tests/t-mpi-point: add reduction test-vectors for NIST curves.

* tests/t-mpi-point.c (check_ec_mul_reduction): New.
(main): Call 'check_ec_mul_reduction'.
--

This is partial cherry-pick of master commit:
fc92c609dfdbcf59a09ca3aaf53a1c1b8408c351 (ec-nist: fix 'mod p' carry
adjustment and output masking).

GnuPG-bug-id: 5510
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>

1 files changed, 738 insertions, 0 deletions

diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index 0c4d8905..d288422b 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -3282,6 +3282,743 @@ check_ec_mul (void)
 }
 
 
+static void
+check_ec_mul_reduction (void)
+{
+  static struct
+  {
+    const char *curve;
+    const char *scalar;
+    const char *ux;
+    const char *uy;
+    const char *uz;
+    const char *qx;
+    const char *qy;
+  } tv[] =
+  {
+    /* --- NIST P-192 --- */
+
+    /* Bug report: https://dev.gnupg.org/T5510 */
+    {
+      "NIST P-192",
+      "0FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830",
+      "000000000000000000000000000000000FFFFFFFFFFFFFF00",
+      "030A893B61A4E76AF2B682FDB86E043C427C1AD2DFDABB62E",
+      NULL,
+      "000000000000000000000000000000000FFFFFFFFFFFFFF00",
+      "0CF576C49E5B18950D497D024791FBC3AD83E52D2025449D1"
+    },
+    {
+      "NIST P-192",
+      "0FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830",
+      "000000000000000000000000000000000FFFFFFFFFFFFFF00",
+      "0CF576C49E5B18950D497D024791FBC3AD83E52D2025449D1",
+      NULL,
+      "000000000000000000000000000000000FFFFFFFFFFFFFF00",
+      "030A893B61A4E76AF2B682FDB86E043C427C1AD2DFDABB62E"
+    },
+
+    /* Test #1 for NIST P-192 fast reduction */
+    {
+      "NIST P-192",
+      "09977FBFF49FFB1F115C20E3378819ACCFB2A2A19EF9D00C2",
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0000000000000000000000000000000000000000000000001",
+      NULL,
+      "019298C549B3982415E831422E8FF991D25C589B214B3EC20",
+      "09CF5FFD92F0218F704E1F5D4F888FEB1AE5C09674428D9FE"
+    },
+    {
+      "NIST P-192",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCD",
+      "019298C549B3982415E831422E8FF991D25C589B214B3EC20",
+      "09CF5FFD92F0218F704E1F5D4F888FEB1AE5C09674428D9FE",
+      NULL,
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0000000000000000000000000000000000000000000000001"
+    },
+
+    /* Test #2 for NIST P-192 fast reduction */
+    {
+      "NIST P-192",
+      "09977FBFF49FFB1F115C20E3378819ACCFB2A2A19EF9D00C2",
+      "03DA9DE5C6BFA357FDAD6F1B64479BFF526480BF1647D1DDE",
+      "0000000000000000000000000000000010000000000000001",
+      NULL,
+      "0FA56FFAE18551DEC7B10335F9E4D9844B11EEF9C3124B7CF",
+      "06EC4073A143832560600767FDDC0499A1721BE8C2DEE9B68"
+    },
+    {
+      "NIST P-192",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCD",
+      "0FA56FFAE18551DEC7B10335F9E4D9844B11EEF9C3124B7CF",
+      "06EC4073A143832560600767FDDC0499A1721BE8C2DEE9B68",
+      NULL,
+      "03DA9DE5C6BFA357FDAD6F1B64479BFF526480BF1647D1DDE",
+      "0000000000000000000000000000000010000000000000001"
+    },
+
+    /* Test #3 for NIST P-192 fast reduction */
+    {
+      "NIST P-192",
+      "09977FBFF49FFB1F115C20E3378819ACCFB2A2A19EF9D00C2",
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFE",
+      NULL,
