1"""Base values and datasets for bignum generated tests and helper functions that
2produced them."""
3# Copyright The Mbed TLS Contributors
4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
5#
6
7import random
8
9# Functions calling these were used to produce test data and are here only for
10# reproducibility, they are not used by the test generation framework/classes
11try:
12    from Cryptodome.Util.number import isPrime, getPrime #type: ignore #pylint: disable=import-error
13except ImportError:
14    pass
15
16# Generated by bignum_common.gen_safe_prime(192,1)
17SAFE_PRIME_192_BIT_SEED_1 = "d1c127a667786703830500038ebaef20e5a3e2dc378fb75b"
18
19# First number generated by random.getrandbits(192) - seed(2,2), not a prime
20RANDOM_192_BIT_SEED_2_NO1 = "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"
21
22# Second number generated by random.getrandbits(192) - seed(2,2), not a prime
23RANDOM_192_BIT_SEED_2_NO2 = "cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
24
25# Third number generated by random.getrandbits(192) - seed(2,2), not a prime
26RANDOM_192_BIT_SEED_2_NO3 = "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"
27
28# Fourth number generated by random.getrandbits(192) - seed(2,2), not a prime
29RANDOM_192_BIT_SEED_2_NO4 = "ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
30
31# Ninth number generated by random.getrandbits(192) - seed(2,2), not a prime
32RANDOM_192_BIT_SEED_2_NO9 = "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"
33
34# Generated by bignum_common.gen_safe_prime(1024,3)
35SAFE_PRIME_1024_BIT_SEED_3 = ("c93ba7ec74d96f411ba008bdb78e63ff11bb5df46a51e16b"
36                              "2c9d156f8e4e18abf5e052cb01f47d0d1925a77f60991577"
37                              "e128fb6f52f34a27950a594baadd3d8057abeb222cf3cca9"
38                              "62db16abf79f2ada5bd29ab2f51244bf295eff9f6aaba130"
39                              "2efc449b128be75eeaca04bc3c1a155d11d14e8be32a2c82"
40                              "87b3996cf6ad5223")
41
42# First number generated by random.getrandbits(1024) - seed(4,2), not a prime
43RANDOM_1024_BIT_SEED_4_NO1 = ("6905269ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed"
44                              "3addccb2c33be0ac79d679346d4ac7a5c3902b38963dc6e8"
45                              "534f45738d048ec0f1099c6c3e1b258fd724452ccea71ff4"
46                              "a14876aeaff1a098ca5996666ceab360512bd13110722311"
47                              "710cf5327ac435a7a97c643656412a9b8a1abcd1a6916c74"
48                              "da4f9fc3c6da5d7")
49
50# Second number generated by random.getrandbits(1024) - seed(4,2), not a prime
51RANDOM_1024_BIT_SEED_4_NO2 = ("f1cfd99216df648647adec26793d0e453f5082492d83a823"
52                              "3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4"
53                              "d8441b5616332aca5f552773e14b0190d93936e1daca3c06"
54                              "f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0"
55                              "2a3187853184ff27459142deccea264542a00403ce80c4b0"
56                              "a4042bb3d4341aad")
57
58# Third number generated by random.getrandbits(1024) - seed(4,2), not a prime
59RANDOM_1024_BIT_SEED_4_NO3 = ("14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb38"
60                              "3bb4a570294c4ea3738d243a6e58d5ca49c7b59b995253fd"
61                              "6c79a3de69f85e3131f3b9238224b122c3e4a892d9196ada"
62                              "4fcfa583e1df8af9b474c7e89286a1754abcb06ae8abb93f"
63                              "01d89a024cdce7a6d7288ff68c320f89f1347e0cdd905ecf"
64                              "d160c5d0ef412ed6")
65
66# Fourth number generated by random.getrandbits(1024) - seed(4,2), not a prime
67RANDOM_1024_BIT_SEED_4_NO4 = ("32decd6b8efbc170a26a25c852175b7a96b98b5fbf37a2be"
68                              "6f98bca35b17b9662f0733c846bbe9e870ef55b1a1f65507"
69                              "a2909cb633e238b4e9dd38b869ace91311021c9e32111ac1"
70                              "ac7cc4a4ff4dab102522d53857c49391b36cc9aa78a330a1"
71                              "a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac"
72                              "7671863c0bdbc23a")
73
74# Fifth number generated by random.getrandbits(1024) - seed(4,2), not a prime
75RANDOM_1024_BIT_SEED_4_NO5 = ("53be4721f5b9e1f5acdac615bc20f6264922b9ccf469aef8"
76                              "f6e7d078e55b85dd1525f363b281b8885b69dc230af5ac87"
77                              "0692b534758240df4a7a03052d733dcdef40af2e54c0ce68"
78                              "1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b"
79                              "4708d9893a973000b54a23020fc5b043d6e4a51519d9c9cc"
80                              "52d32377e78131c1")
81
82# Adding 192 bit and 1024 bit numbers because these are the shortest required
83# for ECC and RSA respectively.
