 Test = PointAdd
-A.X = 13764cccab4addf5cf4ef5fb4af60a93e08fa3a0a72653abf013e3427abbf82c
-A.Y = c3dc524745368a0dc4948f897402f4b5a280acbf74f5ea9180d038a483d4090a
-A.Z = 2903a04d6615ec23cd63ba46287be2e7a8eeee030bed49e7a94769386a46f209
-B.X = a5c5921f9a8c569f661693bfae1b167937987c2fe951956ef0e34c426965c648
-B.Y = f8a299605e690a78e583371e59cf2b848d475afc35bb1448981c53ad8c0a6581
-B.Z = 9c3fde73f1899a76eb40f055fce02ab9c1b1ce7d43b54c54f93ffe56830e3f83
-Result.X = 4073318e85bc2d7637fd0129fa8eb86b6ca20334542795f3bb1de54b90a16b69
-Result.Y = 9a1b1e7435d98287b244d2337f8bf0e9c87b40677bf1ea2a9dedbd07c5241ee0
-
-Test = PointAdd
-A.X = f72706b81fca2b1530238bdc2c0c454b5116ee54fdf156bc62bffea73f0645af
-A.Y = c6e66d9ae8fc5e164e6a985f866aae41f3c4e4281a0eea9173e4e77cb29e4bc7
-A.Z = 6a84f9c37634b8aefdae477e9efec66f20d2f6159575f40c7b21a1e0732e8c49
-B.X = bcf21b020cb8fb4b2ef7f639240d221dd96fc08d7fa575c2e7037fc84d8f03b2
-B.Y = abc500f82f06f0d69a920c8d80eef9dd2310cd09e0d89d80fc7397aa4e361dd1
-B.Z = 5031c46be15f9d4fa9a347be998c07f9cc7f754999fe0f9c3c8b38e0d85dda9f
-Result.X = 401b010df4dd21ed96f7c8babb401db74b3b6ee7f55c498803203855b5911de9
-Result.Y = 05e585cca569bc22855f7df32b20a4a45315a1ca5d98d2b94792eb748ec8744b
-
-Test = PointAdd
-A.X = 7b44b52e9fb1bc58c81a2adc9bfedcc42bba3cb34ec666e51cba8050d48fdb37
-A.Y = 2b7e629fef7b4e175f5eb30c421e60f26fefdf5f9fed743cad4a8e638c18696a
-A.Z = 68f31acd92bed56a4556e954b0c51f9f8f3b797bc853d1b2b01b228657bd317f
-B.X = 3d293c36fd065d1f054eb218932d60feb00d1bd4bee0236cb9788d9723df9571
-B.Y = c8b893b8e9ff935f2e060227334e32ba144f4046b1bd4961f4479ad3fef1c7d2
-B.Z = 9c072deacfe5c025c763efebb4feab79e954c47d3e86ef4abfbd1901f50d8495
-Result.X = 245582d32415c77a2e3abbf844cf1a40c31466c1418cd279747e5394744509be
-Result.Y = 5c2f80f947d2df7fb1f829d05c6175f6fce7cd2d7f79fd7aa865f930e910e9fd
-
-Test = PointAdd
-A.X = 75ab91b8a46a5a1abf827cb209373b28cbb8f83a06adf6a9b10ac76e22493ecc
-A.Y = abd989a78d1bcee7e63920d7e637f9763901da408a9d8c731e4e65a6fc52e1a1
-A.Z = 188a24145243ca066c35870e5a8835532ad512fbdcf5f5ae4033b262fa9aa6b8
-B.X = 5d6e885ec19069b2aa51a2723c98da1f03e8dbc344fe1de0bdb42910ba8bfe96
-B.Y = a1f86e66eacc38db7e47154a324a16031705b4803addf074037d3320b50dbef8
-B.Z = 5cff900a783687049a7d497b1f8cd837c479a61f3fef4b7ced180ea82770bc75
-Result.X = a4029333b9b9db434eea002bd6d4e0d9f3e5317c685511a30ecae351fc60d164
-Result.Y = 8e9302c77bc6f560c9bec473ef1ffb76b357c0d4794192696bda8e99651798ee
-
-Test = PointAdd
-A.X = 8d1867f890abaa26b634d5d5cdeb0f4abc7ebd16d807479f837fcece592dc0eb
-A.Y = fc68c801999c12070eddeb3169219c491f9e8fe29cdc4e3cb698ee8471934076
+A.X = b148cad109d4b24342eb3a03ccaa10dfd6101edf9548b1d1442b61982a4e332c
+A.Y = 7daac293162a8ee2592529630f5bd1eae96659d27c045898d33833999cd076ba
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 8d1867f890abaa26b634d5d5cdeb0f4abc7ebd16d807479f837fcece592dc0eb
-B.Y = fc68c801999c12070eddeb3169219c491f9e8fe29cdc4e3cb698ee8471934076
+B.X = b148cad109d4b24342eb3a03ccaa10dfd6101edf9548b1d1442b61982a4e332c