+      "019298C549B3982415E831422E8FF991D25C589B214B3EC20",
+      "0630A0026D0FDE708FB1E0A2B0777014D51A3F698BBD72601"
+    },
+    {
+      "NIST P-192",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCD",
+      "019298C549B3982415E831422E8FF991D25C589B214B3EC20",
+      "0630A0026D0FDE708FB1E0A2B0777014D51A3F698BBD72601",
+      NULL,
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFE"
+    },
+
+    /* Test #4 for NIST P-192 fast reduction */
+    {
+      "NIST P-192",
+      "0FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830",
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0000000000000000000000000000000000000000000000001",
+      NULL,
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFE"
+    },
+    {
+      "NIST P-192",
+      "0FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830",
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFE",
+      NULL,
+      "06D9D789820A2C19237C96AD4B8D86B87FB49D4D6C728B84F",
+      "0000000000000000000000000000000000000000000000001"
+    },
+
+    /* --- NIST P-224 --- */
+
+    /* Test #1 for NIST P-224 fast reduction */
+    {
+      "NIST P-224",
+      "05793BE916A89FC5475A3267BE6F3530901AEC6010E8C2EA2D79F9EE8",
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "000000000000000000000000000000000000000000000000000000001",
+      NULL,
+      "0B5457C849D65FBA90C724C9528F500C10930B744F1ECFF60015238D7",
+      "05BBF4A452ADCAFB15484C0E3AAEBF37153543DA0785EBB61A8F2A1B9"
+    },
+    {
+      "NIST P-224",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF012345",
+      "0B5457C849D65FBA90C724C9528F500C10930B744F1ECFF60015238D7",
+      "05BBF4A452ADCAFB15484C0E3AAEBF37153543DA0785EBB61A8F2A1B9",
+      NULL,
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "000000000000000000000000000000000000000000000000000000001"
+    },
+
+    /* Test #2 for NIST P-224 fast reduction */
+    {
+      "NIST P-224",
+      "05793BE916A89FC5475A3267BE6F3530901AEC6010E8C2EA2D79F9EE8",
+      "02FEB134F401D499197917C3470242239093606F5B8EA463A763C3AC4",
+      "0C0000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+      NULL,
+      "0384BD56C5E3FA9C109C841485CCB0B8C90FB5928A87388A658E164AA",
+      "04701B697F333FD522787DF61F3CDB3F964FF43F288858BC4524CA3CD"
+    },
+    {
+      "NIST P-224",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF012345",
+      "0384BD56C5E3FA9C109C841485CCB0B8C90FB5928A87388A658E164AA",
+      "04701B697F333FD522787DF61F3CDB3F964FF43F288858BC4524CA3CD",
+      NULL,
+      "02FEB134F401D499197917C3470242239093606F5B8EA463A763C3AC4",
+      "0C0000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"
+    },
+
+    /* Test #3 for NIST P-224 fast reduction */
+    {
+      "NIST P-224",
+      "05793BE916A89FC5475A3267BE6F3530901AEC6010E8C2EA2D79F9EE8",
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000",
+      NULL,
+      "0B5457C849D65FBA90C724C9528F500C10930B744F1ECFF60015238D7",
+      "0A440B5BAD523504EAB7B3F1C55140C8DACABC25F87A1449E570D5E48"
+    },
+    {
+      "NIST P-224",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF012345",
+      "0B5457C849D65FBA90C724C9528F500C10930B744F1ECFF60015238D7",
+      "0A440B5BAD523504EAB7B3F1C55140C8DACABC25F87A1449E570D5E48",
+      NULL,
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000"
+    },
+
+    /* Test #4 for NIST P-224 fast reduction */
