test_suite_bignum.function (45184B)
1 /* BEGIN_HEADER */ 2 #include "mbedtls/bignum.h" 3 #include "mbedtls/entropy.h" 4 #include "constant_time_internal.h" 5 #include "bignum_core.h" 6 #include "bignum_internal.h" 7 #include "test/constant_flow.h" 8 #include "test/bignum_codepath_check.h" 9 10 #if MBEDTLS_MPI_MAX_BITS > 792 11 #define MPI_MAX_BITS_LARGER_THAN_792 12 #endif 13 14 /* Check the validity of the sign bit in an MPI object. Reject representations 15 * that are not supported by the rest of the library and indicate a bug when 16 * constructing the value. */ 17 static int sign_is_valid(const mbedtls_mpi *X) 18 { 19 /* Only +1 and -1 are valid sign bits, not e.g. 0 */ 20 if (X->s != 1 && X->s != -1) { 21 return 0; 22 } 23 24 /* The value 0 must be represented with the sign +1. A "negative zero" 25 * with s=-1 is an invalid representation. Forbid that. As an exception, 26 * we sometimes test the robustness of library functions when given 27 * a negative zero input. If a test case has a negative zero as input, 28 * we don't mind if the function has a negative zero output. */ 29 if (!mbedtls_test_get_case_uses_negative_0() && 30 mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { 31 return 0; 32 } 33 34 return 1; 35 } 36 37 #if defined(MBEDTLS_GENPRIME) 38 typedef struct mbedtls_test_mpi_random { 39 data_t *data; 40 size_t pos; 41 size_t chunk_len; 42 } mbedtls_test_mpi_random; 43 44 /* 45 * This function is called by the Miller-Rabin primality test each time it 46 * chooses a random witness. The witnesses (or non-witnesses as provided by the 47 * test) are stored in the data member of the state structure. Each number is in 48 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 49 */ 50 static int mbedtls_test_mpi_miller_rabin_determinizer(void *state, 51 unsigned char *buf, 52 size_t len) 53 { 54 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; 55 56 if (random == NULL || random->data->x == NULL || buf == NULL) { 57 return -1; 58 } 59 60 if (random->pos + random->chunk_len > random->data->len 61 || random->chunk_len > len) { 62 return -1; 63 } 64 65 memset(buf, 0, len); 66 67 /* The witness is written to the end of the buffer, since the buffer is 68 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 69 * Writing the witness to the start of the buffer would result in the 70 * buffer being 'witness 000...000', which would be treated as 71 * witness * 2^n for some n. */ 72 memcpy(buf + len - random->chunk_len, &random->data->x[random->pos], 73 random->chunk_len); 74 75 random->pos += random->chunk_len; 76 77 return 0; 78 } 79 #endif /* MBEDTLS_GENPRIME */ 80 81 /* Random generator that is told how many bytes to return. */ 82 static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) 83 { 84 size_t *bytes_left = state; 85 size_t i; 86 for (i = 0; i < len; i++) { 87 if (*bytes_left == 0) { 88 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 89 } 90 buf[i] = *bytes_left & 0xff; 91 --(*bytes_left); 92 } 93 return 0; 94 } 95 96 /* END_HEADER */ 97 98 /* BEGIN_DEPENDENCIES 99 * depends_on:MBEDTLS_BIGNUM_C 100 * END_DEPENDENCIES 101 */ 102 103 /* BEGIN_CASE */ 104 void mpi_null() 105 { 106 mbedtls_mpi X, Y, Z; 107 108 mbedtls_mpi_init(&X); 109 mbedtls_mpi_init(&Y); 110 mbedtls_mpi_init(&Z); 111 112 TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0); 113 TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0); 114 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0); 115 TEST_ASSERT(mbedtls_mpi_size(&X) == 0); 116 117 exit: 118 mbedtls_mpi_free(&X); 119 } 120 /* END_CASE */ 121 122 /* BEGIN_CASE */ 123 void mpi_read_write_string(int radix_X, char *input_X, int radix_A, 124 char *input_A, int output_size, int result_read, 125 int result_write) 126 { 127 mbedtls_mpi X; 128 char str[1000]; 129 size_t len; 130 131 mbedtls_mpi_init(&X); 132 133 memset(str, '!', sizeof(str)); 134 135 TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read); 136 if (result_read == 0) { 137 TEST_ASSERT(sign_is_valid(&X)); 138 TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write); 139 if (result_write == 0) { 140 TEST_ASSERT(strcmp(str, input_A) == 0); 141 TEST_ASSERT(str[len] == '!'); 142 } 143 } 144 145 exit: 146 mbedtls_mpi_free(&X); 147 } 148 /* END_CASE */ 149 150 /* BEGIN_CASE */ 151 void mpi_zero_length_buffer_is_null() 152 { 153 mbedtls_mpi X; 154 size_t olen; 155 156 mbedtls_mpi_init(&X); 157 158 /* Simply test that the following functions do not crash when a NULL buffer 159 * pointer and 0 length is passed. We don't care much about the return value. */ 160 TEST_EQUAL(mbedtls_mpi_read_binary(&X, NULL, 0), 0); 161 TEST_EQUAL(mbedtls_mpi_read_binary_le(&X, NULL, 0), 0); 162 TEST_EQUAL(mbedtls_mpi_write_string(&X, 16, NULL, 0, &olen), MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); 163 TEST_EQUAL(mbedtls_mpi_write_binary(&X, NULL, 0), 0); 164 165 exit: 166 mbedtls_mpi_free(&X); 167 } 168 /* END_CASE */ 169 170 /* BEGIN_CASE */ 171 void mpi_read_binary(data_t *buf, char *input_A) 172 { 173 mbedtls_mpi X; 174 char str[1000]; 175 size_t len; 176 177 mbedtls_mpi_init(&X); 178 179 180 TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0); 181 TEST_ASSERT(sign_is_valid(&X)); 182 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 183 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 184 185 exit: 186 mbedtls_mpi_free(&X); 187 } 188 /* END_CASE */ 189 190 /* BEGIN_CASE */ 191 void mpi_read_binary_le(data_t *buf, char *input_A) 192 { 193 mbedtls_mpi X; 194 char str[1000]; 195 size_t len; 196 197 mbedtls_mpi_init(&X); 198 199 200 TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0); 201 TEST_ASSERT(sign_is_valid(&X)); 202 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 203 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 204 205 exit: 206 mbedtls_mpi_free(&X); 