1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/entropy.h" 4#include "constant_time_internal.h" 5#include "bignum_core.h" 6#include "bignum_internal.h" 7#include "test/constant_flow.h" 8 9#if MBEDTLS_MPI_MAX_BITS > 792 10#define MPI_MAX_BITS_LARGER_THAN_792 11#endif 12 13/* Check the validity of the sign bit in an MPI object. Reject representations 14 * that are not supported by the rest of the library and indicate a bug when 15 * constructing the value. */ 16static int sign_is_valid(const mbedtls_mpi *X) 17{ 18 /* Only +1 and -1 are valid sign bits, not e.g. 0 */ 19 if (X->s != 1 && X->s != -1) { 20 return 0; 21 } 22 23 /* The value 0 must be represented with the sign +1. A "negative zero" 24 * with s=-1 is an invalid representation. Forbid that. As an exception, 25 * we sometimes test the robustness of library functions when given 26 * a negative zero input. If a test case has a negative zero as input, 27 * we don't mind if the function has a negative zero output. */ 28 if (!mbedtls_test_get_case_uses_negative_0() && 29 mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { 30 return 0; 31 } 32 33 return 1; 34} 35 36#if defined(MBEDTLS_GENPRIME) 37typedef struct mbedtls_test_mpi_random { 38 data_t *data; 39 size_t pos; 40 size_t chunk_len; 41} mbedtls_test_mpi_random; 42 43/* 44 * This function is called by the Miller-Rabin primality test each time it 45 * chooses a random witness. The witnesses (or non-witnesses as provided by the 46 * test) are stored in the data member of the state structure. Each number is in 47 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 48 */ 49static int mbedtls_test_mpi_miller_rabin_determinizer(void *state, 50 unsigned char *buf, 51 size_t len) 52{ 53 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; 54 55 if (random == NULL || random->data->x == NULL || buf == NULL) { 56 return -1; 57 } 58 59 if (random->pos + random->chunk_len > random->data->len 60 || random->chunk_len > len) { 61 return -1; 62 } 63 64 memset(buf, 0, len); 65 66 /* The witness is written to the end of the buffer, since the buffer is 67 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 68 * Writing the witness to the start of the buffer would result in the 69 * buffer being 'witness 000...000', which would be treated as 70 * witness * 2^n for some n. */ 71 memcpy(buf + len - random->chunk_len, &random->data->x[random->pos], 72 random->chunk_len); 73 74 random->pos += random->chunk_len; 75 76 return 0; 77} 78#endif /* MBEDTLS_GENPRIME */ 79 80/* Random generator that is told how many bytes to return. */ 81static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) 82{ 83 size_t *bytes_left = state; 84 size_t i; 85 for (i = 0; i < len; i++) { 86 if (*bytes_left == 0) { 87 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 88 } 89 buf[i] = *bytes_left & 0xff; 90 --(*bytes_left); 91 } 92 return 0; 93} 94 95/* END_HEADER */ 96 97/* BEGIN_DEPENDENCIES 98 * depends_on:MBEDTLS_BIGNUM_C 99 * END_DEPENDENCIES 100 */ 101 102/* BEGIN_CASE */ 103void mpi_null() 104{ 105 mbedtls_mpi X, Y, Z; 106 107 mbedtls_mpi_init(&X); 108 mbedtls_mpi_init(&Y); 109 mbedtls_mpi_init(&Z); 110 111 TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0); 112 TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0); 113 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0); 114 TEST_ASSERT(mbedtls_mpi_size(&X) == 0); 115 116exit: 117 mbedtls_mpi_free(&X); 118} 119/* END_CASE */ 120 121/* BEGIN_CASE */ 122void mpi_read_write_string(int radix_X, char *input_X, int radix_A, 123 char *input_A, int output_size, int result_read, 124 int result_write) 125{ 126 mbedtls_mpi X; 127 char str[1000]; 128 size_t len; 129 130 mbedtls_mpi_init(&X); 131 132 memset(str, '!', sizeof(str)); 133 134 TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read); 135 if (result_read == 0) { 136 TEST_ASSERT(sign_is_valid(&X)); 137 TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write); 138 if (result_write == 0) { 139 TEST_ASSERT(strcmp(str, input_A) == 0); 140 TEST_ASSERT(str[len] == '!'); 141 } 142 } 143 144exit: 145 mbedtls_mpi_free(&X); 146} 147/* END_CASE */ 148 149/* BEGIN_CASE */ 150void mpi_zero_length_buffer_is_null() 151{ 152 mbedtls_mpi X; 153 size_t olen; 154 155 mbedtls_mpi_init(&X); 156 157 /* Simply test that the following functions do not crash when a NULL buffer 158 * pointer and 0 length is passed. We don't care much about the return value. */ 159 TEST_EQUAL(mbedtls_mpi_read_binary(&X, NULL, 0), 0); 160 TEST_EQUAL(mbedtls_mpi_read_binary_le(&X, NULL, 0), 0); 161 TEST_EQUAL(mbedtls_mpi_write_string(&X, 16, NULL, 0, &olen), MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); 162 TEST_EQUAL(mbedtls_mpi_write_binary(&X, NULL, 0), 0); 163 164exit: 165 mbedtls_mpi_free(&X); 166} 167/* END_CASE */ 168 169/* BEGIN_CASE */ 170void mpi_read_binary(data_t *buf, char *input_A) 171{ 172 mbedtls_mpi X; 173 char str[1000]; 174 size_t len; 175 176 mbedtls_mpi_init(&X); 177 178 179 TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0); 180 TEST_ASSERT(sign_is_valid(&X)); 181 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 182 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 183 184exit: 185 mbedtls_mpi_free(&X); 186} 187/* END_CASE */ 188 189/* BEGIN_CASE */ 190void mpi_read_binary_le(data_t *buf, char *input_A) 191{ 192 mbedtls_mpi X; 193 char str[1000]; 194 size_t len; 195 196 mbedtls_mpi_init(&X); 197 198 199 TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0); 200 TEST_ASSERT(sign_is_valid(&X)); 201 