+    {
+      "NIST P-224",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3C",
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "000000000000000000000000000000000000000000000000000000001",
+      NULL,
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000"
+    },
+    {
+      "NIST P-224",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3C",
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000000",
+      NULL,
+      "03B5889352DDF7468BF8C0729212AA1B2A3FCB1A844B8BE91ABB753D5",
+      "000000000000000000000000000000000000000000000000000000001"
+    },
+
+    /* --- NIST P-256 --- */
+
+    /* Bug report: https://dev.gnupg.org/T5510 */
+    {
+      "NIST P-256",
+      "00000000000FF0000000400000000000000000000005D00003277002000010000",
+      "00000FFFFFFFF0000000000000000000000000000000000000000000000000000",
+      "0CFE26D107A5134D6FEB38CE3577075BDC7AA70FF7523D3B203C8A973F2D3DC8E",
+      NULL,
+      "0FD351B304AD50F36153D8193C4BBF7D4C3BEE26E5AF52A9C70133EDFA62C273E",
+      "005DA8312615436E9C81B5B0624E68667233ACE6307AFC8056EAE85049CA63226"
+    },
+    {
+      "NIST P-256",
+      "096D8332E8F1265354CB7D213EF7809BA2D9639DFA634F321420C238CD2ED1830",
+      "0FD351B304AD50F36153D8193C4BBF7D4C3BEE26E5AF52A9C70133EDFA62C273E",
+      "005DA8312615436E9C81B5B0624E68667233ACE6307AFC8056EAE85049CA63226",
+      NULL,
+      "00000FFFFFFFF0000000000000000000000000000000000000000000000000000",
+      "0CFE26D107A5134D6FEB38CE3577075BDC7AA70FF7523D3B203C8A973F2D3DC8E"
+    },
+
+    /* Test #1 for NIST P-256 fast reduction */
+    {
+      "NIST P-256",
+      "0F14DE6DA4CBA6F4C7B7E988EEF4D168088B6300BAB207054AA24E6D3019D5A23",
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "00000000000000000000000000000000000000000000000000000000000000001",
+      NULL,
+      "0688856989B61877BC62ED4D2EE8E0FCA4588D90C2F9A282FA4AD6ACCFBAA95DF",
+      "0D2B9F7FA3982EE114FBBA108E132CECB5A605520661B3C4F7CF2906714B400E2"
+    },
+    {
+      "NIST P-256",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC",
+      "0688856989B61877BC62ED4D2EE8E0FCA4588D90C2F9A282FA4AD6ACCFBAA95DF",
+      "0D2B9F7FA3982EE114FBBA108E132CECB5A605520661B3C4F7CF2906714B400E2",
+      NULL,
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "00000000000000000000000000000000000000000000000000000000000000001"
+    },
+
+    /* Test #2 for NIST P-256 fast reduction */
+    {
+      "NIST P-256",
+      "0F14DE6DA4CBA6F4C7B7E988EEF4D168088B6300BAB207054AA24E6D3019D5A23",
+      "0F650B5048E7DE9587399E64274C008A4CA0992BA29DC05F7E51243D34C2949EC",
+      "0FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+      NULL,
+      "0BEF9CCBF964B86724C97CF35D3890CAB3E9802EDAD1A3D9070695FD04C640087",
+      "0E540F49BAC4AA879B7A1D7C40CE03F7097A910B77F098DA2F7C441407BAD119B"
+    },
+    {
+      "NIST P-256",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC",
+      "0BEF9CCBF964B86724C97CF35D3890CAB3E9802EDAD1A3D9070695FD04C640087",
+      "0E540F49BAC4AA879B7A1D7C40CE03F7097A910B77F098DA2F7C441407BAD119B",
+      NULL,
+      "0F650B5048E7DE9587399E64274C008A4CA0992BA29DC05F7E51243D34C2949EC",
+      "0FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"
+    },
+
+    /* Test #3 for NIST P-256 fast reduction */
+    {
+      "NIST P-256",