84INPUTS_DEFAULT = [
85        "0", "1", # corner cases
86        "2", "3", # small primes
87        "4",      # non-prime even
88        "38",     # small random
89        SAFE_PRIME_192_BIT_SEED_1,  # prime
90        RANDOM_192_BIT_SEED_2_NO1,  # not a prime
91        RANDOM_192_BIT_SEED_2_NO2,  # not a prime
92        SAFE_PRIME_1024_BIT_SEED_3, # prime
93        RANDOM_1024_BIT_SEED_4_NO1, # not a prime
94        RANDOM_1024_BIT_SEED_4_NO3, # not a prime
95        RANDOM_1024_BIT_SEED_4_NO2, # largest (not a prime)
96        ]
97
98ADD_SUB_DATA = [
99    "0", "1", "3", "f", "fe", "ff", "100", "ff00",
100    "fffe", "ffff", "10000", # 2^16 - 1, 2^16, 2^16 + 1
101    "fffffffe", "ffffffff", "100000000", # 2^32 - 1, 2^32, 2^32 + 1
102    "1f7f7f7f7f7f7f",
103    "8000000000000000", "fefefefefefefefe",
104    "fffffffffffffffe", "ffffffffffffffff", "10000000000000000", # 2^64 - 1, 2^64, 2^64 + 1
105    "1234567890abcdef0",
106    "fffffffffffffffffffffffe",
107    "ffffffffffffffffffffffff",
108    "1000000000000000000000000",
109    "fffffffffffffffffefefefefefefefe",
110    "fffffffffffffffffffffffffffffffe",
111    "ffffffffffffffffffffffffffffffff",
112    "100000000000000000000000000000000",
113    "1234567890abcdef01234567890abcdef0",
114    "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe",
115    "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe",
116    "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
117    "10000000000000000000000000000000000000000000000000000000000000000",
118    "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0",
119    ]
120
121# Only odd moduli are present as in the new bignum code only odd moduli are
122# supported for now.
123MODULI_DEFAULT = [
124        "53", # safe prime
125        "45", # non-prime
126        SAFE_PRIME_192_BIT_SEED_1,  # safe prime
127        RANDOM_192_BIT_SEED_2_NO4,  # not a prime
128        SAFE_PRIME_1024_BIT_SEED_3, # safe prime
129        RANDOM_1024_BIT_SEED_4_NO5, # not a prime
130        ]
131
132# Some functions, e.g. mbedtls_mpi_mod_raw_inv_prime(), only support prime moduli.
133ONLY_PRIME_MODULI = [
134        "53", # safe prime
135        "8ac72304057392b5",     # 9999999997777777333 (longer, not safe, prime)
136        # The next prime has a different R in Montgomery form depending on
137        # whether 32- or 64-bit MPIs are used.
138        "152d02c7e14af67fe0bf", # 99999999999999999991999
139        SAFE_PRIME_192_BIT_SEED_1,  # safe prime
140        SAFE_PRIME_1024_BIT_SEED_3, # safe prime
141        ]
142
143def __gen_safe_prime(bits, seed):
144    '''
145    Generate a safe prime.
146
147    This function is intended for generating constants offline and shouldn't be
148    used in test generation classes.
149
150    Requires pycryptodomex for getPrime and isPrime and python 3.9 or later for
151    randbytes.
152    '''
153    rng = random.Random()
154    # We want reproducibility across python versions
155    rng.seed(seed, version=2)
156    while True:
157        prime = 2*getPrime(bits-1, rng.randbytes)+1 #pylint: disable=no-member
158        if isPrime(prime, 1e-30):
159            return prime
160