207 } 208 /* END_CASE */ 209 210 /* BEGIN_CASE */ 211 void mpi_write_binary(char *input_X, data_t *input_A, 212 int output_size, int result) 213 { 214 mbedtls_mpi X; 215 mbedtls_mpi_init(&X); 216 unsigned char *buf = NULL; 217 218 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 219 220 TEST_CALLOC(buf, output_size); 221 222 TEST_EQUAL(mbedtls_mpi_write_binary(&X, buf, output_size), result); 223 224 if (result == 0) { 225 TEST_EQUAL(mbedtls_test_hexcmp(buf, input_A->x, 226 output_size, input_A->len), 0); 227 } 228 229 exit: 230 mbedtls_free(buf); 231 mbedtls_mpi_free(&X); 232 } 233 /* END_CASE */ 234 235 /* BEGIN_CASE */ 236 void mpi_write_binary_le(char *input_X, data_t *input_A, 237 int output_size, int result) 238 { 239 mbedtls_mpi X; 240 mbedtls_mpi_init(&X); 241 unsigned char *buf = NULL; 242 243 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 244 245 TEST_CALLOC(buf, output_size); 246 247 TEST_EQUAL(mbedtls_mpi_write_binary_le(&X, buf, output_size), result); 248 249 if (result == 0) { 250 TEST_EQUAL(mbedtls_test_hexcmp(buf, input_A->x, 251 output_size, input_A->len), 0); 252 } 253 254 exit: 255 mbedtls_free(buf); 256 mbedtls_mpi_free(&X); 257 } 258 /* END_CASE */ 259 260 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 261 void mpi_read_file(char *input_file, data_t *input_A, int result) 262 { 263 mbedtls_mpi X; 264 unsigned char buf[1000]; 265 size_t buflen; 266 FILE *file; 267 int ret; 268 269 memset(buf, 0x00, 1000); 270 271 mbedtls_mpi_init(&X); 272 273 file = fopen(input_file, "r"); 274 TEST_ASSERT(file != NULL); 275 ret = mbedtls_mpi_read_file(&X, 16, file); 276 fclose(file); 277 TEST_ASSERT(ret == result); 278 279 if (result == 0) { 280 TEST_ASSERT(sign_is_valid(&X)); 281 buflen = mbedtls_mpi_size(&X); 282 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0); 283 284 285 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 286 buflen, input_A->len) == 0); 287 } 288 289 exit: 290 mbedtls_mpi_free(&X); 291 } 292 /* END_CASE */ 293 294 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 295 void mpi_write_file(char *input_X, char *output_file) 296 { 297 mbedtls_mpi X, Y; 298 FILE *file_out, *file_in; 299 int ret; 300 301 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 302 303 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 304 305 file_out = fopen(output_file, "w"); 306 TEST_ASSERT(file_out != NULL); 307 ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out); 308 fclose(file_out); 309 TEST_ASSERT(ret == 0); 310 311 file_in = fopen(output_file, "r"); 312 TEST_ASSERT(file_in != NULL); 313 ret = mbedtls_mpi_read_file(&Y, 16, file_in); 314 fclose(file_in); 315 TEST_ASSERT(ret == 0); 316 317 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 318 319 exit: 320 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 321 } 322 /* END_CASE */ 323 324 /* BEGIN_CASE */ 325 void mpi_get_bit(char *input_X, int pos, int val) 326 { 327 mbedtls_mpi X; 328 mbedtls_mpi_init(&X); 329 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 330 TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val); 331 332 exit: 333 mbedtls_mpi_free(&X); 334 } 335 /* END_CASE */ 336 337 /* BEGIN_CASE */ 338 void mpi_set_bit(char *input_X, int pos, int val, 339 char *output_Y, int result) 340 { 341 mbedtls_mpi X, Y; 342 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 343 344 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 345 TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0); 346 TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result); 347 348 if (result == 0) { 349 TEST_ASSERT(sign_is_valid(&X)); 350 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 351 } 352 353 exit: 354 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 355 } 356 /* END_CASE */ 357 358 /* BEGIN_CASE */ 359 void mpi_lsb(char *input_X, int nr_bits) 360 { 361 mbedtls_mpi X; 362 mbedtls_mpi_init(&X); 363 364 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 365 TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits); 366 367 exit: 368 mbedtls_mpi_free(&X); 369 } 370 /* END_CASE */ 371 372 /* BEGIN_CASE */ 373 void mpi_bitlen(char *input_X, int nr_bits) 374 { 375 mbedtls_mpi X; 376 mbedtls_mpi_init(&X); 377 378 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 379 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits); 380 381 exit: 382 mbedtls_mpi_free(&X); 383 } 384 /* END_CASE */ 385 386 /* BEGIN_CASE */ 387 void mpi_gcd(char *input_X, char *input_Y, 388 char *input_A) 389 { 390 mbedtls_mpi A, X, Y, Z; 391 mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 392 393 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 394 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 395 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 396 TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0); 397 TEST_ASSERT(sign_is_valid(&Z)); 398 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 399 400 exit: 401 mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 402 } 403 /* END_CASE */ 404 405 /* BEGIN_CASE */ 406 void mpi_cmp_int(int input_X, int input_A, int result_CMP) 407 { 408 mbedtls_mpi X; 409 mbedtls_mpi_init(&X); 410 411 TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0); 412 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP); 413 414 exit: 415 mbedtls_mpi_free(&X); 416 } 417 /* END_CASE */ 418 419 /* BEGIN_CASE */ 420 void mpi_cmp_mpi(char *input_X, char *input_Y, 421 int input_A) 422 { 423 mbedtls_mpi X, Y; 424 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 425 426 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 427 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 428 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A); 429 430 exit: 431 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 432 } 433 /* END_CASE */ 