+      "0F14DE6DA4CBA6F4C7B7E988EEF4D168088B6300BAB207054AA24E6D3019D5A23",
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "0FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFE",
+      NULL,
+      "0688856989B61877BC62ED4D2EE8E0FCA4588D90C2F9A282FA4AD6ACCFBAA95DF",
+      "02D460804C67D11EFB0445EF71ECD3134A59FAAE099E4C3B0830D6F98EB4BFF1D"
+    },
+    {
+      "NIST P-256",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC",
+      "0688856989B61877BC62ED4D2EE8E0FCA4588D90C2F9A282FA4AD6ACCFBAA95DF",
+      "02D460804C67D11EFB0445EF71ECD3134A59FAAE099E4C3B0830D6F98EB4BFF1D",
+      NULL,
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "0FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFE"
+    },
+
+    /* Test #4 for NIST P-256 fast reduction */
+    {
+      "NIST P-256",
+      "0FD1AEFA76594FC4D14169064B1AE89B2224AEB9F9C314E21BDCFEB5F2AFB3B81",
+      "0FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+      "0AFE89640E5A59FE8F69ADB58DB0059E522E5CC1D0CEDAB7AC6F8455F49AADED2",
+      NULL,
+      "0063257268860D4F13CFC6071CE09E3D1BD8B77B08A0714CFF42880F430A4F1CE",
+      "09665C75111B793CE3BF6E2BF45F9B55E065D22F93C4063A79DF8C9D139E83173"
+    },
+    {
+      "NIST P-256",
+      "0C0DE4C0FFEE1111C0DE4C0FFEE1111C0DE4C0FFEE1111C0DE4C0FFEE1111C0DE",
+      "0063257268860D4F13CFC6071CE09E3D1BD8B77B08A0714CFF42880F430A4F1CE",
+      "09665C75111B793CE3BF6E2BF45F9B55E065D22F93C4063A79DF8C9D139E83173",
+      NULL,
+      "0FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+      "0AFE89640E5A59FE8F69ADB58DB0059E522E5CC1D0CEDAB7AC6F8455F49AADED2"
+    },
+
+    /* Test #5 for NIST P-256 fast reduction */
+    {
+      "NIST P-256",
+      "0FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550",
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "00000000000000000000000000000000000000000000000000000000000000001",
+      NULL,
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "0FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFE"
+    },
+    {
+      "NIST P-256",
+      "0FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550",
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "0FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFE",
+      NULL,
+      "08D0177EBAB9C6E9E10DB6DD095DBAC0D6375E8A97B70F611875D877F0069D2C7",
+      "00000000000000000000000000000000000000000000000000000000000000001"
+    },
+
+    /* --- NIST P-384 --- */
+
+    /* Bug report: https://dev.gnupg.org/T5510 */
+    {
+      "NIST P-384",
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF"
+      "581A0DB248B0A77AECEC196ACCC52972",
+      "0000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000FFFFFFFFFFFFFFFFFFFFFC",
+      "1B0D6F8FB7F2DE5B8875645B64042AE20F119F3E1CFEFC0215857EEAE5F4A8FC"
+      "A737057D69A42C44D958E7CFCC77CE6B",
+      NULL,
+      "0000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000FFFFFFFFFFFFFFFFFFFFFC",
+      "E4F29070480D21A4778A9BA49BFBD51DF0EE60C1E30103FDEA7A81151A0B5702"
+      "58C8FA81965BD3BB26A7183133883194"
+    },
+    {
+      "NIST P-384",
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF"
+      "581A0DB248B0A77AECEC196ACCC52972",
+      "0000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000FFFFFFFFFFFFFFFFFFFFFC",
+      "E4F29070480D21A4778A9BA49BFBD51DF0EE60C1E30103FDEA7A81151A0B5702"
+      "58C8FA81965BD3BB26A7183133883194",