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 202 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 203 204exit: 205 mbedtls_mpi_free(&X); 206} 207/* END_CASE */ 208 209/* BEGIN_CASE */ 210void mpi_write_binary(char *input_X, data_t *input_A, 211 int output_size, int result) 212{ 213 mbedtls_mpi X; 214 unsigned char buf[1000]; 215 size_t buflen; 216 217 memset(buf, 0x00, 1000); 218 219 mbedtls_mpi_init(&X); 220 221 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 222 223 buflen = mbedtls_mpi_size(&X); 224 if (buflen > (size_t) output_size) { 225 buflen = (size_t) output_size; 226 } 227 228 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result); 229 if (result == 0) { 230 231 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 232 buflen, input_A->len) == 0); 233 } 234 235exit: 236 mbedtls_mpi_free(&X); 237} 238/* END_CASE */ 239 240/* BEGIN_CASE */ 241void mpi_write_binary_le(char *input_X, data_t *input_A, 242 int output_size, int result) 243{ 244 mbedtls_mpi X; 245 unsigned char buf[1000]; 246 size_t buflen; 247 248 memset(buf, 0x00, 1000); 249 250 mbedtls_mpi_init(&X); 251 252 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 253 254 buflen = mbedtls_mpi_size(&X); 255 if (buflen > (size_t) output_size) { 256 buflen = (size_t) output_size; 257 } 258 259 TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result); 260 if (result == 0) { 261 262 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 263 buflen, input_A->len) == 0); 264 } 265 266exit: 267 mbedtls_mpi_free(&X); 268} 269/* END_CASE */ 270 271/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 272void mpi_read_file(char *input_file, data_t *input_A, int result) 273{ 274 mbedtls_mpi X; 275 unsigned char buf[1000]; 276 size_t buflen; 277 FILE *file; 278 int ret; 279 280 memset(buf, 0x00, 1000); 281 282 mbedtls_mpi_init(&X); 283 284 file = fopen(input_file, "r"); 285 TEST_ASSERT(file != NULL); 286 ret = mbedtls_mpi_read_file(&X, 16, file); 287 fclose(file); 288 TEST_ASSERT(ret == result); 289 290 if (result == 0) { 291 TEST_ASSERT(sign_is_valid(&X)); 292 buflen = mbedtls_mpi_size(&X); 293 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0); 294 295 296 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 297 buflen, input_A->len) == 0); 298 } 299 300exit: 301 mbedtls_mpi_free(&X); 302} 303/* END_CASE */ 304 305/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 306void mpi_write_file(char *input_X, char *output_file) 307{ 308 mbedtls_mpi X, Y; 309 FILE *file_out, *file_in; 310 int ret; 311 312 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 313 314 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 315 316 file_out = fopen(output_file, "w"); 317 TEST_ASSERT(file_out != NULL); 318 ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out); 319 fclose(file_out); 320 TEST_ASSERT(ret == 0); 321 322 file_in = fopen(output_file, "r"); 323 TEST_ASSERT(file_in != NULL); 324 ret = mbedtls_mpi_read_file(&Y, 16, file_in); 325 fclose(file_in); 326 TEST_ASSERT(ret == 0); 327 328 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 329 330exit: 331 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 332} 333/* END_CASE */ 334 335/* BEGIN_CASE */ 336void mpi_get_bit(char *input_X, int pos, int val) 337{ 338 mbedtls_mpi X; 339 mbedtls_mpi_init(&X); 340 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 341 TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val); 342 343exit: 344 mbedtls_mpi_free(&X); 345} 346/* END_CASE */ 347 348/* BEGIN_CASE */ 349void mpi_set_bit(char *input_X, int pos, int val, 350 char *output_Y, int result) 351{ 352 mbedtls_mpi X, Y; 353 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 354 355 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 356 TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0); 357 TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result); 358 359 if (result == 0) { 360 TEST_ASSERT(sign_is_valid(&X)); 361 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 362 } 363 364exit: 365 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 366} 367/* END_CASE */ 368 369/* BEGIN_CASE */ 370void mpi_lsb(char *input_X, int nr_bits) 371{ 372 mbedtls_mpi X; 373 mbedtls_mpi_init(&X); 374 375 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 376 TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits); 377 378exit: 379 mbedtls_mpi_free(&X); 380} 381/* END_CASE */ 382 383/* BEGIN_CASE */ 384void mpi_bitlen(char *input_X, int nr_bits) 385{ 386 mbedtls_mpi X; 387 mbedtls_mpi_init(&X); 388 389 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 390 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits); 391 392exit: 393 mbedtls_mpi_free(&X); 394} 395/* END_CASE */ 396 397/* BEGIN_CASE */ 398void mpi_gcd(char *input_X, char *input_Y, 399 char *input_A) 400{ 401 mbedtls_mpi A, X, Y, Z; 402 mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 403 404 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 405 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 406 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 407 TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0); 408 TEST_ASSERT(sign_is_valid(&Z)); 409 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 410 411exit: 412 mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 413} 414/* END_CASE */ 415 416/* BEGIN_CASE */ 417void mpi_cmp_int(int input_X, int input_A, int result_CMP) 418{ 419 mbedtls_mpi X; 420 mbedtls_mpi_init(&X); 421 422 TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0); 423 