434 435 /* BEGIN_CASE */ 436 void mpi_lt_mpi_ct(int size_X, char *input_X, 437 int size_Y, char *input_Y, 438 int input_ret, int input_err) 439 { 440 unsigned ret = -1; 441 unsigned input_uret = input_ret; 442 mbedtls_mpi X, Y; 443 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 444 445 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 446 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 447 448 TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0); 449 TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0); 450 451 TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err); 452 if (input_err == 0) { 453 TEST_EQUAL(ret, input_uret); 454 } 455 456 exit: 457 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 458 } 459 /* END_CASE */ 460 461 /* BEGIN_CASE */ 462 void mpi_cmp_abs(char *input_X, char *input_Y, 463 int input_A) 464 { 465 mbedtls_mpi X, Y; 466 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 467 468 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 469 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 470 TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A); 471 472 exit: 473 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 474 } 475 /* END_CASE */ 476 477 /* BEGIN_CASE */ 478 void mpi_copy(char *src_hex, char *dst_hex) 479 { 480 mbedtls_mpi src, dst, ref; 481 mbedtls_mpi_init(&src); 482 mbedtls_mpi_init(&dst); 483 mbedtls_mpi_init(&ref); 484 485 TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0); 486 TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0); 487 488 /* mbedtls_mpi_copy() */ 489 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 490 TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0); 491 TEST_ASSERT(sign_is_valid(&dst)); 492 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 493 494 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 495 mbedtls_mpi_free(&dst); 496 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 497 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0); 498 TEST_ASSERT(sign_is_valid(&dst)); 499 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 500 501 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 502 mbedtls_mpi_free(&dst); 503 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 504 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0); 505 TEST_ASSERT(sign_is_valid(&dst)); 506 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0); 507 508 exit: 509 mbedtls_mpi_free(&src); 510 mbedtls_mpi_free(&dst); 511 mbedtls_mpi_free(&ref); 512 } 513 /* END_CASE */ 514 515 /* BEGIN_CASE */ 516 void mpi_copy_self(char *input_X) 517 { 518 mbedtls_mpi X, A; 519 mbedtls_mpi_init(&A); 520 mbedtls_mpi_init(&X); 521 522 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 523 TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0); 524 525 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0); 526 TEST_ASSERT(sign_is_valid(&X)); 527 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 528 529 exit: 530 mbedtls_mpi_free(&A); 531 mbedtls_mpi_free(&X); 532 } 533 /* END_CASE */ 534 535 /* BEGIN_CASE */ 536 void mpi_swap(char *X_hex, char *Y_hex) 537 { 538 mbedtls_mpi X, Y, X0, Y0; 539 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 540 mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0); 541 542 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 543 TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0); 544 545 /* mbedtls_mpi_swap() */ 546 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 547 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 548 mbedtls_mpi_swap(&X, &Y); 549 TEST_ASSERT(sign_is_valid(&X)); 550 TEST_ASSERT(sign_is_valid(&Y)); 551 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 552 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 553 554 /* mbedtls_mpi_safe_cond_swap(), swap done */ 555 mbedtls_mpi_free(&X); 556 mbedtls_mpi_free(&Y); 557 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 558 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 559 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0); 560 TEST_ASSERT(sign_is_valid(&X)); 561 TEST_ASSERT(sign_is_valid(&Y)); 562 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 563 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 564 565 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 566 mbedtls_mpi_free(&X); 567 mbedtls_mpi_free(&Y); 568 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 569 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 570 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0); 571 TEST_ASSERT(sign_is_valid(&X)); 572 TEST_ASSERT(sign_is_valid(&Y)); 573 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 574 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0); 575 576 exit: 577 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 578 mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0); 579 } 580 /* END_CASE */ 581 582 /* BEGIN_CASE */ 583 void mpi_swap_self(char *X_hex) 584 { 585 mbedtls_mpi X, X0; 586 mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0); 587 588 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 589 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 590 591 mbedtls_mpi_swap(&X, &X); 592 TEST_ASSERT(sign_is_valid(&X)); 593 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 594 595 exit: 596 mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0); 597 } 598 /* END_CASE */ 599 600 /* BEGIN_CASE */ 601 void mpi_shrink(int before, int used, int min, int after) 602 { 603 mbedtls_mpi X; 604 mbedtls_mpi_init(&X); 605 606 TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0); 607 if (used > 0) { 608 size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint); 609 TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0); 610 } 611 TEST_EQUAL(X.n, (size_t) before); 612 TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0); 613 TEST_EQUAL(X.n, (size_t) after); 614 615 exit: 616 mbedtls_mpi_free(&X); 617 } 618 /* END_CASE */ 619 620 /* BEGIN_CASE */ 621 void mpi_add_mpi(char *input_X, char *input_Y, 622 char *input_A) 623 { 624 mbedtls_mpi X, Y, Z, A; 625 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 626 627 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 628 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 629 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 630 TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0); 631 TEST_ASSERT(sign_is_valid(&Z)); 632 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 633 634 /* result == first operand */ 635 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0); 636 TEST_ASSERT(sign_is_valid(&X)); 637 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 638 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 639 640 /* result == second operand */ 641 TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0); 642 TEST_ASSERT(sign_is_valid(&Y)); 643 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 644 645 exit: 646 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 647 } 648 /* END_CASE */ 649 650 /* BEGIN_CASE */ 651 void mpi_add_mpi_inplace(char *input_X, char *input_A) 652 { 653 mbedtls_mpi X, A; 654 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 655 656 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 657 658 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 659 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0); 660 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0); 661 TEST_ASSERT(sign_is_valid(&X)); 662 663 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 664 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0); 665 TEST_ASSERT(sign_is_valid(&X)); 666 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 667 668 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 669 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0); 670 TEST_ASSERT(sign_is_valid(&X)); 671 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 672 673 exit: 674 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 675 } 676 /* END_CASE */ 677 678 679 /* BEGIN_CASE */ 680 void mpi_add_abs(char *input_X, char *input_Y, 681 char *input_A) 682 { 683 mbedtls_mpi X, Y, Z, A; 684 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 685 686 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 687 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 688 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 689 TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0); 690 TEST_ASSERT(sign_is_valid(&Z)); 691 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 692 693 /* result == first operand */ 694 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0); 695 TEST_ASSERT(sign_is_valid(&X)); 696 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 697 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 698 699 /* result == second operand */ 700 TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0); 701 TEST_ASSERT(sign_is_valid(&Y)); 702 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 703 704 exit: 705 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 706 } 707 /* END_CASE */ 708 709 /* BEGIN_CASE */ 710 void mpi_add_int(char *input_X, int input_Y, 711 char *input_A) 712 { 713 mbedtls_mpi X, Z, A; 714 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 715 716 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 717 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 718 TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0); 719 TEST_ASSERT(sign_is_valid(&Z)); 720 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 721 722 exit: 723 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 724 } 725 /* END_CASE */ 726 727 /* BEGIN_CASE */ 728 void mpi_sub_mpi(char *input_X, char *input_Y, 729 char *input_A) 730 { 731 mbedtls_mpi X, Y, Z, A; 732 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 733 734 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 735 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 736 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 737 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0); 738 TEST_ASSERT(sign_is_valid(&Z)); 739 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 740 741 /* result == first operand */ 742 TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0); 743 TEST_ASSERT(sign_is_valid(&X)); 744 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 745 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 746 747 /* result == second operand */ 748 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0); 749 TEST_ASSERT(sign_is_valid(&Y)); 750 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 751 752 exit: 753 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 754 } 755 /* END_CASE */ 756 757 /* BEGIN_CASE */ 758 void mpi_sub_abs(char *input_X, char *input_Y, 759 char *input_A, int sub_result) 760 { 761 mbedtls_mpi X, Y, Z, A; 762 int res; 763 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 764 765 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 766 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 767 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 768 769 res = mbedtls_mpi_sub_abs(&Z, &X, &Y); 770 TEST_ASSERT(res == sub_result); 771 TEST_ASSERT(sign_is_valid(&Z)); 772 if (res == 0) { 773 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 774 } 775 776 /* result == first operand */ 777 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result); 778 TEST_ASSERT(sign_is_valid(&X)); 779 if (sub_result == 0) { 780 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 781 } 782 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 783 784 /* result == second operand */ 785 TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result); 786 TEST_ASSERT(sign_is_valid(&Y)); 787 if (sub_result == 0) { 788 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 789 } 790 791 exit: 792 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 793 } 794 /* END_CASE */ 795 796 /* BEGIN_CASE */ 797 void mpi_sub_int(char *input_X, int input_Y, 798 char *input_A) 799 { 800 mbedtls_mpi X, Z, A; 801 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 802 803 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 804 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 805 TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0); 806 TEST_ASSERT(sign_is_valid(&Z)); 807 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 808 809 exit: 810 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 811 } 812 /* END_CASE */ 813 814 /* BEGIN_CASE */ 815 void mpi_mul_mpi(char *input_X, char *input_Y, 816 char *input_A) 817 { 818 mbedtls_mpi X, Y, Z, A; 819 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 820 821 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 822 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 823 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 824 TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0); 825 TEST_ASSERT(sign_is_valid(&Z)); 826 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 827 828 exit: 829 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 830 } 831 /* END_CASE */ 832 833 /* BEGIN_CASE */ 834 void mpi_mul_int(char *input_X, int input_Y, 835 char *input_A, char *result_comparison) 836 { 837 mbedtls_mpi X, Z, A; 838 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 839 840 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 841 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 842 TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0); 843 TEST_ASSERT(sign_is_valid(&Z)); 844 if (strcmp(result_comparison, "==") == 0) { 845 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 846 } else if (strcmp(result_comparison, "!=") == 0) { 847 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0); 848 } else { 849 TEST_FAIL("unknown operator"); 850 } 851 852 exit: 853 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 854 } 855 /* END_CASE */ 856 857 /* BEGIN_CASE */ 858 void mpi_div_mpi(char *input_X, char *input_Y, 859 char *input_A, char *input_B, 860 int div_result) 861 { 862 mbedtls_mpi X, Y, Q, R, A, B; 863 int res; 864 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); 865 mbedtls_mpi_init(&A); mbedtls_mpi_init(&B); 866 867 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 868 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 869 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 870 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 871 res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y); 872 TEST_ASSERT(res == div_result); 873 if (res == 0) { 874 TEST_ASSERT(sign_is_valid(&Q)); 875 TEST_ASSERT(sign_is_valid(&R)); 876 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 877 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 878 } 879 880 exit: 881 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); 882 mbedtls_mpi_free(&A); mbedtls_mpi_free(&B); 883 } 884 /* END_CASE */ 885 886 /* BEGIN_CASE */ 887 void mpi_div_int(char *input_X, int input_Y, 888 char *input_A, char *input_B, 889 int div_result) 890 { 891 mbedtls_mpi X, Q, R, A, B; 892 int res; 893 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A); 894 mbedtls_mpi_init(&B); 895 896 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 897 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 898 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 899 res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y); 900 TEST_ASSERT(res == div_result); 901 if (res == 0) { 902 TEST_ASSERT(sign_is_valid(&Q)); 903 TEST_ASSERT(sign_is_valid(&R)); 904 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 905 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 906 } 907 908 exit: 909 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A); 910 mbedtls_mpi_free(&B); 911 } 912 /* END_CASE */ 913 914 /* BEGIN_CASE */ 915 void mpi_mod_mpi(char *input_X, char *input_Y, 916 char *input_A, int div_result) 917 { 918 mbedtls_mpi X, Y, A; 919 int res; 920 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A); 921 922 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 923 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 924 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 925 res = mbedtls_mpi_mod_mpi(&X, &X, &Y); 926 TEST_ASSERT(res == div_result); 927 if (res == 0) { 928 TEST_ASSERT(sign_is_valid(&X)); 929 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 930 } 931 932 exit: 933 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A); 934 } 935 /* END_CASE */ 936 937 /* BEGIN_CASE */ 938 void mpi_mod_int(char *input_X, mbedtls_mpi_sint y, 939 mbedtls_mpi_sint a, int mod_result) 940 { 941 mbedtls_mpi X; 942 int res; 943 mbedtls_mpi_uint r; 944 945 mbedtls_mpi_init(&X); 946 947 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 948 949 res = mbedtls_mpi_mod_int(&r, &X, y); 950 TEST_EQUAL(res, mod_result); 951 if (res == 0) { 952 TEST_EQUAL(r, a); 953 } 954 955 exit: 956 mbedtls_mpi_free(&X); 957 } 958 /* END_CASE */ 959 960 /* BEGIN_CASE */ 961 void mpi_exp_mod_min_RR(char *input_A, char *input_E, 962 char *input_N, char *input_X, 963 int exp_result) 964 { 965 mbedtls_mpi A, E, N, RR, Z, X; 966 int res; 967 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 968 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 969 970 TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0); 971 TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); 972 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); 973 