+      NULL,
+      "0000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000FFFFFFFFFFFFFFFFFFFFFC",
+      "1B0D6F8FB7F2DE5B8875645B64042AE20F119F3E1CFEFC0215857EEAE5F4A8FC"
+      "A737057D69A42C44D958E7CFCC77CE6B"
+    },
+
+    /* Test #1 for NIST P-384 fast reduction */
+    {
+      "NIST P-384",
+      "0739C89BDC9F071F1DC8391A52A0764EE0E15387DBB56E4FDAD647993F52C9121"
+      "D2DCE779834057EEAE390D113E337DDB",
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "00000000000000000000000000000001",
+      NULL,
+      "041CF9FB4C86482B7EC4850FB8AA31771D5F2D3944168B16D47C307468929A860"
+      "B21334F09C2F33AAA565E7190225C793",
+      "00512D4C3F17BA90EEDBCC74C7CBA4410A4F68C8FC0EFB9B981501B454F574744"
+      "8947DFC29E4BAEE30439A84D455627C6"
+    },
+    {
+      "NIST P-384",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890A",
+      "041CF9FB4C86482B7EC4850FB8AA31771D5F2D3944168B16D47C307468929A860"
+      "B21334F09C2F33AAA565E7190225C793",
+      "00512D4C3F17BA90EEDBCC74C7CBA4410A4F68C8FC0EFB9B981501B454F574744"
+      "8947DFC29E4BAEE30439A84D455627C6",
+      NULL,
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "00000000000000000000000000000001"
+    },
+
+    /* Test #2 for NIST P-384 fast reduction */
+    {
+      "NIST P-384",
+      "0739C89BDC9F071F1DC8391A52A0764EE0E15387DBB56E4FDAD647993F52C9121"
+      "D2DCE779834057EEAE390D113E337DDB",
+      "0C4A2DEA4D2A725EAEEFA6CA6FA301155510309F46EA1C70C909B988B49E1D612"
+      "468051EB758869259D1BF892E0A555C2",
+      "00000000000000000000000000000000000000000000000000000000000000001"
+      "00000000FFFFFFFFFFFFFFFF00000001",
+      NULL,
+      "0ED97AD545DB70C379C94BDA35926921F26FA9B9B338D32D8F2A163DBBEC5CFAF"
+      "600830D133A14C0B599B53E57D206DE2",
+      "069B72397B725CA8FA7A59173D4F588273C8303B5F6A5AFD8ACBD6B56CC7CCF32"
+      "B6FCE2DBB991DE4C6E9CCFAF21B8ECCF"
+    },
+    {
+      "NIST P-384",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890A",
+      "0ED97AD545DB70C379C94BDA35926921F26FA9B9B338D32D8F2A163DBBEC5CFAF"
+      "600830D133A14C0B599B53E57D206DE2",
+      "069B72397B725CA8FA7A59173D4F588273C8303B5F6A5AFD8ACBD6B56CC7CCF32"
+      "B6FCE2DBB991DE4C6E9CCFAF21B8ECCF",
+      NULL,
+      "0C4A2DEA4D2A725EAEEFA6CA6FA301155510309F46EA1C70C909B988B49E1D612"
+      "468051EB758869259D1BF892E0A555C2",
+      "00000000000000000000000000000000000000000000000000000000000000001"
+      "00000000FFFFFFFFFFFFFFFF00000001"
+    },
+
+    /* Test #3 for NIST P-384 fast reduction */
+    {
+      "NIST P-384",
+      "0739C89BDC9F071F1DC8391A52A0764EE0E15387DBB56E4FDAD647993F52C9121"
+      "D2DCE779834057EEAE390D113E337DDB",
+      "05ADE55A6BD4FA27FCA00D1C38653843E3E8421E018DFC7DDAD34076C4D41A621"
+      "980D62417D12330DAE5948C2C6D7D347",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+      "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFD",
+      NULL,
+      "0A85779C7427F50E92166268399F4ABEDDAA7B8866B0A495ED603BE80A8900786"
+      "DD287FF5C28708D039AF02DD1FC197CC",
+      "0CB97C2A5822A86B82DFE300E7F6278A087506A718EBD4FF317D7529581E98470"
+      "56FCE58652AA1B6D6FBB62851099A9FF"
+    },
+    {
+      "NIST P-384",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890A",
+      "0A85779C7427F50E92166268399F4ABEDDAA7B8866B0A495ED603BE80A8900786"
