From d924bdc54ed0400283d9b5a2f6b987f7d9f90db5 Mon Sep 17 00:00:00 2001
From: "Pavel V. Shatov (Meister)" <meisterpaul1@yandex.ru>
Date: Sun, 1 Apr 2018 13:33:04 +0300
Subject: Fixed coordinates of the hardcoded double of the base point, added
 more test vectors to make sure, that the patch actually works. See the
 corresponding commit message for the ecdsa_fpga_model for more details.

---
 bench/tb_curve_multiplier_256.v | 30 ++++++++++++++++++++++++++----
 rtl/curve/rom/brom_p256_h_x.v   | 16 ++++++++--------
 rtl/curve/rom/brom_p256_h_y.v   | 20 ++++++++++----------
 3 files changed, 44 insertions(+), 22 deletions(-)

diff --git a/bench/tb_curve_multiplier_256.v b/bench/tb_curve_multiplier_256.v
index bcca034..66c8e94 100644
--- a/bench/tb_curve_multiplier_256.v
+++ b/bench/tb_curve_multiplier_256.v
@@ -45,19 +45,38 @@ module tb_curve_multiplier_256;
 
 		//
 		// Test Vectors
-		//
+		//
+		 
+		/* Q = d * G */
 	localparam	[255:0]	K_1	= 256'h70a12c2db16845ed56ff68cfc21a472b3f04d7d6851bf6349f2d7d5b3452b38a;
 	localparam	[255:0]	PX_1	= 256'h8101ece47464a6ead70cf69a6e2bd3d88691a3262d22cba4f7635eaff26680a8;
 	localparam	[255:0]	PY_1	= 256'hd8a12ba61d599235f67d9cb4d58f1783d3ca43e78f0a5abaa624079936c0c3a9;
 
+		/* R = k * G */
 	localparam	[255:0]	K_2	= 256'h580ec00d856434334cef3f71ecaed4965b12ae37fa47055b1965c7b134ee45d0;
 	localparam	[255:0]	PX_2	= 256'h7214bc9647160bbd39ff2f80533f5dc6ddd70ddf86bb815661e805d5d4e6f27c;
 	localparam	[255:0]	PY_2	= 256'h8b81e3e977597110c7cf2633435b2294b72642987defd3d4007e1cfc5df84541;
 
+		/* O = n * G */
 	localparam	[255:0]	K_3	= 256'hffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551;
 	localparam	[255:0]	PX_3	= 256'h0000000000000000000000000000000000000000000000000000000000000000;
 	localparam	[255:0]	PY_3	= 256'h0000000000000000000000000000000000000000000000000000000000000000;
+
+		/* H = 2 * G */
+	localparam	[255:0]	K_4	= 256'h0000000000000000000000000000000000000000000000000000000000000002;
+	localparam	[255:0]	PX_4	= 256'h7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978;
+	localparam	[255:0]	PY_4	= 256'h07775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1;
 		
+		/* G = (n + 1) * G */
+	localparam	[255:0]	K_5	= 256'hffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 + 'd1;
+	localparam	[255:0]	PX_5	= 256'h6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296;
+	localparam	[255:0]	PY_5	= 256'h4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5;
+
+		/* H = (n + 2) * G */
+	localparam	[255:0]	K_6	= 256'hffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 + 'd2;
+	localparam	[255:0]	PX_6	= 256'h7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978;
+	localparam	[255:0]	PY_6	= 256'h07775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1;
+				
 		
 		//
 		// Core Parameters
@@ -171,9 +190,12 @@ module tb_curve_multiplier_256;
 		#100;		
 		
 			/* run tests */
-		test_curve_multiplier(K_1, PX_1, PY_1);
-		test_curve_multiplier(K_2, PX_2, PY_2);
-		test_curve_multiplier(K_3, PX_3, PY_3);
+		//test_curve_multiplier(K_1, PX_1, PY_1);
+		//test_curve_multiplier(K_2, PX_2, PY_2);
+		//test_curve_multiplier(K_3, PX_3, PY_3);
+		//test_curve_multiplier(K_4, PX_4, PY_4);
+		//test_curve_multiplier(K_5, PX_5, PY_5);
+		test_curve_multiplier(K_6, PX_6, PY_6);
 		
 			/* print result */
 		if (ok)	$display("tb_curve_multiplier_256: SUCCESS");
diff --git a/rtl/curve/rom/brom_p256_h_x.v b/rtl/curve/rom/brom_p256_h_x.v
index 0b69f77..1982690 100644
--- a/rtl/curve/rom/brom_p256_h_x.v
+++ b/rtl/curve/rom/brom_p256_h_x.v
@@ -54,14 +54,14 @@ module brom_p256_h_x
 	always @(posedge clk)
 		//
 		case (b_addr)
-			3'b000:	bram_reg_b <= 32'h4ece7ad0;
-			3'b001:	bram_reg_b <= 32'h16bd8d74;
-			3'b010:	bram_reg_b <= 32'ha42998be;
-			3'b011:	bram_reg_b <= 32'h11f904fe;
-			3'b100:	bram_reg_b <= 32'h38b77e1b;
-			3'b101:	bram_reg_b <= 32'h0e863235;
-			3'b110:	bram_reg_b <= 32'h3da77b71;
-			3'b111:	bram_reg_b <= 32'h29d05c19;
+			3'b000:	bram_reg_b <= 32'h47669978;
+			3'b001:	bram_reg_b <= 32'ha60b48fc;
+			3'b010:	bram_reg_b <= 32'h77f21b35;
+			3'b011:	bram_reg_b <= 32'hc08969e2;
+			3'b100:	bram_reg_b <= 32'h04b51ac3;
+			3'b101:	bram_reg_b <= 32'h8a523803;
+			3'b110:	bram_reg_b <= 32'h8d034f7e;
+			3'b111:	bram_reg_b <= 32'h7cf27b18;
 		endcase
 
 
diff --git a/rtl/curve/rom/brom_p256_h_y.v b/rtl/curve/rom/brom_p256_h_y.v
index 362fce6..f718d46 100644
--- a/rtl/curve/rom/brom_p256_h_y.v
+++ b/rtl/curve/rom/brom_p256_h_y.v
@@ -54,15 +54,15 @@ module brom_p256_h_y
 	always @(posedge clk)
 		//
 		case (b_addr)
-			3'b000:	bram_reg_b <= 32'hc840ae07;
-			3'b001:	bram_reg_b <= 32'h3449bf97;
-			3'b010:	bram_reg_b <= 32'h94cea131;
-			3'b011:	bram_reg_b <= 32'hd431cca9;
-			3'b100:	bram_reg_b <= 32'h83f061e9;
-			3'b101:	bram_reg_b <= 32'h711814b5;
-			3'b110:	bram_reg_b <= 32'h01e58065;
-			3'b111:	bram_reg_b <= 32'hb01cbd1c;
-		endcase
-
+			3'b000:	bram_reg_b <= 32'h227873d1;
+			3'b001:	bram_reg_b <= 32'h9e04b79d;
+			3'b010:	bram_reg_b <= 32'h3ce98229;
+			3'b011:	bram_reg_b <= 32'hba7dade6;
+			3'b100:	bram_reg_b <= 32'h9f7430db;
+			3'b101:	bram_reg_b <= 32'h293d9ac6;
+			3'b110:	bram_reg_b <= 32'hdb8ed040;
+			3'b111:	bram_reg_b <= 32'h07775510;
+		endcase
+		
 
 endmodule
-- 
cgit v1.2.3