1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/entropy.h" 4#include "constant_time_internal.h" 5#include "bignum_core.h" 6#include "test/constant_flow.h" 7 8#if MBEDTLS_MPI_MAX_BITS > 792 9#define MPI_MAX_BITS_LARGER_THAN_792 10#endif 11 12/* Check the validity of the sign bit in an MPI object. Reject representations 13 * that are not supported by the rest of the library and indicate a bug when 14 * constructing the value. */ 15static int sign_is_valid(const mbedtls_mpi *X) 16{ 17 /* Only +1 and -1 are valid sign bits, not e.g. 0 */ 18 if (X->s != 1 && X->s != -1) { 19 return 0; 20 } 21 22 /* The value 0 must be represented with the sign +1. A "negative zero" 23 * with s=-1 is an invalid representation. Forbid that. As an exception, 24 * we sometimes test the robustness of library functions when given 25 * a negative zero input. If a test case has a negative zero as input, 26 * we don't mind if the function has a negative zero output. */ 27 if (!mbedtls_test_case_uses_negative_0 && 28 mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { 29 return 0; 30 } 31 32 return 1; 33} 34 35typedef struct mbedtls_test_mpi_random { 36 data_t *data; 37 size_t pos; 38 size_t chunk_len; 39} mbedtls_test_mpi_random; 40 41/* 42 * This function is called by the Miller-Rabin primality test each time it 43 * chooses a random witness. The witnesses (or non-witnesses as provided by the 44 * test) are stored in the data member of the state structure. Each number is in 45 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 46 */ 47int mbedtls_test_mpi_miller_rabin_determinizer(void *state, 48 unsigned char *buf, 49 size_t len) 50{ 51 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; 52 53 if (random == NULL || random->data->x == NULL || buf == NULL) { 54 return -1; 55 } 56 57 if (random->pos + random->chunk_len > random->data->len 58 || random->chunk_len > len) { 59 return -1; 60 } 61 62 memset(buf, 0, len); 63 64 /* The witness is written to the end of the buffer, since the buffer is 65 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 66 * Writing the witness to the start of the buffer would result in the 67 * buffer being 'witness 000...000', which would be treated as 68 * witness * 2^n for some n. */ 69 memcpy(buf + len - random->chunk_len, &random->data->x[random->pos], 70 random->chunk_len); 71 72 random->pos += random->chunk_len; 73 74 return 0; 75} 76 77/* Random generator that is told how many bytes to return. */ 78static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) 79{ 80 size_t *bytes_left = state; 81 size_t i; 82 for (i = 0; i < len; i++) { 83 if (*bytes_left == 0) { 84 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 85 } 86 buf[i] = *bytes_left & 0xff; 87 --(*bytes_left); 88 } 89 return 0; 90} 91 92/* END_HEADER */ 93 94/* BEGIN_DEPENDENCIES 95 * depends_on:MBEDTLS_BIGNUM_C 96 * END_DEPENDENCIES 97 */ 98 99/* BEGIN_CASE */ 100void mpi_null() 101{ 102 mbedtls_mpi X, Y, Z; 103 104 mbedtls_mpi_init(&X); 105 mbedtls_mpi_init(&Y); 106 mbedtls_mpi_init(&Z); 107 108 TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0); 109 TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0); 110 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0); 111 TEST_ASSERT(mbedtls_mpi_size(&X) == 0); 112 113exit: 114 mbedtls_mpi_free(&X); 115} 116/* END_CASE */ 117 118/* BEGIN_CASE */ 119void mpi_read_write_string(int radix_X, char *input_X, int radix_A, 120 char *input_A, int output_size, int result_read, 121 int result_write) 122{ 123 mbedtls_mpi X; 124 char str[1000]; 125 size_t len; 126 127 mbedtls_mpi_init(&X); 128 129 memset(str, '!', sizeof(str)); 130 131 TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read); 132 if (result_read == 0) { 133 TEST_ASSERT(sign_is_valid(&X)); 134 TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write); 135 if (result_write == 0) { 136 TEST_ASSERT(strcmp(str, input_A) == 0); 137 TEST_ASSERT(str[len] == '!'); 138 } 139 } 140 141exit: 142 mbedtls_mpi_free(&X); 143} 144/* END_CASE */ 145 146/* BEGIN_CASE */ 147void mpi_read_binary(data_t *buf, char *input_A) 148{ 149 mbedtls_mpi X; 150 char str[1000]; 151 size_t len; 152 153 mbedtls_mpi_init(&X); 154 155 156 TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0); 157 TEST_ASSERT(sign_is_valid(&X)); 158 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 159 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 160 161exit: 162 mbedtls_mpi_free(&X); 163} 164/* END_CASE */ 165 166/* BEGIN_CASE */ 167void mpi_read_binary_le(data_t *buf, char *input_A) 168{ 169 mbedtls_mpi X; 170 char str[1000]; 171 size_t len; 172 173 mbedtls_mpi_init(&X); 174 175 176 TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0); 177 TEST_ASSERT(sign_is_valid(&X)); 178 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 179 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 180 181exit: 182 mbedtls_mpi_free(&X); 183} 184/* END_CASE */ 185 186/* BEGIN_CASE */ 187void mpi_write_binary(char *input_X, data_t *input_A, 188 int output_size, int result) 189{ 190 mbedtls_mpi X; 191 unsigned char buf[1000]; 192 size_t buflen; 193 194 memset(buf, 0x00, 1000); 195 196 mbedtls_mpi_init(&X); 197 198 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 199 200 buflen = mbedtls_mpi_size(&X); 