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP); 424 425exit: 426 mbedtls_mpi_free(&X); 427} 428/* END_CASE */ 429 430/* BEGIN_CASE */ 431void mpi_cmp_mpi(char *input_X, char *input_Y, 432 int input_A) 433{ 434 mbedtls_mpi X, Y; 435 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 436 437 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 438 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 439 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A); 440 441exit: 442 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 443} 444/* END_CASE */ 445 446/* BEGIN_CASE */ 447void mpi_lt_mpi_ct(int size_X, char *input_X, 448 int size_Y, char *input_Y, 449 int input_ret, int input_err) 450{ 451 unsigned ret = -1; 452 unsigned input_uret = input_ret; 453 mbedtls_mpi X, Y; 454 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 455 456 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 457 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 458 459 TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0); 460 TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0); 461 462 TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err); 463 if (input_err == 0) { 464 TEST_EQUAL(ret, input_uret); 465 } 466 467exit: 468 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 469} 470/* END_CASE */ 471 472/* BEGIN_CASE */ 473void mpi_cmp_abs(char *input_X, char *input_Y, 474 int input_A) 475{ 476 mbedtls_mpi X, Y; 477 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 478 479 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 480 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 481 TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A); 482 483exit: 484 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 485} 486/* END_CASE */ 487 488/* BEGIN_CASE */ 489void mpi_copy(char *src_hex, char *dst_hex) 490{ 491 mbedtls_mpi src, dst, ref; 492 mbedtls_mpi_init(&src); 493 mbedtls_mpi_init(&dst); 494 mbedtls_mpi_init(&ref); 495 496 TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0); 497 TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0); 498 499 /* mbedtls_mpi_copy() */ 500 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 501 TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0); 502 TEST_ASSERT(sign_is_valid(&dst)); 503 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 504 505 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 506 mbedtls_mpi_free(&dst); 507 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 508 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0); 509 TEST_ASSERT(sign_is_valid(&dst)); 510 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 511 512 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 513 mbedtls_mpi_free(&dst); 514 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 515 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0); 516 TEST_ASSERT(sign_is_valid(&dst)); 517 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0); 518 519exit: 520 mbedtls_mpi_free(&src); 521 mbedtls_mpi_free(&dst); 522 mbedtls_mpi_free(&ref); 523} 524/* END_CASE */ 525 526/* BEGIN_CASE */ 527void mpi_copy_self(char *input_X) 528{ 529 mbedtls_mpi X, A; 530 mbedtls_mpi_init(&A); 531 mbedtls_mpi_init(&X); 532 533 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 534 TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0); 535 536 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0); 537 TEST_ASSERT(sign_is_valid(&X)); 538 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 539 540exit: 541 mbedtls_mpi_free(&A); 542 mbedtls_mpi_free(&X); 543} 544/* END_CASE */ 545 546/* BEGIN_CASE */ 547void mpi_swap(char *X_hex, char *Y_hex) 548{ 549 mbedtls_mpi X, Y, X0, Y0; 550 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 551 mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0); 552 553 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 554 TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0); 555 556 /* mbedtls_mpi_swap() */ 557 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 558 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 559 mbedtls_mpi_swap(&X, &Y); 560 TEST_ASSERT(sign_is_valid(&X)); 561 TEST_ASSERT(sign_is_valid(&Y)); 562 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 563 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 564 565 /* mbedtls_mpi_safe_cond_swap(), swap done */ 566 mbedtls_mpi_free(&X); 567 mbedtls_mpi_free(&Y); 568 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 569 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 570 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0); 571 TEST_ASSERT(sign_is_valid(&X)); 572 TEST_ASSERT(sign_is_valid(&Y)); 573 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 574 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 575 576 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 577 mbedtls_mpi_free(&X); 578 mbedtls_mpi_free(&Y); 579 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 580 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 581 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0); 582 TEST_ASSERT(sign_is_valid(&X)); 583 TEST_ASSERT(sign_is_valid(&Y)); 584 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 585 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0); 586 587exit: 588 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 589 mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0); 590} 591/* END_CASE */ 592 593/* BEGIN_CASE */ 594void mpi_swap_self(char *X_hex) 595{ 596 mbedtls_mpi X, X0; 597 mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0); 