+B.Y = 7daac293162a8ee2592529630f5bd1eae96659d27c045898d33833999cd076ba
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = 8da53dc540c1450c73082ad3b799d0d18a69a747fcd81f847e9e60484dcf579a
-Result.Y = c20c398e99e0513a452b5e9b6331863d1ac3eee6fcf73021f505a0b62daf6f80
+Result.X = ad00fae6ab0898f7d5eeeffe8c94b302060fba2b191a2d342a8a302998ebe566
+Result.Y = 9ee46ba864901cad75169cdea023d7e64da39315e2fec1703fad6b613eb24006
 
 Test = PointAdd
-A.X = 328b983f6490312e37e8eeb2121cd622cf85dbcf78af93df74fbca961ce3bfa2
-A.Y = 1c8a0aea2f2e540770644f48c41810bf7f9e1a782b2f6397712b17c88109fbce
+A.X = f21318618205f4967c4f47c9bc3cea41e144dc01830d087414da8dcb16d37cb3
+A.Y = 76cebf81ecc696024fe949191dc49b245ef8cc0d55ada88abf481ddad9eb6129
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 328b983f6490312e37e8eeb2121cd622cf85dbcf78af93df74fbca961ce3bfa2
-B.Y = 1c8a0aea2f2e540770644f48c41810bf7f9e1a782b2f6397712b17c88109fbce
+B.X = f21318618205f4967c4f47c9bc3cea41e144dc01830d087414da8dcb16d37cb3
+B.Y = 76cebf81ecc696024fe949191dc49b245ef8cc0d55ada88abf481ddad9eb6129
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = b6f3c548944862dfdea2314ca6d6a88780b08da41becf58384af80544aca4966
-Result.Y = 95afecb4ad3195485a2aad3cd14008c9a7c1e0c02656c3c2b7cd5f2e7f3a4474
+Result.X = ad8e13b721bcbfc0fe629465cda5fee3494785d51dbe65f1e13429f52c83f03e
+Result.Y = 85722e168d89543dce293428e75d52765d0935bde2ef5c45a088222db0dbbeb5
 
 Test = PointAdd
-A.X = 3ae6b24cadd6a14612d24a1c094a35c6be56db8f53a6d526e0ede03923918443
-A.Y = de8a23105c5f5c88b77dbde74e30a56f8865d78a5ce9060cff9f2927dbd196b6
+A.X = 8797ff95334b238dadf0cb3d4dc9350678f4c7fc520089ecb70ab419510f2331
+A.Y = 326c7583d54dde377fa9193c8588912c4db2219e1bb383ab13902187e5ef76ce
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = 3ae6b24cadd6a14612d24a1c094a35c6be56db8f53a6d526e0ede03923918443
-B.Y = de8a23105c5f5c88b77dbde74e30a56f8865d78a5ce9060cff9f2927dbd196b6
+B.X = 8797ff95334b238dadf0cb3d4dc9350678f4c7fc520089ecb70ab419510f2331
+B.Y = 326c7583d54dde377fa9193c8588912c4db2219e1bb383ab13902187e5ef76ce
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = 6f125b512c3c736f39781fcd89adb653e515b4ce1e1204505f08d0a8480052ef
-Result.Y = e1acfccf1b9950067adf0f06e0d9703a8b1ac1bbdbb35b08df28cd56c24ae5a0
+Result.X = e91c8ec9611de8e44e0d882df59f4fae8d15e3867858fb155256a4a2f154bbc4
+Result.Y = c12be21033c6dcea7e7d7262c47876d099aead75d8b025e45ce7986193fc6f8a
 
 Test = PointAdd
-A.X = f317c6c02d9a6ff0799b3b4a22f83c95324831baad336ecd0c631ea04a5e11c8
-A.Y = b624e8057d411031f41b30cd02f56c24e89262e885007b7a1ed1861feb7ffcda
+A.X = 2f4cba9543c9537e393f126e31bedb521dc0a74a940e731800e5e39cdece355d
+A.Y = 1a0957898b746b7dbc9245acd0c6df9e6adca4d8537454c9f318a8ce7c3875c4
 A.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-B.X = f317c6c02d9a6ff0799b3b4a22f83c95324831baad336ecd0c631ea04a5e11c8
-B.Y = b624e8057d411031f41b30cd02f56c24e89262e885007b7a1ed1861feb7ffcda