201 if (buflen > (size_t) output_size) { 202 buflen = (size_t) output_size; 203 } 204 205 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result); 206 if (result == 0) { 207 208 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 209 buflen, input_A->len) == 0); 210 } 211 212exit: 213 mbedtls_mpi_free(&X); 214} 215/* END_CASE */ 216 217/* BEGIN_CASE */ 218void mpi_write_binary_le(char *input_X, data_t *input_A, 219 int output_size, int result) 220{ 221 mbedtls_mpi X; 222 unsigned char buf[1000]; 223 size_t buflen; 224 225 memset(buf, 0x00, 1000); 226 227 mbedtls_mpi_init(&X); 228 229 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 230 231 buflen = mbedtls_mpi_size(&X); 232 if (buflen > (size_t) output_size) { 233 buflen = (size_t) output_size; 234 } 235 236 TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result); 237 if (result == 0) { 238 239 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 240 buflen, input_A->len) == 0); 241 } 242 243exit: 244 mbedtls_mpi_free(&X); 245} 246/* END_CASE */ 247 248/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 249void mpi_read_file(char *input_file, data_t *input_A, int result) 250{ 251 mbedtls_mpi X; 252 unsigned char buf[1000]; 253 size_t buflen; 254 FILE *file; 255 int ret; 256 257 memset(buf, 0x00, 1000); 258 259 mbedtls_mpi_init(&X); 260 261 file = fopen(input_file, "r"); 262 TEST_ASSERT(file != NULL); 263 ret = mbedtls_mpi_read_file(&X, 16, file); 264 fclose(file); 265 TEST_ASSERT(ret == result); 266 267 if (result == 0) { 268 TEST_ASSERT(sign_is_valid(&X)); 269 buflen = mbedtls_mpi_size(&X); 270 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0); 271 272 273 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 274 buflen, input_A->len) == 0); 275 } 276 277exit: 278 mbedtls_mpi_free(&X); 279} 280/* END_CASE */ 281 282/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 283void mpi_write_file(char *input_X, char *output_file) 284{ 285 mbedtls_mpi X, Y; 286 FILE *file_out, *file_in; 287 int ret; 288 289 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 290 291 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 292 293 file_out = fopen(output_file, "w"); 294 TEST_ASSERT(file_out != NULL); 295 ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out); 296 fclose(file_out); 297 TEST_ASSERT(ret == 0); 298 299 file_in = fopen(output_file, "r"); 300 TEST_ASSERT(file_in != NULL); 301 ret = mbedtls_mpi_read_file(&Y, 16, file_in); 302 fclose(file_in); 303 TEST_ASSERT(ret == 0); 304 305 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 306 307exit: 308 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 309} 310/* END_CASE */ 311 312/* BEGIN_CASE */ 313void mpi_get_bit(char *input_X, int pos, int val) 314{ 315 mbedtls_mpi X; 316 mbedtls_mpi_init(&X); 317 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 318 TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val); 319 320exit: 321 mbedtls_mpi_free(&X); 322} 323/* END_CASE */ 324 325/* BEGIN_CASE */ 326void mpi_set_bit(char *input_X, int pos, int val, 327 char *output_Y, int result) 328{ 329 mbedtls_mpi X, Y; 330 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 331 332 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 333 TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0); 334 TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result); 335 336 if (result == 0) { 337 TEST_ASSERT(sign_is_valid(&X)); 338 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 339 } 340 341exit: 342 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 343} 344/* END_CASE */ 345 346/* BEGIN_CASE */ 347void mpi_lsb(char *input_X, int nr_bits) 348{ 349 mbedtls_mpi X; 350 mbedtls_mpi_init(&X); 351 352 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 353 TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits); 354 355exit: 356 mbedtls_mpi_free(&X); 357} 358/* END_CASE */ 359 360/* BEGIN_CASE */ 361void mpi_bitlen(char *input_X, int nr_bits) 362{ 363 mbedtls_mpi X; 364 mbedtls_mpi_init(&X); 365 366 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 367 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits); 368 369exit: 370 mbedtls_mpi_free(&X); 371} 372/* END_CASE */ 373 374/* BEGIN_CASE */ 375void mpi_gcd(char *input_X, char *input_Y, 376 char *input_A) 377{ 378 mbedtls_mpi A, X, Y, Z; 379 mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 380 381 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 382 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 383 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 384 TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0); 385 TEST_ASSERT(sign_is_valid(&Z)); 386 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 387 388exit: 389 mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 390} 391/* END_CASE */ 392 393/* BEGIN_CASE */ 394void mpi_cmp_int(int input_X, int input_A, int result_CMP) 395{ 396 mbedtls_mpi X; 397 mbedtls_mpi_init(&X); 398 399 TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0); 400 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP); 401 402exit: 403 mbedtls_mpi_free(&X); 404} 405/* END_CASE */ 406 407/* BEGIN_CASE */ 408void mpi_cmp_mpi(char *input_X, char *input_Y, 409 int input_A) 410{ 411 mbedtls_mpi X, Y; 