+      "DD287FF5C28708D039AF02DD1FC197CC",
+      "0CB97C2A5822A86B82DFE300E7F6278A087506A718EBD4FF317D7529581E98470"
+      "56FCE58652AA1B6D6FBB62851099A9FF",
+      NULL,
+      "05ADE55A6BD4FA27FCA00D1C38653843E3E8421E018DFC7DDAD34076C4D41A621"
+      "980D62417D12330DAE5948C2C6D7D347",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+      "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFD"
+    },
+
+    /* Test #4 for NIST P-384 fast reduction */
+    {
+      "NIST P-384",
+      "0739C89BDC9F071F1DC8391A52A0764EE0E15387DBB56E4FDAD647993F52C9121"
+      "D2DCE779834057EEAE390D113E337DDB",
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+      "FFFFFFFF0000000000000000FFFFFFFE",
+      NULL,
+      "041CF9FB4C86482B7EC4850FB8AA31771D5F2D3944168B16D47C307468929A860"
+      "B21334F09C2F33AAA565E7190225C793",
+      "0FAED2B3C0E8456F1124338B38345BBEF5B0973703F1046467EAFE4BAB0A8B8BA"
+      "76B8203C61B4511CFBC657B3BAA9D839"
+    },
+    {
+      "NIST P-384",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890A",
+      "041CF9FB4C86482B7EC4850FB8AA31771D5F2D3944168B16D47C307468929A860"
+      "B21334F09C2F33AAA565E7190225C793",
+      "0FAED2B3C0E8456F1124338B38345BBEF5B0973703F1046467EAFE4BAB0A8B8BA"
+      "76B8203C61B4511CFBC657B3BAA9D839",
+      NULL,
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+      "FFFFFFFF0000000000000000FFFFFFFE"
+    },
+
+    /* Test #5 for NIST P-384 fast reduction */
+    {
+      "NIST P-384",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF"
+      "581A0DB248B0A77AECEC196ACCC52972",
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "0000000000000000000000000000000000000000000000000000000000000000"
+      "00000000000000000000000000000001",
+      NULL,
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+      "FFFFFFFF0000000000000000FFFFFFFE"
+    },
+    {
+      "NIST P-384",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF"
+      "581A0DB248B0A77AECEC196ACCC52972",
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+      "FFFFFFFF0000000000000000FFFFFFFE",
+      NULL,
+      "02261B2BF605C22F2F3AEF6338719B2C486388AD5240719A5257315969EF01BA2"
+      "7F0A104C89704773A81FDABEE6AB5C78",
+      "0000000000000000000000000000000000000000000000000000000000000000"
+      "00000000000000000000000000000001",
+    },
+
+    /* --- NIST P-521 --- */
+
+    /* Test #1 for NIST P-521 fast reduction */
+    {
+      "NIST P-521",
+      "014395758AE77FEE059DA0B5ABC00C374ACA51984B95451C08AD8309DC8CEFB9F"
+      "0B7D03950131E54E63319D4592D679C1F8CFD610289F7B791D5C1C09B7BC5122195",
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000001",
+      NULL,
+      "0091EC67F53DC1C752724942D6B94A3D66D91C16C997F42524400D3CD10074C07"
+      "FF6F7981A44292B25B478AE551DE980999404EC9221FD3FACE26C40FE783576EF1B",
+      "00534EE41FFDDCE7E171AF630593437896A4C0344900671D1886ED21EF61AC26D"
+      "A3DF4C6D7F1330B3EA25ABB6CA2127A605A650F2A6E916EAB757FE8B43116227FA1"
+    },
+    {
+      "NIST P-521",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890AB",
+      "0091EC67F53DC1C752724942D6B94A3D66D91C16C997F42524400D3CD10074C07"
+      "FF6F7981A44292B25B478AE551DE980999404EC9221FD3FACE26C40FE783576EF1B",
+      "00534EE41FFDDCE7E171AF630593437896A4C0344900671D1886ED21EF61AC26D"
+      "A3DF4C6D7F1330B3EA25ABB6CA2127A605A650F2A6E916EAB757FE8B43116227FA1",