+B.X = 2f4cba9543c9537e393f126e31bedb521dc0a74a940e731800e5e39cdece355d
+B.Y = 1a0957898b746b7dbc9245acd0c6df9e6adca4d8537454c9f318a8ce7c3875c4
 B.Z = 00000000fffffffeffffffffffffffffffffffff000000000000000000000001
-Result.X = e805208c74602e54482d113f16fcf6e4600436f8af49705cdd05ecfb0e6d45fd
-Result.Y = baded898bfead1b4eb3ab3bbd0129837efc85823dabe82718a975bd603f96d9e
-
-Test = PointAdd
-A.X = 3a6802aeaebc67046a1e75152822fa8bab04c11ae2b816f42c073daee3f13274
-A.Y = d6522c882d18e32bc5ea1fa59efbce8ce2369f2154dcc00e6fb17500f50f8ebf
-A.Z = bea747d5bb1c6ee865249d7a22378f3c760916e163497f4b6ef4da8adcb5dfab
-B.X = 3a6802aeaebc67046a1e75152822fa8bab04c11ae2b816f42c073daee3f13274
-B.Y = d6522c882d18e32bc5ea1fa59efbce8ce2369f2154dcc00e6fb17500f50f8ebf
-B.Z = bea747d5bb1c6ee865249d7a22378f3c760916e163497f4b6ef4da8adcb5dfab
-Result.X = 5a2891dca746889d413d8dc1a69b715954baf692689fc32d9aa10b7431a5c149
-Result.Y = 91db7288536b4f6d78e5a787ecbb5094f6834515038cb070a7fa4870af8045f0
-
-Test = PointAdd
-A.X = c76ddbcb15bc63f82807804536a0d25fd7a639c71adf953ad6cc8f68d915f485
-A.Y = e3a4f830809f5e91b68699c05fa9faa7c3d1f9d1b1c982c282508fa18d695537
-A.Z = eb372f19c7b9466a116363ad9114a89ad287523da318d915f59ed5e558bd824e
-B.X = c76ddbcb15bc63f82807804536a0d25fd7a639c71adf953ad6cc8f68d915f485
-B.Y = e3a4f830809f5e91b68699c05fa9faa7c3d1f9d1b1c982c282508fa18d695537
-B.Z = eb372f19c7b9466a116363ad9114a89ad287523da318d915f59ed5e558bd824e
-Result.X = c5485a3509f55c7cc33d098fb0bfe1b198a9f26ce0ebc29bec5baa29ef6f74a2
-Result.Y = 60e949a551aa94afc9a3efe411a3c63ecb851ef1738ed24c88f86cf85ec01020
-
-Test = PointAdd
-A.X = ca72936509631f09d2a3ac14fb786daabb15520ef01de4298c7fd71653e89194
-A.Y = 02aeb6b6f04cd8125887baa18e6e79ba2b0acfa9a2443e9eea36ca7715eb8eb3
-A.Z = 8b4ef1a52fa42c711445e0463003f2ed38ace6583bf08198e9a0b938b4589479
-B.X = ca72936509631f09d2a3ac14fb786daabb15520ef01de4298c7fd71653e89194
-B.Y = 02aeb6b6f04cd8125887baa18e6e79ba2b0acfa9a2443e9eea36ca7715eb8eb3
-B.Z = 8b4ef1a52fa42c711445e0463003f2ed38ace6583bf08198e9a0b938b4589479
-Result.X = 8d3b35c5661faafa83510ab9b3f1642bb121e7686ed4ae61323ddee2c7247f93
-Result.Y = 1a22ef5df156ca80235fe3cd1ca3152e21a3e17b2a34dd93b2003e3274a8a2fb
-
-Test = PointAdd
-A.X = db7b023fbe056819027fa09c5a2a0d777a53fb78c00bf4f31f46b63a7494bbfe
-A.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32
-A.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8
-B.X = db7b023fbe056819027fa09c5a2a0d777a53fb78c00bf4f31f46b63a7494bbfe
-B.Y = 59affcbf4628d572ee56b95087d30e765bb518b123e879b25df9960dab706a32
-B.Z = 1f7c7226d78e51478c683bbb6afe01abc2225dbfc773d0806d30ff5f827b76c8
-Result.X = fba400ae656ec3103c5c5f531d2a0f7368031e01a48a91f1a4f3138d294b13be
-Result.Y = 160e358ad1f059eb62722df01a7440048a1db21ecaea8698efa9677db6e9ff97
+Result.X = 5cdc40808120b68e3131bd6ed70a5ce6618f960e4d540baa582afc71be97c65d
+Result.Y = 1926a2c9f5b2d3d1dff784623fe6efe2ac629395101d38db0eff5e540bfeacb0
 
 
 # Scalar montgomery multiplication tests.