598 599 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 600 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 601 602 mbedtls_mpi_swap(&X, &X); 603 TEST_ASSERT(sign_is_valid(&X)); 604 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 605 606exit: 607 mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0); 608} 609/* END_CASE */ 610 611/* BEGIN_CASE */ 612void mpi_shrink(int before, int used, int min, int after) 613{ 614 mbedtls_mpi X; 615 mbedtls_mpi_init(&X); 616 617 TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0); 618 if (used > 0) { 619 size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint); 620 TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0); 621 } 622 TEST_EQUAL(X.n, (size_t) before); 623 TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0); 624 TEST_EQUAL(X.n, (size_t) after); 625 626exit: 627 mbedtls_mpi_free(&X); 628} 629/* END_CASE */ 630 631/* BEGIN_CASE */ 632void mpi_add_mpi(char *input_X, char *input_Y, 633 char *input_A) 634{ 635 mbedtls_mpi X, Y, Z, A; 636 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 637 638 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 639 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 640 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 641 TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0); 642 TEST_ASSERT(sign_is_valid(&Z)); 643 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 644 645 /* result == first operand */ 646 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0); 647 TEST_ASSERT(sign_is_valid(&X)); 648 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 649 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 650 651 /* result == second operand */ 652 TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0); 653 TEST_ASSERT(sign_is_valid(&Y)); 654 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 655 656exit: 657 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 658} 659/* END_CASE */ 660 661/* BEGIN_CASE */ 662void mpi_add_mpi_inplace(char *input_X, char *input_A) 663{ 664 mbedtls_mpi X, A; 665 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 666 667 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 668 669 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 670 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0); 671 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0); 672 TEST_ASSERT(sign_is_valid(&X)); 673 674 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 675 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0); 676 TEST_ASSERT(sign_is_valid(&X)); 677 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 678 679 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 680 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0); 681 TEST_ASSERT(sign_is_valid(&X)); 682 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 683 684exit: 685 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 686} 687/* END_CASE */ 688 689 690/* BEGIN_CASE */ 691void mpi_add_abs(char *input_X, char *input_Y, 692 char *input_A) 693{ 694 mbedtls_mpi X, Y, Z, A; 695 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 696 697 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 698 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 699 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 700 TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0); 701 TEST_ASSERT(sign_is_valid(&Z)); 702 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 703 704 /* result == first operand */ 705 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0); 706 TEST_ASSERT(sign_is_valid(&X)); 707 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 708 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 709 710 /* result == second operand */ 711 TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0); 712 TEST_ASSERT(sign_is_valid(&Y)); 713 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 714 715exit: 716 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 717} 718/* END_CASE */ 719 720/* BEGIN_CASE */ 721void mpi_add_int(char *input_X, int input_Y, 722 char *input_A) 723{ 724 mbedtls_mpi X, Z, A; 725 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 726 727 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 728 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 729 TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0); 730 TEST_ASSERT(sign_is_valid(&Z)); 731 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 732 733exit: 734 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 735} 736/* END_CASE */ 737 738/* BEGIN_CASE */ 739void mpi_sub_mpi(char *input_X, char *input_Y, 740 char *input_A) 741{ 742 mbedtls_mpi X, Y, Z, A; 743 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 744 745 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 746 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 747 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 748 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0); 749 TEST_ASSERT(sign_is_valid(&Z)); 750 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 751 752 /* result == first operand */ 753 TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0); 754 TEST_ASSERT(sign_is_valid(&X)); 755 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 756 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 757 758 /* result == second operand */ 759 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0); 760 TEST_ASSERT(sign_is_valid(&Y)); 761 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 