+      NULL,
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000001"
+    },
+
+    /* Test #2 for NIST P-521 fast reduction */
+    {
+      "NIST P-521",
+      "014395758AE77FEE059DA0B5ABC00C374ACA51984B95451C08AD8309DC8CEFB9F"
+      "0B7D03950131E54E63319D4592D679C1F8CFD610289F7B791D5C1C09B7BC5122195",
+      "01A255D0D3B19B08BE171002C6D73096CA0E41498E805ABF61016EBF1A41E8018"
+      "D5F876D2870BFF35AA254BE8D6A303A79C4E4A3427AA4BDF8EE59DCAC22F4C83CD6",
+      "01000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000003",
+      NULL,
+      "00CEA3C8CE463F76789E7B0FCBEE5253E64BFA0FCBE101944CEFFC04D1786FF88"
+      "C9EC5650BFAC13D4037C34064E6E0CE00AA666EAC026F7EE4CE6F7805A10AD9C743",
+      "01F2D67A2DD50C916C48011BEE7BADFA488CD8C4F8BD69064C8BB454579E7B2FB"
+      "EDE9B52418239251C5B81638970916D1B3CACD25487927978CE7B0CD2A25916F9FE"
+    },
+    {
+      "NIST P-521",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890AB",
+      "00CEA3C8CE463F76789E7B0FCBEE5253E64BFA0FCBE101944CEFFC04D1786FF88"
+      "C9EC5650BFAC13D4037C34064E6E0CE00AA666EAC026F7EE4CE6F7805A10AD9C743",
+      "01F2D67A2DD50C916C48011BEE7BADFA488CD8C4F8BD69064C8BB454579E7B2FB"
+      "EDE9B52418239251C5B81638970916D1B3CACD25487927978CE7B0CD2A25916F9FE",
+      NULL,
+      "01A255D0D3B19B08BE171002C6D73096CA0E41498E805ABF61016EBF1A41E8018"
+      "D5F876D2870BFF35AA254BE8D6A303A79C4E4A3427AA4BDF8EE59DCAC22F4C83CD6",
+      "01000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000003"
+    },
+
+    /* Test #3 for NIST P-521 fast reduction */
+    {
+      "NIST P-521",
+      "014395758AE77FEE059DA0B5ABC00C374ACA51984B95451C08AD8309DC8CEFB9F"
+      "0B7D03950131E54E63319D4592D679C1F8CFD610289F7B791D5C1C09B7BC5122195",
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE",
+      NULL,
+      "0091EC67F53DC1C752724942D6B94A3D66D91C16C997F42524400D3CD10074C07"
+      "FF6F7981A44292B25B478AE551DE980999404EC9221FD3FACE26C40FE783576EF1B",
+      "01ACB11BE00223181E8E509CFA6CBC87695B3FCBB6FF98E2E77912DE109E53D92"
+      "5C20B39280ECCF4C15DA544935DED859FA59AF0D5916E91548A80174BCEE9DD805E"
+    },
+    {
+      "NIST P-521",
+      "01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890ABC"
+      "DEF01234567890ABCDEF01234567890ABCDEF01234567890ABCDEF01234567890AB",
+      "0091EC67F53DC1C752724942D6B94A3D66D91C16C997F42524400D3CD10074C07"
+      "FF6F7981A44292B25B478AE551DE980999404EC9221FD3FACE26C40FE783576EF1B",
+      "01ACB11BE00223181E8E509CFA6CBC87695B3FCBB6FF98E2E77912DE109E53D92"
+      "5C20B39280ECCF4C15DA544935DED859FA59AF0D5916E91548A80174BCEE9DD805E",
+      NULL,
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+    },
+
+    /* Test #4 for NIST P-521 fast reduction */
+    {
+      "NIST P-521",
+      "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386408",
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000001",
+      NULL,
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+    },
+    {
+      "NIST P-521",
+      "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386408",
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE",
+      NULL,
+      "00D9CB7A32DAB342F863EDB340F3EA61DDF833E755CE66BB1A918A42714BA05BC"
+      "DF4FF10994F616A9D80CD0B48B326E3A8A2A8F5634D824875B6E71FB7CDDD7B5018",