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 974 975 TEST_EQUAL(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N), 0); 976 TEST_EQUAL(mbedtls_mpi_shrink(&RR, 0), 0); 977 /* The objective of this test is to check that exp_mod defends 978 * against a smaller RR. */ 979 TEST_LE_U(RR.n, N.n - 1); 980 981 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 982 mbedtls_codepath_reset(); 983 #endif 984 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 985 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 986 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_SECRET, res, E); 987 #endif 988 /* We know that exp_mod internally needs RR to be as large as N. 989 * Validate that it is the case now, otherwise there was probably 990 * a buffer overread. */ 991 TEST_EQUAL(RR.n, N.n); 992 993 TEST_EQUAL(res, exp_result); 994 if (res == 0) { 995 TEST_EQUAL(sign_is_valid(&Z), 1); 996 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &X), 0); 997 } 998 999 exit: 1000 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1001 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1002 } 1003 /* END_CASE */ 1004 1005 /* BEGIN_CASE */ 1006 void mpi_exp_mod(char *input_A, char *input_E, 1007 char *input_N, char *input_X, 1008 int exp_result) 1009 { 1010 mbedtls_mpi A, E, N, RR, Z, X; 1011 int res; 1012 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1013 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 1014 1015 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1016 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1017 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1018 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1019 1020 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1021 mbedtls_codepath_reset(); 1022 #endif 1023 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL); 1024 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1025 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_SECRET, res, E); 1026 #endif 1027 TEST_ASSERT(res == exp_result); 1028 if (res == 0) { 1029 TEST_ASSERT(sign_is_valid(&Z)); 1030 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1031 } 1032 1033 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1034 mbedtls_codepath_reset(); 1035 #endif 1036 res = mbedtls_mpi_exp_mod_unsafe(&Z, &A, &E, &N, NULL); 1037 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1038 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_PUBLIC, res, E); 1039 #endif 1040 TEST_ASSERT(res == exp_result); 1041 if (res == 0) { 1042 TEST_ASSERT(sign_is_valid(&Z)); 1043 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1044 } 1045 1046 /* Now test again with the speed-up parameter supplied as an output. */ 1047 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1048 mbedtls_codepath_reset(); 1049 #endif 1050 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1051 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1052 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_SECRET, res, E); 1053 #endif 1054 TEST_ASSERT(res == exp_result); 1055 if (res == 0) { 1056 TEST_ASSERT(sign_is_valid(&Z)); 1057 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1058 } 1059 1060 /* Now test again with the speed-up parameter supplied in calculated form. */ 1061 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1062 mbedtls_codepath_reset(); 1063 #endif 1064 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1065 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1066 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_SECRET, res, E); 1067 #endif 1068 TEST_ASSERT(res == exp_result); 1069 if (res == 0) { 1070 TEST_ASSERT(sign_is_valid(&Z)); 1071 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1072 } 1073 1074 exit: 1075 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1076 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1077 } 1078 /* END_CASE */ 1079 1080 /* BEGIN_CASE */ 1081 void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes, 1082 char *input_RR, int exp_result) 1083 { 1084 mbedtls_mpi A, E, N, RR, Z; 1085 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1086 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); 1087 1088 /* Set A to 2^(A_bytes - 1) + 1 */ 1089 TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0); 1090 TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0); 1091 TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0); 1092 1093 /* Set E to 2^(E_bytes - 1) + 1 */ 1094 TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0); 1095 TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0); 1096 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0); 1097 1098 /* Set N to 2^(N_bytes - 1) + 1 */ 1099 TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0); 1100 TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0); 1101 TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0); 1102 1103 if (strlen(input_RR)) { 1104 TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0); 1105 } 1106 1107 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1108 mbedtls_codepath_reset(); 1109 #endif 1110 TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result); 1111 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1112 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_SECRET, exp_result, E); 1113 #endif 1114 1115 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1116 mbedtls_codepath_reset(); 1117 #endif 1118 TEST_ASSERT(mbedtls_mpi_exp_mod_unsafe(&Z, &A, &E, &N, &RR) == exp_result); 1119 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 1120 ASSERT_BIGNUM_CODEPATH(MBEDTLS_MPI_IS_PUBLIC, exp_result, E); 1121 #endif 1122 1123 exit: 1124 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1125 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); 1126 } 1127 /* END_CASE */ 1128 1129 /* BEGIN_CASE */ 1130 void mpi_inv_mod(char *input_X, char *input_Y, 1131 char *input_A, int div_result) 1132 { 1133 mbedtls_mpi X, Y, Z, A; 1134 int res; 1135 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1136 1137 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1138 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1139 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1140 res = mbedtls_mpi_inv_mod(&Z, &X, &Y); 1141 TEST_ASSERT(res == div_result); 1142 if (res == 0) { 1143 TEST_ASSERT(sign_is_valid(&Z)); 1144 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1145 } 1146 1147 exit: 1148 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1149 } 1150 /* END_CASE */ 1151 1152 /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1153 void mpi_is_prime(char *input_X, int div_result) 1154 { 1155 mbedtls_mpi X; 1156 int res; 1157 mbedtls_mpi_init(&X); 1158 1159 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1160 res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL); 1161 TEST_ASSERT(res == div_result); 1162 1163 exit: 1164 mbedtls_mpi_free(&X); 1165 } 1166 /* END_CASE */ 1167 1168 /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1169 void mpi_is_prime_det(data_t *input_X, data_t *witnesses, 1170 int chunk_len, int rounds) 1171 { 1172 mbedtls_mpi X; 1173 int res; 1174 mbedtls_test_mpi_random rand; 1175 1176 mbedtls_mpi_init(&X); 1177 rand.data = witnesses; 1178 rand.pos = 0; 1179 rand.chunk_len = chunk_len; 1180 1181 TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0); 1182 res = mbedtls_mpi_is_prime_ext(&X, rounds - 1, 1183 mbedtls_test_mpi_miller_rabin_determinizer, 1184 &rand); 1185 TEST_ASSERT(res == 0); 1186 1187 rand.data = witnesses; 1188 rand.pos = 0; 1189 rand.chunk_len = chunk_len; 1190 1191 res = mbedtls_mpi_is_prime_ext(&X, rounds, 1192 mbedtls_test_mpi_miller_rabin_determinizer, 1193 &rand); 1194 TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); 1195 1196 exit: 1197 mbedtls_mpi_free(&X); 1198 } 1199 /* END_CASE */ 1200 1201 /* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1202 void mpi_gen_prime(int bits, int flags, int ref_ret) 1203 { 1204 mbedtls_mpi X; 1205 int my_ret; 1206 1207 mbedtls_mpi_init(&X); 1208 1209 my_ret = mbedtls_mpi_gen_prime(&X, bits, flags, 1210 mbedtls_test_rnd_std_rand, NULL); 1211 TEST_ASSERT(my_ret == ref_ret); 1212 1213 if (ref_ret == 0) { 1214 size_t actual_bits = mbedtls_mpi_bitlen(&X); 1215 1216 TEST_ASSERT(actual_bits >= (size_t) bits); 1217 TEST_ASSERT(actual_bits <= (size_t) bits + 1); 1218 TEST_ASSERT(sign_is_valid(&X)); 1219 1220 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1221 mbedtls_test_rnd_std_rand, 1222 NULL) == 0); 1223 if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) { 1224 /* X = ( X - 1 ) / 2 */ 1225 TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0); 1226 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1227 mbedtls_test_rnd_std_rand, 1228 NULL) == 0); 1229 } 1230 } 1231 1232 exit: 1233 mbedtls_mpi_free(&X); 1234 } 1235 /* END_CASE */ 1236 1237 /* BEGIN_CASE */ 1238 void mpi_shift_l(char *input_X, int shift_X, 1239 char *input_A) 1240 { 1241 mbedtls_mpi X, A; 1242 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1243 1244 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1245 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1246 TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0); 1247 TEST_ASSERT(sign_is_valid(&X)); 1248 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1249 1250 exit: 1251 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1252 } 1253 /* END_CASE */ 1254 1255 /* BEGIN_CASE */ 1256 void mpi_shift_r(char *input_X, int shift_X, 1257 char *input_A) 1258 { 1259 mbedtls_mpi X, A; 1260 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1261 1262 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1263 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1264 TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0); 1265 TEST_ASSERT(sign_is_valid(&X)); 1266 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1267 1268 exit: 1269 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1270 } 1271 /* END_CASE */ 1272 1273 /* BEGIN_CASE */ 1274 void mpi_fill_random(int wanted_bytes, int rng_bytes, 1275 int before, int expected_ret) 1276 { 1277 mbedtls_mpi X; 1278 int ret; 1279 size_t bytes_left = rng_bytes; 1280 mbedtls_mpi_init(&X); 1281 1282 if (before != 0) { 1283 /* Set X to sign(before) * 2^(|before|-1) */ 1284 TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0); 1285 if (before < 0) { 1286 before = -before; 1287 } 1288 TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0); 1289 } 1290 1291 ret = mbedtls_mpi_fill_random(&X, wanted_bytes, 1292 f_rng_bytes_left, &bytes_left); 1293 TEST_ASSERT(ret == expected_ret); 1294 1295 if (expected_ret == 0) { 1296 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1297 * as a big-endian representation of the number. We know when 1298 * our RNG function returns null bytes, so we know how many 1299 * leading zero bytes the number has. */ 1300 size_t leading_zeros = 0; 1301 if (wanted_bytes > 0 && rng_bytes % 256 == 0) { 1302 leading_zeros = 1; 1303 } 1304 TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros == 1305 (size_t) wanted_bytes); 1306 TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes); 1307 TEST_ASSERT(sign_is_valid(&X)); 1308 } 1309 1310 exit: 1311 mbedtls_mpi_free(&X); 1312 } 1313 /* END_CASE */ 1314 1315 /* BEGIN_CASE */ 1316 void most_negative_mpi_sint() 1317 { 1318 /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We 1319 * guarantee that mbedtls_mpi_sint is a two's complement type, so this 1320 * is a valid value. However, negating it (`-n`) has undefined behavior 1321 * (although in practice `-n` evaluates to the value n). 