412 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 413 414 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 415 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 416 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A); 417 418exit: 419 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 420} 421/* END_CASE */ 422 423/* BEGIN_CASE */ 424void mpi_lt_mpi_ct(int size_X, char *input_X, 425 int size_Y, char *input_Y, 426 int input_ret, int input_err) 427{ 428 unsigned ret = -1; 429 unsigned input_uret = input_ret; 430 mbedtls_mpi X, Y; 431 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 432 433 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 434 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 435 436 TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0); 437 TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0); 438 439 TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err); 440 if (input_err == 0) { 441 TEST_EQUAL(ret, input_uret); 442 } 443 444exit: 445 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 446} 447/* END_CASE */ 448 449/* BEGIN_CASE */ 450void mpi_cmp_abs(char *input_X, char *input_Y, 451 int input_A) 452{ 453 mbedtls_mpi X, Y; 454 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 455 456 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 457 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 458 TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A); 459 460exit: 461 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 462} 463/* END_CASE */ 464 465/* BEGIN_CASE */ 466void mpi_copy(char *src_hex, char *dst_hex) 467{ 468 mbedtls_mpi src, dst, ref; 469 mbedtls_mpi_init(&src); 470 mbedtls_mpi_init(&dst); 471 mbedtls_mpi_init(&ref); 472 473 TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0); 474 TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0); 475 476 /* mbedtls_mpi_copy() */ 477 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 478 TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0); 479 TEST_ASSERT(sign_is_valid(&dst)); 480 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 481 482 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 483 mbedtls_mpi_free(&dst); 484 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 485 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0); 486 TEST_ASSERT(sign_is_valid(&dst)); 487 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 488 489 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 490 mbedtls_mpi_free(&dst); 491 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 492 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0); 493 TEST_ASSERT(sign_is_valid(&dst)); 494 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0); 495 496exit: 497 mbedtls_mpi_free(&src); 498 mbedtls_mpi_free(&dst); 499 mbedtls_mpi_free(&ref); 500} 501/* END_CASE */ 502 503/* BEGIN_CASE */ 504void mpi_copy_self(char *input_X) 505{ 506 mbedtls_mpi X, A; 507 mbedtls_mpi_init(&A); 508 mbedtls_mpi_init(&X); 509 510 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 511 TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0); 512 513 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0); 514 TEST_ASSERT(sign_is_valid(&X)); 515 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 516 517exit: 518 mbedtls_mpi_free(&A); 519 mbedtls_mpi_free(&X); 520} 521/* END_CASE */ 522 523/* BEGIN_CASE */ 524void mpi_swap(char *X_hex, char *Y_hex) 525{ 526 mbedtls_mpi X, Y, X0, Y0; 527 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 528 mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0); 529 530 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 531 TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0); 532 533 /* mbedtls_mpi_swap() */ 534 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 535 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 536 mbedtls_mpi_swap(&X, &Y); 537 TEST_ASSERT(sign_is_valid(&X)); 538 TEST_ASSERT(sign_is_valid(&Y)); 539 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 540 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 541 542 /* mbedtls_mpi_safe_cond_swap(), swap done */ 543 mbedtls_mpi_free(&X); 544 mbedtls_mpi_free(&Y); 545 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 546 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 547 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0); 548 TEST_ASSERT(sign_is_valid(&X)); 549 TEST_ASSERT(sign_is_valid(&Y)); 550 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 551 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 552 553 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 554 mbedtls_mpi_free(&X); 555 mbedtls_mpi_free(&Y); 556 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 557 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 558 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0); 559 TEST_ASSERT(sign_is_valid(&X)); 560 TEST_ASSERT(sign_is_valid(&Y)); 561 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 562 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0); 563 564exit: 565 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 566 mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0); 567} 568/* END_CASE */ 569 570/* BEGIN_CASE */ 571void mpi_swap_self(char *X_hex) 572{ 573 