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000001"
+    },
+
+    { NULL, NULL, NULL, NULL, NULL, NULL }
+  };
+  gpg_error_t err;
+  gcry_ctx_t ctx;
+  gcry_mpi_t scalar, ux, uy, uz, x, y;
+  gcry_mpi_point_t U, Q;
+  int idx;
+
+  for (idx = 0; tv[idx].curve; idx++)
+    {
+      /* P-192 is not supported in fips mode */
+      if (gcry_fips_mode_active())
+        {
+          if (!strcmp(tv[idx].curve, "NIST P-192"))
+            {
+	      static int once;
+	      if (!once)
+		info ("skipping %s in fips mode\n", tv[idx].curve);
+	      once = 1;
+              continue;
+            }
+          if (!strcmp(tv[idx].curve, "secp256k1"))
+            {
+	      static int once;
+	      if (!once)
+		info ("skipping %s in fips mode\n", tv[idx].curve);
+	      once = 1;
+              continue;
+            }
+        }
+
+      err = gcry_mpi_ec_new (&ctx, NULL, tv[idx].curve);
+      if (err)
+        {
+          fail ("tv[%d].'%s': can't create context: %s\n",
+		idx, tv[idx].curve, gpg_strerror (err));
+          return;
+        }
+
+      if (tv[idx].ux)
+	ux = hex2mpi (tv[idx].ux);
+      else
+	die ("tv[%d].'%s': missing 'ux'\n", idx, tv[idx].curve);
+
+      if (tv[idx].uy)
+	uy = hex2mpi (tv[idx].uy);
+      else
+	die ("tv[%d].'%s': missing 'uy'\n", idx, tv[idx].curve);
+
+      if (tv[idx].uz)
+	uz = hex2mpi (tv[idx].uz);
+      else
+	uz = gcry_mpi_set_ui(NULL, 1);
+
+      if (tv[idx].scalar)
+	scalar = hex2mpi (tv[idx].scalar);
+      else
+	die ("tv[%d].'%s': missing 'scalar'\n", idx, tv[idx].curve);
+
+      U = gcry_mpi_point_new (0);
+      gcry_mpi_point_set (U, ux, uy, uz);
+      Q = gcry_mpi_point_new (0);
+      x = gcry_mpi_new (0);
+      y = gcry_mpi_new (0);
+
+      if (!gcry_mpi_ec_curve_point (U, ctx))
+        {
+          print_point ("  U", U);
+	  die ("tv[%d].'%s': point expected on curve but not "
+	       "identified as such\n", idx, tv[idx].curve);
+        }
+
+      gcry_mpi_ec_mul (Q, scalar, U, ctx);
+
+      if (!gcry_mpi_ec_curve_point (Q, ctx))
+        {
+          print_point ("  Q", Q);
+	  die ("tv[%d].'%s': point expected on curve but not "
+	       "identified as such\n", idx, tv[idx].curve);
+        }
+
+      if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
+	{
+	  fail ("tv[%d].'%s': failed to get affine coordinates\n",
+		idx, tv[idx].curve);
+	  return;
+	}
+
+      if ((tv[idx].qx != NULL && tv[idx].qy != NULL)
+	  && (cmp_mpihex (x, tv[idx].qx) || cmp_mpihex (y, tv[idx].qy)))
+	{
+	  fail ("tv[%d].'%s': sample point multiply failed:\n",
+		idx, tv[idx].curve);
+	  print_mpi ("     scalar", scalar);
+	  print_mpi ("         Qx", x);
+	  printf ("expected Qx: %s\n", tv[idx].qx);
+	  print_mpi ("         Qy", y);
+	  printf ("expected Qy: %s\n", tv[idx].qy);
+	}
+
+      gcry_mpi_release (uy);
+      gcry_mpi_release (ux);
+      gcry_mpi_release (uz);
+      gcry_mpi_release (scalar);
+      gcry_mpi_release (y);
+      gcry_mpi_release (x);
+      gcry_mpi_point_release (Q);
+      gcry_mpi_point_release (U);
+      gcry_ctx_release (ctx);
+    }
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -3306,6 +4043,7 @@ main (int argc, char **argv)
   basic_ec_math ();
   point_on_curve ();
   check_ec_mul ();
+  check_ec_mul_reduction ();
 
   /* The tests are for P-192 and ed25519 which are not supported in
      FIPS mode.  */