762 763exit: 764 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 765} 766/* END_CASE */ 767 768/* BEGIN_CASE */ 769void mpi_sub_abs(char *input_X, char *input_Y, 770 char *input_A, int sub_result) 771{ 772 mbedtls_mpi X, Y, Z, A; 773 int res; 774 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 775 776 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 777 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 778 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 779 780 res = mbedtls_mpi_sub_abs(&Z, &X, &Y); 781 TEST_ASSERT(res == sub_result); 782 TEST_ASSERT(sign_is_valid(&Z)); 783 if (res == 0) { 784 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 785 } 786 787 /* result == first operand */ 788 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result); 789 TEST_ASSERT(sign_is_valid(&X)); 790 if (sub_result == 0) { 791 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 792 } 793 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 794 795 /* result == second operand */ 796 TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result); 797 TEST_ASSERT(sign_is_valid(&Y)); 798 if (sub_result == 0) { 799 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 800 } 801 802exit: 803 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 804} 805/* END_CASE */ 806 807/* BEGIN_CASE */ 808void mpi_sub_int(char *input_X, int input_Y, 809 char *input_A) 810{ 811 mbedtls_mpi X, Z, A; 812 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 813 814 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 815 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 816 TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0); 817 TEST_ASSERT(sign_is_valid(&Z)); 818 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 819 820exit: 821 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 822} 823/* END_CASE */ 824 825/* BEGIN_CASE */ 826void mpi_mul_mpi(char *input_X, char *input_Y, 827 char *input_A) 828{ 829 mbedtls_mpi X, Y, Z, A; 830 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 831 832 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 833 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 834 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 835 TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0); 836 TEST_ASSERT(sign_is_valid(&Z)); 837 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 838 839exit: 840 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 841} 842/* END_CASE */ 843 844/* BEGIN_CASE */ 845void mpi_mul_int(char *input_X, int input_Y, 846 char *input_A, char *result_comparison) 847{ 848 mbedtls_mpi X, Z, A; 849 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 850 851 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 852 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 853 TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0); 854 TEST_ASSERT(sign_is_valid(&Z)); 855 if (strcmp(result_comparison, "==") == 0) { 856 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 857 } else if (strcmp(result_comparison, "!=") == 0) { 858 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0); 859 } else { 860 TEST_FAIL("unknown operator"); 861 } 862 863exit: 864 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 865} 866/* END_CASE */ 867 868/* BEGIN_CASE */ 869void mpi_div_mpi(char *input_X, char *input_Y, 870 char *input_A, char *input_B, 871 int div_result) 872{ 873 mbedtls_mpi X, Y, Q, R, A, B; 874 int res; 875 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); 876 mbedtls_mpi_init(&A); mbedtls_mpi_init(&B); 877 878 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 879 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 880 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 881 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 882 res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y); 883 TEST_ASSERT(res == div_result); 884 if (res == 0) { 885 TEST_ASSERT(sign_is_valid(&Q)); 886 TEST_ASSERT(sign_is_valid(&R)); 887 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 888 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 889 } 890 891exit: 892 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); 893 mbedtls_mpi_free(&A); mbedtls_mpi_free(&B); 894} 895/* END_CASE */ 896 897/* BEGIN_CASE */ 898void mpi_div_int(char *input_X, int input_Y, 899 char *input_A, char *input_B, 900 int div_result) 901{ 902 mbedtls_mpi X, Q, R, A, B; 903 int res; 904 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A); 905 mbedtls_mpi_init(&B); 906 907 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 908 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 909 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 910 res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y); 911 TEST_ASSERT(res == div_result); 912 if (res == 0) { 913 TEST_ASSERT(sign_is_valid(&Q)); 914 TEST_ASSERT(sign_is_valid(&R)); 915 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 916 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 917 } 918 919exit: 920 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A); 921 mbedtls_mpi_free(&B); 922} 923/* END_CASE */ 924 925/* BEGIN_CASE */ 926void mpi_mod_mpi(char *input_X, char *input_Y, 927 char *input_A, int div_result) 928{ 929 mbedtls_mpi X, Y, A; 930 int res; 931 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A); 932 933 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 934 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 935 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 