mbedtls_mpi X, X0; 574 mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0); 575 576 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 577 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 578 579 mbedtls_mpi_swap(&X, &X); 580 TEST_ASSERT(sign_is_valid(&X)); 581 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 582 583exit: 584 mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0); 585} 586/* END_CASE */ 587 588/* BEGIN_CASE */ 589void mpi_shrink(int before, int used, int min, int after) 590{ 591 mbedtls_mpi X; 592 mbedtls_mpi_init(&X); 593 594 TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0); 595 if (used > 0) { 596 size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint); 597 TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0); 598 } 599 TEST_EQUAL(X.n, (size_t) before); 600 TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0); 601 TEST_EQUAL(X.n, (size_t) after); 602 603exit: 604 mbedtls_mpi_free(&X); 605} 606/* END_CASE */ 607 608/* BEGIN_CASE */ 609void mpi_add_mpi(char *input_X, char *input_Y, 610 char *input_A) 611{ 612 mbedtls_mpi X, Y, Z, A; 613 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 614 615 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 616 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 617 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 618 TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0); 619 TEST_ASSERT(sign_is_valid(&Z)); 620 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 621 622 /* result == first operand */ 623 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0); 624 TEST_ASSERT(sign_is_valid(&X)); 625 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 626 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 627 628 /* result == second operand */ 629 TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0); 630 TEST_ASSERT(sign_is_valid(&Y)); 631 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 632 633exit: 634 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 635} 636/* END_CASE */ 637 638/* BEGIN_CASE */ 639void mpi_add_mpi_inplace(char *input_X, char *input_A) 640{ 641 mbedtls_mpi X, A; 642 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 643 644 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 645 646 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 647 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0); 648 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0); 649 TEST_ASSERT(sign_is_valid(&X)); 650 651 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 652 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0); 653 TEST_ASSERT(sign_is_valid(&X)); 654 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 655 656 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 657 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0); 658 TEST_ASSERT(sign_is_valid(&X)); 659 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 660 661exit: 662 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 663} 664/* END_CASE */ 665 666 667/* BEGIN_CASE */ 668void mpi_add_abs(char *input_X, char *input_Y, 669 char *input_A) 670{ 671 mbedtls_mpi X, Y, Z, A; 672 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 673 674 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 675 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 676 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 677 TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0); 678 TEST_ASSERT(sign_is_valid(&Z)); 679 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 680 681 /* result == first operand */ 682 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0); 683 TEST_ASSERT(sign_is_valid(&X)); 684 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 685 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 686 687 /* result == second operand */ 688 TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0); 689 TEST_ASSERT(sign_is_valid(&Y)); 690 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 691 692exit: 693 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 694} 695/* END_CASE */ 696 697/* BEGIN_CASE */ 698void mpi_add_int(char *input_X, int input_Y, 699 char *input_A) 700{ 701 mbedtls_mpi X, Z, A; 702 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 703 704 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 705 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 706 TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0); 707 TEST_ASSERT(sign_is_valid(&Z)); 708 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 709 710exit: 711 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 712} 713/* END_CASE */ 714 715/* BEGIN_CASE */ 716void mpi_sub_mpi(char *input_X, char *input_Y, 717 char *input_A) 718{ 719 mbedtls_mpi X, Y, Z, A; 720 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 721 722 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 723 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 724 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 725 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0); 726 TEST_ASSERT(sign_is_valid(&Z)); 727 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 728 729 /* result == first operand */ 730 TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0); 731 