1322 * 1323 * This function has ad hoc tests for this value. It's separated from other 1324 * functions because the test framework makes it hard to pass this value 1325 * into test cases. 1326 * 1327 * In the comments here: 1328 * - biL = number of bits in limbs 1329 * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) 1330 * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) 1331 */ 1332 1333 mbedtls_mpi A, R, X; 1334 mbedtls_mpi_init(&A); 1335 mbedtls_mpi_init(&R); 1336 mbedtls_mpi_init(&X); 1337 1338 mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1); 1339 const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; 1340 const mbedtls_mpi_sint most_negative = -most_positive - 1; 1341 TEST_EQUAL((mbedtls_mpi_uint) most_negative, 1342 (mbedtls_mpi_uint) 1 << (biL - 1)); 1343 TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0); 1344 1345 /* Test mbedtls_mpi_lset() */ 1346 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1347 TEST_EQUAL(A.s, -1); 1348 TEST_EQUAL(A.n, 1); 1349 TEST_EQUAL(A.p[0], most_positive_plus_1); 1350 1351 /* Test mbedtls_mpi_cmp_int(): -p == -p */ 1352 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0); 1353 1354 /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ 1355 A.p[0] = most_positive_plus_1 + 1; 1356 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1); 1357 1358 /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ 1359 A.p[0] = most_positive_plus_1 - 1; 1360 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1); 1361 1362 /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ 1363 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1364 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1365 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1366 1367 /* Test mbedtls_mpi_add_int(): (0) + (-p) */ 1368 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1369 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1370 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0); 1371 1372 /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ 1373 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1374 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1375 TEST_EQUAL(X.s, -1); 1376 TEST_EQUAL(X.n, 2); 1377 TEST_EQUAL(X.p[0], 0); 1378 TEST_EQUAL(X.p[1], 1); 1379 1380 /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ 1381 mbedtls_mpi_free(&X); 1382 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1383 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1384 TEST_EQUAL(X.s, 1); 1385 TEST_EQUAL(X.n, 1); 1386 TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0); 1387 1388 /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ 1389 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1390 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1391 TEST_EQUAL(X.s, 1); 1392 TEST_EQUAL(X.n, 1); 1393 TEST_EQUAL(X.p[0], most_positive_plus_1); 1394 1395 /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ 1396 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1397 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1398 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1399 1400 /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ 1401 TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0); 1402 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1403 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1404 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1405 1406 /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ 1407 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1408 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1409 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1410 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1411 1412 /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ 1413 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1414 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1415 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0); 1416 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1417 1418 /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ 1419 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1420 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1421 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1422 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1423 1424 /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ 1425 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1426 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1427 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1428 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0); 1429 1430 /* Test mbedtls_mpi_div_int(): (p) / (-p) */ 1431 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1432 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1433 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1434 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1435 1436 /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ 1437 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1438 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1439 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0); 1440 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1441 1442 /* Test mbedtls_mpi_mod_int(): never valid */ 1443 TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative), 1444 MBEDTLS_ERR_MPI_NEGATIVE_VALUE); 1445 1446 /* Test mbedtls_mpi_random(): never valid */ 1447 TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A, 1448 mbedtls_test_rnd_std_rand, NULL), 1449 MBEDTLS_ERR_MPI_BAD_INPUT_DATA); 1450 1451 exit: 1452 mbedtls_mpi_free(&A); 1453 mbedtls_mpi_free(&R); 1454 mbedtls_mpi_free(&X); 1455 } 1456 /* END_CASE */ 1457 1458 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1459 void mpi_selftest() 1460 { 1461 TEST_ASSERT(mbedtls_mpi_self_test(1) == 0); 1462 } 1463 /* END_CASE */