936 res = mbedtls_mpi_mod_mpi(&X, &X, &Y); 937 TEST_ASSERT(res == div_result); 938 if (res == 0) { 939 TEST_ASSERT(sign_is_valid(&X)); 940 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 941 } 942 943exit: 944 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A); 945} 946/* END_CASE */ 947 948/* BEGIN_CASE */ 949void mpi_mod_int(char *input_X, mbedtls_mpi_sint y, 950 mbedtls_mpi_sint a, int mod_result) 951{ 952 mbedtls_mpi X; 953 int res; 954 mbedtls_mpi_uint r; 955 956 mbedtls_mpi_init(&X); 957 958 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 959 960 res = mbedtls_mpi_mod_int(&r, &X, y); 961 TEST_EQUAL(res, mod_result); 962 if (res == 0) { 963 TEST_EQUAL(r, a); 964 } 965 966exit: 967 mbedtls_mpi_free(&X); 968} 969/* END_CASE */ 970 971/* BEGIN_CASE */ 972void mpi_exp_mod_min_RR(char *input_A, char *input_E, 973 char *input_N, char *input_X, 974 int exp_result) 975{ 976 mbedtls_mpi A, E, N, RR, Z, X; 977 int res; 978 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 979 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 980 981 TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0); 982 TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); 983 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); 984 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 985 986 TEST_EQUAL(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N), 0); 987 TEST_EQUAL(mbedtls_mpi_shrink(&RR, 0), 0); 988 /* The objective of this test is to check that exp_mod defends 989 * against a smaller RR. */ 990 TEST_LE_U(RR.n, N.n - 1); 991 992 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 993 /* We know that exp_mod internally needs RR to be as large as N. 994 * Validate that it is the case now, otherwise there was probably 995 * a buffer overread. */ 996 TEST_EQUAL(RR.n, N.n); 997 998 TEST_EQUAL(res, exp_result); 999 if (res == 0) { 1000 TEST_EQUAL(sign_is_valid(&Z), 1); 1001 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &X), 0); 1002 } 1003 1004exit: 1005 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1006 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1007} 1008/* END_CASE */ 1009 1010/* BEGIN_CASE */ 1011void mpi_exp_mod(char *input_A, char *input_E, 1012 char *input_N, char *input_X, 1013 int exp_result) 1014{ 1015 mbedtls_mpi A, E, N, RR, Z, X; 1016 int res; 1017 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1018 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 1019 1020 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1021 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1022 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1023 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1024 1025 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL); 1026 TEST_ASSERT(res == exp_result); 1027 if (res == 0) { 1028 TEST_ASSERT(sign_is_valid(&Z)); 1029 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1030 } 1031 1032 /* Now test again with the speed-up parameter supplied as an output. */ 1033 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1034 TEST_ASSERT(res == exp_result); 1035 if (res == 0) { 1036 TEST_ASSERT(sign_is_valid(&Z)); 1037 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1038 } 1039 1040 /* Now test again with the speed-up parameter supplied in calculated form. */ 1041 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1042 TEST_ASSERT(res == exp_result); 1043 if (res == 0) { 1044 TEST_ASSERT(sign_is_valid(&Z)); 1045 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1046 } 1047 1048exit: 1049 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1050 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1051} 1052/* END_CASE */ 1053 1054/* BEGIN_CASE */ 1055void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes, 1056 char *input_RR, int exp_result) 1057{ 1058 mbedtls_mpi A, E, N, RR, Z; 1059 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1060 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); 1061 1062 /* Set A to 2^(A_bytes - 1) + 1 */ 1063 TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0); 1064 TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0); 1065 TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0); 1066 1067 /* Set E to 2^(E_bytes - 1) + 1 */ 1068 TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0); 1069 TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0); 1070 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0); 1071 1072 /* Set N to 2^(N_bytes - 1) + 1 */ 1073 TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0); 1074 TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0); 1075 TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0); 1076 1077 if (strlen(input_RR)) { 1078 TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0); 1079 } 1080 1081 TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result); 1082 1083exit: 1084 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1085 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); 1086} 1087/* END_CASE */ 1088 1089/* BEGIN_CASE */ 1090void mpi_inv_mod(char *input_X, char *input_Y, 1091 char *input_A, int div_result) 1092{ 1093 mbedtls_mpi X, Y, Z, A; 1094 int res; 1095 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1096 1097 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1098 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1099 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1100 res = mbedtls_mpi_inv_mod(&Z, &X, &Y); 1101 TEST_ASSERT(res == div_result); 1102 if (res == 0) { 1103 TEST_ASSERT(sign_is_valid(&Z)); 