TEST_ASSERT(sign_is_valid(&X)); 732 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 733 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 734 735 /* result == second operand */ 736 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0); 737 TEST_ASSERT(sign_is_valid(&Y)); 738 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 739 740exit: 741 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 742} 743/* END_CASE */ 744 745/* BEGIN_CASE */ 746void mpi_sub_abs(char *input_X, char *input_Y, 747 char *input_A, int sub_result) 748{ 749 mbedtls_mpi X, Y, Z, A; 750 int res; 751 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 752 753 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 754 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 755 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 756 757 res = mbedtls_mpi_sub_abs(&Z, &X, &Y); 758 TEST_ASSERT(res == sub_result); 759 TEST_ASSERT(sign_is_valid(&Z)); 760 if (res == 0) { 761 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 762 } 763 764 /* result == first operand */ 765 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result); 766 TEST_ASSERT(sign_is_valid(&X)); 767 if (sub_result == 0) { 768 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 769 } 770 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 771 772 /* result == second operand */ 773 TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result); 774 TEST_ASSERT(sign_is_valid(&Y)); 775 if (sub_result == 0) { 776 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 777 } 778 779exit: 780 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 781} 782/* END_CASE */ 783 784/* BEGIN_CASE */ 785void mpi_sub_int(char *input_X, int input_Y, 786 char *input_A) 787{ 788 mbedtls_mpi X, Z, A; 789 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 790 791 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 792 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 793 TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0); 794 TEST_ASSERT(sign_is_valid(&Z)); 795 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 796 797exit: 798 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 799} 800/* END_CASE */ 801 802/* BEGIN_CASE */ 803void mpi_mul_mpi(char *input_X, char *input_Y, 804 char *input_A) 805{ 806 mbedtls_mpi X, Y, Z, A; 807 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 808 809 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 810 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 811 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 812 TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0); 813 TEST_ASSERT(sign_is_valid(&Z)); 814 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 815 816exit: 817 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 818} 819/* END_CASE */ 820 821/* BEGIN_CASE */ 822void mpi_mul_int(char *input_X, int input_Y, 823 char *input_A, char *result_comparison) 824{ 825 mbedtls_mpi X, Z, A; 826 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 827 828 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 829 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 830 TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0); 831 TEST_ASSERT(sign_is_valid(&Z)); 832 if (strcmp(result_comparison, "==") == 0) { 833 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 834 } else if (strcmp(result_comparison, "!=") == 0) { 835 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0); 836 } else { 837 TEST_FAIL("unknown operator"); 838 } 839 840exit: 841 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 842} 843/* END_CASE */ 844 845/* BEGIN_CASE */ 846void mpi_div_mpi(char *input_X, char *input_Y, 847 char *input_A, char *input_B, 848 int div_result) 849{ 850 mbedtls_mpi X, Y, Q, R, A, B; 851 int res; 852 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); 853 mbedtls_mpi_init(&A); mbedtls_mpi_init(&B); 854 855 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 856 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 857 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 858 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 859 res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y); 860 TEST_ASSERT(res == div_result); 861 if (res == 0) { 862 TEST_ASSERT(sign_is_valid(&Q)); 863 TEST_ASSERT(sign_is_valid(&R)); 864 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 865 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 866 } 867 868exit: 869 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); 870 mbedtls_mpi_free(&A); mbedtls_mpi_free(&B); 871} 872/* END_CASE */ 873 874/* BEGIN_CASE */ 875void mpi_div_int(char *input_X, int input_Y, 876 char *input_A, char *input_B, 877 int div_result) 878{ 879 mbedtls_mpi X, Q, R, A, B; 880 int res; 881 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A); 882 mbedtls_mpi_init(&B); 883 884 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 885 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 886 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 887 res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y); 888 TEST_ASSERT(res == div_result); 889 if (res == 0) { 890 TEST_ASSERT(sign_is_valid(&Q)); 891 TEST_ASSERT(sign_is_valid(&R)); 892 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 