7 files changed, 91 insertions, 2 deletions

diff --git a/test/data/formulas/add-libressl-v382 b/test/data/formulas/add-libressl-v382
new file mode 100644
index 0000000..b40a190
--- /dev/null
+++ b/test/data/formulas/add-libressl-v382
@@ -0,0 +1,4 @@
+source LibreSSL v3.8.2 https://github.com/libressl/openbsd/blob/libressl-v3.8.2/src/lib/libcrypto/ec/ecp_smpl.c#L472
+coords Jacobian
+parameter half
+assume half = 1 / 2
diff --git a/test/data/formulas/add-libressl-v382.op3 b/test/data/formulas/add-libressl-v382.op3
new file mode 100644
index 0000000..0a8aa33
--- /dev/null
+++ b/test/data/formulas/add-libressl-v382.op3
@@ -0,0 +1,25 @@
+n0 = Z2^2
+n1 = X1 * n0
+n0 = n0 * Z2
+n2 = Y1 * n0
+n0 = Z1^2
+n3 = X2 * n0
+n0 = n0 * Z1
+n4 = Y2 * n0
+n5 = n1 - n3
+n6 = n2 - n4
+n7 = n1 + n3
+n8 = n2 + n4
+n0 = Z1 * Z2
+Z3 = n0 * n5
+n0 = n6^2
+n4 = n5^2
+n3 = n4 * n7
+X3 = n0 - n3
+n0 = 2 * X3
+n9 = n3 - n0
+t0 = n6 * n9
+t1 = n4 * n5
+t2 = n8 * t1
+Y3 = t0 - t2
+Y3 = Y3 * half
diff --git a/test/data/formulas/dbl-libressl-v382 b/test/data/formulas/dbl-libressl-v382
new file mode 100644
index 0000000..1f0c618
--- /dev/null
+++ b/test/data/formulas/dbl-libressl-v382
@@ -0,0 +1,2 @@
+source LibreSSL v3.8.2 https://github.com/libressl/openbsd/blob/libressl-v3.8.2/src/lib/libcrypto/ec/ecp_smpl.c#L654
+coords Jacobian
diff --git a/test/data/formulas/dbl-libressl-v382.op3 b/test/data/formulas/dbl-libressl-v382.op3
new file mode 100644
index 0000000..2bb4541
--- /dev/null
+++ b/test/data/formulas/dbl-libressl-v382.op3
@@ -0,0 +1,20 @@
+n0 = X1^2
+n1 = n0 * 2
+n0 = n0 + n1
+n1 = Z1^2
+n1 = n1^2
+n1 = a * n1
+n1 = n0 + n1
+n0 = Y1 * Z1
+Z3 = 2 * n0
+n3 = Y1^2
+n2 = X1 * n3
+n2 = 4 * n2
+n0 = 2 * n2
+X3 = n1^2
+X3 = X3 - n0
+n0 = n3^2
+n3 = 8 * n0
+n0 = n2 - X3
+n0 = n1 * n0
+Y3 = n0 - n3
diff --git a/test/data/formulas/dbl-secp256k1-v040 b/test/data/formulas/dbl-secp256k1-v040
new file mode 100644
index 0000000..1ed844d
--- /dev/null
+++ b/test/data/formulas/dbl-secp256k1-v040
@@ -0,0 +1,2 @@
+source libsecp256k1 v0.4.0 https://github.com/bitcoin-core/secp256k1/blob/v0.4.0/src/group_impl.h#L406
+coords Jacobian
diff --git a/test/data/formulas/dbl-secp256k1-v040.op3 b/test/data/formulas/dbl-secp256k1-v040.op3
new file mode 100644
index 0000000..18d0c06
--- /dev/null
+++ b/test/data/formulas/dbl-secp256k1-v040.op3
@@ -0,0 +1,15 @@
+Z3 = Y1*Z1
+S = Y1^2
+L = X1^2
+L = 3*L
+L = L/2
+T = -S
+T = T*X1
+X3 = L^2
+X3 = X3+T
+X3 = X3+T
+S = S^2
+T = T+X3
+Y3 = T*L
+Y3 = Y3+S
+Y3 = -Y3
diff --git a/test/sca/test_structural.py b/test/sca/test_structural.py
index d8200a3..e12d865 100644
--- a/test/sca/test_structural.py
+++ b/test/sca/test_structural.py
@@ -143,6 +143,27 @@ def test_efd_formula_match():
             ("secg", "secp224r1"),
             AdditionEFDFormula,
         ],
+        [
+            "add-libressl-v382",
+            ShortWeierstrassModel,
+            "jacobian",
+            ("secg", "secp128r1"),
+            AdditionEFDFormula,
+        ],
+        [
+            "dbl-libressl-v382",
+            ShortWeierstrassModel,
+            "jacobian",
+            ("secg", "secp128r1"),
+            DoublingEFDFormula,
+        ],
+        [
+            "dbl-secp256k1-v040",
+            ShortWeierstrassModel,
+            "jacobian",
+            ("secg", "secp256k1"),
+            DoublingEFDFormula,
+        ],
     ],
 )
 def test_formula_correctness(name, model, coords, param_spec, formula_type):
@@ -208,6 +229,6 @@ def test_formula_correctness(name, model, coords, param_spec, formula_type):
                     == QR
                 )
                 assert (
-                   scale(params.curve.prime, res[0], **params.curve.parameters)[0]
-                   == Q2
+                    scale(params.curve.prime, res[0], **params.curve.parameters)[0]
+                    == Q2
                 )