1104 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1105 } 1106 1107exit: 1108 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1109} 1110/* END_CASE */ 1111 1112/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1113void mpi_is_prime(char *input_X, int div_result) 1114{ 1115 mbedtls_mpi X; 1116 int res; 1117 mbedtls_mpi_init(&X); 1118 1119 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1120 res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL); 1121 TEST_ASSERT(res == div_result); 1122 1123exit: 1124 mbedtls_mpi_free(&X); 1125} 1126/* END_CASE */ 1127 1128/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1129void mpi_is_prime_det(data_t *input_X, data_t *witnesses, 1130 int chunk_len, int rounds) 1131{ 1132 mbedtls_mpi X; 1133 int res; 1134 mbedtls_test_mpi_random rand; 1135 1136 mbedtls_mpi_init(&X); 1137 rand.data = witnesses; 1138 rand.pos = 0; 1139 rand.chunk_len = chunk_len; 1140 1141 TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0); 1142 res = mbedtls_mpi_is_prime_ext(&X, rounds - 1, 1143 mbedtls_test_mpi_miller_rabin_determinizer, 1144 &rand); 1145 TEST_ASSERT(res == 0); 1146 1147 rand.data = witnesses; 1148 rand.pos = 0; 1149 rand.chunk_len = chunk_len; 1150 1151 res = mbedtls_mpi_is_prime_ext(&X, rounds, 1152 mbedtls_test_mpi_miller_rabin_determinizer, 1153 &rand); 1154 TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); 1155 1156exit: 1157 mbedtls_mpi_free(&X); 1158} 1159/* END_CASE */ 1160 1161/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1162void mpi_gen_prime(int bits, int flags, int ref_ret) 1163{ 1164 mbedtls_mpi X; 1165 int my_ret; 1166 1167 mbedtls_mpi_init(&X); 1168 1169 my_ret = mbedtls_mpi_gen_prime(&X, bits, flags, 1170 mbedtls_test_rnd_std_rand, NULL); 1171 TEST_ASSERT(my_ret == ref_ret); 1172 1173 if (ref_ret == 0) { 1174 size_t actual_bits = mbedtls_mpi_bitlen(&X); 1175 1176 TEST_ASSERT(actual_bits >= (size_t) bits); 1177 TEST_ASSERT(actual_bits <= (size_t) bits + 1); 1178 TEST_ASSERT(sign_is_valid(&X)); 1179 1180 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1181 mbedtls_test_rnd_std_rand, 1182 NULL) == 0); 1183 if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) { 1184 /* X = ( X - 1 ) / 2 */ 1185 TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0); 1186 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1187 mbedtls_test_rnd_std_rand, 1188 NULL) == 0); 1189 } 1190 } 1191 1192exit: 1193 mbedtls_mpi_free(&X); 1194} 1195/* END_CASE */ 1196 1197/* BEGIN_CASE */ 1198void mpi_shift_l(char *input_X, int shift_X, 1199 char *input_A) 1200{ 1201 mbedtls_mpi X, A; 1202 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1203 1204 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1205 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1206 TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0); 1207 TEST_ASSERT(sign_is_valid(&X)); 1208 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1209 1210exit: 1211 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1212} 1213/* END_CASE */ 1214 1215/* BEGIN_CASE */ 1216void mpi_shift_r(char *input_X, int shift_X, 1217 char *input_A) 1218{ 1219 mbedtls_mpi X, A; 1220 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1221 1222 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1223 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1224 TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0); 1225 TEST_ASSERT(sign_is_valid(&X)); 1226 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1227 1228exit: 1229 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1230} 1231/* END_CASE */ 1232 1233/* BEGIN_CASE */ 1234void mpi_fill_random(int wanted_bytes, int rng_bytes, 1235 int before, int expected_ret) 1236{ 1237 mbedtls_mpi X; 1238 int ret; 1239 size_t bytes_left = rng_bytes; 1240 mbedtls_mpi_init(&X); 1241 1242 if (before != 0) { 1243 /* Set X to sign(before) * 2^(|before|-1) */ 1244 TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0); 1245 if (before < 0) { 1246 before = -before; 1247 } 1248 TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0); 1249 } 1250 1251 ret = mbedtls_mpi_fill_random(&X, wanted_bytes, 1252 f_rng_bytes_left, &bytes_left); 1253 TEST_ASSERT(ret == expected_ret); 1254 1255 if (expected_ret == 0) { 1256 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1257 * as a big-endian representation of the number. We know when 1258 * our RNG function returns null bytes, so we know how many 1259 * leading zero bytes the number has. */ 1260 size_t leading_zeros = 0; 1261 if (wanted_bytes > 0 && rng_bytes % 256 == 0) { 1262 leading_zeros = 1; 1263 } 1264 TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros == 1265 (size_t) wanted_bytes); 1266 TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes); 1267 TEST_ASSERT(sign_is_valid(&X)); 1268 } 1269 1270exit: 1271 mbedtls_mpi_free(&X); 1272} 1273/* END_CASE */ 1274 1275/* BEGIN_CASE */ 1276void most_negative_mpi_sint() 1277{ 1278 /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We 1279 * guarantee that mbedtls_mpi_sint is a two's complement type, so this 1280 * is a valid value. However, negating it (`-n`) has undefined behavior 1281 * (although in practice `-n` evaluates to the value n). 1282 * 1283 * This function has ad hoc tests for this value. It's separated from other 1284 * functions because the test framework makes it hard to pass this value 1285 * into test cases. 