893 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 894 } 895 896exit: 897 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A); 898 mbedtls_mpi_free(&B); 899} 900/* END_CASE */ 901 902/* BEGIN_CASE */ 903void mpi_mod_mpi(char *input_X, char *input_Y, 904 char *input_A, int div_result) 905{ 906 mbedtls_mpi X, Y, A; 907 int res; 908 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A); 909 910 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 911 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 912 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 913 res = mbedtls_mpi_mod_mpi(&X, &X, &Y); 914 TEST_ASSERT(res == div_result); 915 if (res == 0) { 916 TEST_ASSERT(sign_is_valid(&X)); 917 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 918 } 919 920exit: 921 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A); 922} 923/* END_CASE */ 924 925/* BEGIN_CASE */ 926void mpi_mod_int(char *input_X, mbedtls_mpi_sint y, 927 mbedtls_mpi_sint a, int mod_result) 928{ 929 mbedtls_mpi X; 930 int res; 931 mbedtls_mpi_uint r; 932 933 mbedtls_mpi_init(&X); 934 935 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 936 937 res = mbedtls_mpi_mod_int(&r, &X, y); 938 TEST_EQUAL(res, mod_result); 939 if (res == 0) { 940 TEST_EQUAL(r, a); 941 } 942 943exit: 944 mbedtls_mpi_free(&X); 945} 946/* END_CASE */ 947 948/* BEGIN_CASE */ 949void mpi_exp_mod(char *input_A, char *input_E, 950 char *input_N, char *input_X, 951 int exp_result) 952{ 953 mbedtls_mpi A, E, N, RR, Z, X; 954 int res; 955 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 956 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 957 958 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 959 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 960 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 961 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 962 963 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL); 964 TEST_ASSERT(res == exp_result); 965 if (res == 0) { 966 TEST_ASSERT(sign_is_valid(&Z)); 967 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 968 } 969 970 /* Now test again with the speed-up parameter supplied as an output. */ 971 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 972 TEST_ASSERT(res == exp_result); 973 if (res == 0) { 974 TEST_ASSERT(sign_is_valid(&Z)); 975 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 976 } 977 978 /* Now test again with the speed-up parameter supplied in calculated form. */ 979 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 980 TEST_ASSERT(res == exp_result); 981 if (res == 0) { 982 TEST_ASSERT(sign_is_valid(&Z)); 983 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 984 } 985 986exit: 987 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 988 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 989} 990/* END_CASE */ 991 992/* BEGIN_CASE */ 993void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes, 994 char *input_RR, int exp_result) 995{ 996 mbedtls_mpi A, E, N, RR, Z; 997 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 998 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); 999 1000 /* Set A to 2^(A_bytes - 1) + 1 */ 1001 TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0); 1002 TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0); 1003 TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0); 1004 1005 /* Set E to 2^(E_bytes - 1) + 1 */ 1006 TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0); 1007 TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0); 1008 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0); 1009 1010 /* Set N to 2^(N_bytes - 1) + 1 */ 1011 TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0); 1012 TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0); 1013 TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0); 1014 1015 if (strlen(input_RR)) { 1016 TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0); 1017 } 1018 1019 TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result); 1020 1021exit: 1022 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1023 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); 1024} 1025/* END_CASE */ 1026 1027/* BEGIN_CASE */ 1028void mpi_inv_mod(char *input_X, char *input_Y, 1029 char *input_A, int div_result) 1030{ 1031 mbedtls_mpi X, Y, Z, A; 1032 int res; 1033 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1034 1035 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1036 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1037 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1038 res = mbedtls_mpi_inv_mod(&Z, &X, &Y); 1039 TEST_ASSERT(res == div_result); 1040 if (res == 0) { 1041 TEST_ASSERT(sign_is_valid(&Z)); 1042 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1043 } 1044 1045exit: 1046 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1047} 1048/* END_CASE */ 1049 1050/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1051void mpi_is_prime(char *input_X, int div_result) 1052{ 1053 mbedtls_mpi X; 1054 int res; 1055 mbedtls_mpi_init(&X); 1056 1057 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1058 res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL); 1059 TEST_ASSERT(res == div_result); 1060 1061exit: 1062 