1286 * 1287 * In the comments here: 1288 * - biL = number of bits in limbs 1289 * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) 1290 * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) 1291 */ 1292 1293 mbedtls_mpi A, R, X; 1294 mbedtls_mpi_init(&A); 1295 mbedtls_mpi_init(&R); 1296 mbedtls_mpi_init(&X); 1297 1298 mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1); 1299 const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; 1300 const mbedtls_mpi_sint most_negative = -most_positive - 1; 1301 TEST_EQUAL((mbedtls_mpi_uint) most_negative, 1302 (mbedtls_mpi_uint) 1 << (biL - 1)); 1303 TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0); 1304 1305 /* Test mbedtls_mpi_lset() */ 1306 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1307 TEST_EQUAL(A.s, -1); 1308 TEST_EQUAL(A.n, 1); 1309 TEST_EQUAL(A.p[0], most_positive_plus_1); 1310 1311 /* Test mbedtls_mpi_cmp_int(): -p == -p */ 1312 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0); 1313 1314 /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ 1315 A.p[0] = most_positive_plus_1 + 1; 1316 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1); 1317 1318 /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ 1319 A.p[0] = most_positive_plus_1 - 1; 1320 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1); 1321 1322 /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ 1323 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1324 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1325 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1326 1327 /* Test mbedtls_mpi_add_int(): (0) + (-p) */ 1328 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1329 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1330 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0); 1331 1332 /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ 1333 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1334 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1335 TEST_EQUAL(X.s, -1); 1336 TEST_EQUAL(X.n, 2); 1337 TEST_EQUAL(X.p[0], 0); 1338 TEST_EQUAL(X.p[1], 1); 1339 1340 /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ 1341 mbedtls_mpi_free(&X); 1342 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1343 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1344 TEST_EQUAL(X.s, 1); 1345 TEST_EQUAL(X.n, 1); 1346 TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0); 1347 1348 /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ 1349 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1350 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1351 TEST_EQUAL(X.s, 1); 1352 TEST_EQUAL(X.n, 1); 1353 TEST_EQUAL(X.p[0], most_positive_plus_1); 1354 1355 /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ 1356 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1357 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1358 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1359 1360 /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ 1361 TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0); 1362 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1363 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1364 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1365 1366 /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ 1367 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1368 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1369 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1370 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1371 1372 /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ 1373 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1374 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1375 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0); 1376 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1377 1378 /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ 1379 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1380 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1381 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1382 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1383 1384 /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ 1385 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1386 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1387 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1388 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0); 1389 1390 /* Test mbedtls_mpi_div_int(): (p) / (-p) */ 1391 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1392 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1393 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1394 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1395 1396 /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ 1397 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1398 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1399 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0); 1400 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1401 1402 /* Test mbedtls_mpi_mod_int(): never valid */ 1403 TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative), 1404 MBEDTLS_ERR_MPI_NEGATIVE_VALUE); 1405 1406 /* Test mbedtls_mpi_random(): never valid */ 1407 TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A, 1408 mbedtls_test_rnd_std_rand, NULL), 1409 MBEDTLS_ERR_MPI_BAD_INPUT_DATA); 1410 1411exit: 1412 mbedtls_mpi_free(&A); 1413 mbedtls_mpi_free(&R); 1414 mbedtls_mpi_free(&X); 1415} 1416/* END_CASE */ 1417 1418/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1419void mpi_selftest() 1420{ 1421 TEST_ASSERT(mbedtls_mpi_self_test(1) == 0); 1422} 1423/* END_CASE */ 1424