mbedtls_mpi_free(&X); 1063} 1064/* END_CASE */ 1065 1066/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1067void mpi_is_prime_det(data_t *input_X, data_t *witnesses, 1068 int chunk_len, int rounds) 1069{ 1070 mbedtls_mpi X; 1071 int res; 1072 mbedtls_test_mpi_random rand; 1073 1074 mbedtls_mpi_init(&X); 1075 rand.data = witnesses; 1076 rand.pos = 0; 1077 rand.chunk_len = chunk_len; 1078 1079 TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0); 1080 res = mbedtls_mpi_is_prime_ext(&X, rounds - 1, 1081 mbedtls_test_mpi_miller_rabin_determinizer, 1082 &rand); 1083 TEST_ASSERT(res == 0); 1084 1085 rand.data = witnesses; 1086 rand.pos = 0; 1087 rand.chunk_len = chunk_len; 1088 1089 res = mbedtls_mpi_is_prime_ext(&X, rounds, 1090 mbedtls_test_mpi_miller_rabin_determinizer, 1091 &rand); 1092 TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); 1093 1094exit: 1095 mbedtls_mpi_free(&X); 1096} 1097/* END_CASE */ 1098 1099/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1100void mpi_gen_prime(int bits, int flags, int ref_ret) 1101{ 1102 mbedtls_mpi X; 1103 int my_ret; 1104 1105 mbedtls_mpi_init(&X); 1106 1107 my_ret = mbedtls_mpi_gen_prime(&X, bits, flags, 1108 mbedtls_test_rnd_std_rand, NULL); 1109 TEST_ASSERT(my_ret == ref_ret); 1110 1111 if (ref_ret == 0) { 1112 size_t actual_bits = mbedtls_mpi_bitlen(&X); 1113 1114 TEST_ASSERT(actual_bits >= (size_t) bits); 1115 TEST_ASSERT(actual_bits <= (size_t) bits + 1); 1116 TEST_ASSERT(sign_is_valid(&X)); 1117 1118 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1119 mbedtls_test_rnd_std_rand, 1120 NULL) == 0); 1121 if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) { 1122 /* X = ( X - 1 ) / 2 */ 1123 TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0); 1124 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1125 mbedtls_test_rnd_std_rand, 1126 NULL) == 0); 1127 } 1128 } 1129 1130exit: 1131 mbedtls_mpi_free(&X); 1132} 1133/* END_CASE */ 1134 1135/* BEGIN_CASE */ 1136void mpi_shift_l(char *input_X, int shift_X, 1137 char *input_A) 1138{ 1139 mbedtls_mpi X, A; 1140 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1141 1142 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1143 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1144 TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0); 1145 TEST_ASSERT(sign_is_valid(&X)); 1146 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1147 1148exit: 1149 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1150} 1151/* END_CASE */ 1152 1153/* BEGIN_CASE */ 1154void mpi_shift_r(char *input_X, int shift_X, 1155 char *input_A) 1156{ 1157 mbedtls_mpi X, A; 1158 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1159 1160 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1161 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1162 TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0); 1163 TEST_ASSERT(sign_is_valid(&X)); 1164 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1165 1166exit: 1167 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1168} 1169/* END_CASE */ 1170 1171/* BEGIN_CASE */ 1172void mpi_fill_random(int wanted_bytes, int rng_bytes, 1173 int before, int expected_ret) 1174{ 1175 mbedtls_mpi X; 1176 int ret; 1177 size_t bytes_left = rng_bytes; 1178 mbedtls_mpi_init(&X); 1179 1180 if (before != 0) { 1181 /* Set X to sign(before) * 2^(|before|-1) */ 1182 TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0); 1183 if (before < 0) { 1184 before = -before; 1185 } 1186 TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0); 1187 } 1188 1189 ret = mbedtls_mpi_fill_random(&X, wanted_bytes, 1190 f_rng_bytes_left, &bytes_left); 1191 TEST_ASSERT(ret == expected_ret); 1192 1193 if (expected_ret == 0) { 1194 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1195 * as a big-endian representation of the number. We know when 1196 * our RNG function returns null bytes, so we know how many 1197 * leading zero bytes the number has. */ 1198 size_t leading_zeros = 0; 1199 if (wanted_bytes > 0 && rng_bytes % 256 == 0) { 1200 leading_zeros = 1; 1201 } 1202 TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros == 1203 (size_t) wanted_bytes); 1204 TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes); 1205 TEST_ASSERT(sign_is_valid(&X)); 1206 } 1207 1208exit: 1209 mbedtls_mpi_free(&X); 1210} 1211/* END_CASE */ 1212 1213/* BEGIN_CASE */ 1214void most_negative_mpi_sint() 1215{ 1216 /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We 1217 * guarantee that mbedtls_mpi_sint is a two's complement type, so this 1218 * is a valid value. However, negating it (`-n`) has undefined behavior 1219 * (although in practice `-n` evaluates to the value n). 1220 * 1221 * This function has ad hoc tests for this value. It's separated from other 1222 * functions because the test framework makes it hard to pass this value 1223 * into test cases. 1224 * 1225 * In the comments here: 1226 * - biL = number of bits in limbs 1227 * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) 1228 * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) 1229 */ 1230 1231 mbedtls_mpi A, R, X; 1232 mbedtls_mpi_init(&A); 1233 mbedtls_mpi_init(&R); 1234 mbedtls_mpi_init(&X); 1235 1236 mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1); 1237 const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; 1238 const mbedtls_mpi_sint most_negative = -most_positive - 1; 1239 TEST_EQUAL((mbedtls_mpi_uint) most_negative, 1240 (mbedtls_mpi_uint) 1 << (biL - 1)); 1241 TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0); 1242 1243 /* Test mbedtls_mpi_lset() */ 1244 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1245 TEST_EQUAL(A.s, -1); 1246 TEST_EQUAL(A.n, 1); 1247 TEST_EQUAL(A.p[0], most_positive_plus_1); 1248 1249 /* Test mbedtls_mpi_cmp_int(): -p == -p */ 1250 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0); 1251 1252 /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ 1253 A.p[0] = most_positive_plus_1 + 1; 1254 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1); 1255 1256 /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ 1257 A.p[0] = most_positive_plus_1 - 1; 1258 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1); 1259 1260 /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ 1261 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1262 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1263 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1264 1265 /* Test mbedtls_mpi_add_int(): (0) + (-p) */ 1266 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1267 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1268 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0); 1269 1270 /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ 1271 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1272 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1273 TEST_EQUAL(X.s, -1); 1274 TEST_EQUAL(X.n, 2); 1275 TEST_EQUAL(X.p[0], 0); 1276 TEST_EQUAL(X.p[1], 1); 1277 1278 /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ 1279 mbedtls_mpi_free(&X); 1280 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1281 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1282 TEST_EQUAL(X.s, 1); 1283 TEST_EQUAL(X.n, 1); 1284 TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0); 1285 1286 /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ 1287 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1288 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1289 TEST_EQUAL(X.s, 1); 1290 TEST_EQUAL(X.n, 1); 1291 TEST_EQUAL(X.p[0], most_positive_plus_1); 1292 1293 /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ 1294 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1295 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1296 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1297 1298 /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ 1299 TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0); 1300 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1301 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1302 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1303 1304 /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ 1305 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1306 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1307 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1308 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1309 1310 /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ 1311 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1312 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1313 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0); 1314 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1315 1316 /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ 1317 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1318 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1319 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1320 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1321 1322 /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ 1323 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1324 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1325 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1326 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0); 1327 1328 /* Test mbedtls_mpi_div_int(): (p) / (-p) */ 1329 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1330 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1331 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1332 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1333 1334 /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ 1335 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1336 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1337 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0); 1338 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1339 1340 /* Test mbedtls_mpi_mod_int(): never valid */ 1341 TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative), 1342 MBEDTLS_ERR_MPI_NEGATIVE_VALUE); 1343 1344 /* Test mbedtls_mpi_random(): never valid */ 1345 TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A, 1346 mbedtls_test_rnd_std_rand, NULL), 1347 MBEDTLS_ERR_MPI_BAD_INPUT_DATA); 1348 1349exit: 1350 mbedtls_mpi_free(&A); 1351 mbedtls_mpi_free(&R); 1352 mbedtls_mpi_free(&X); 1353} 1354/* END_CASE */ 1355 1356/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1357void mpi_selftest() 1358{ 1359 TEST_ASSERT(mbedtls_mpi_self_test(1) == 0); 1360} 1361/* END_CASE */ 1362
