1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/entropy.h" 4#include "constant_time_internal.h" 5#include "bignum_core.h" 6#include "test/constant_flow.h" 7 8#if MBEDTLS_MPI_MAX_BITS > 792 9#define MPI_MAX_BITS_LARGER_THAN_792 10#endif 11 12/* Check the validity of the sign bit in an MPI object. Reject representations 13 * that are not supported by the rest of the library and indicate a bug when 14 * constructing the value. */ 15static int sign_is_valid(const mbedtls_mpi *X) 16{ 17 /* Only +1 and -1 are valid sign bits, not e.g. 0 */ 18 if (X->s != 1 && X->s != -1) { 19 return 0; 20 } 21 22 /* The value 0 must be represented with the sign +1. A "negative zero" 23 * with s=-1 is an invalid representation. Forbid that. As an exception, 24 * we sometimes test the robustness of library functions when given 25 * a negative zero input. If a test case has a negative zero as input, 26 * we don't mind if the function has a negative zero output. */ 27 if (!mbedtls_test_get_case_uses_negative_0() && 28 mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { 29 return 0; 30 } 31 32 return 1; 33} 34 35typedef struct mbedtls_test_mpi_random { 36 data_t *data; 37 size_t pos; 38 size_t chunk_len; 39} mbedtls_test_mpi_random; 40 41/* 42 * This function is called by the Miller-Rabin primality test each time it 43 * chooses a random witness. The witnesses (or non-witnesses as provided by the 44 * test) are stored in the data member of the state structure. Each number is in 45 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 46 */ 47int mbedtls_test_mpi_miller_rabin_determinizer(void *state, 48 unsigned char *buf, 49 size_t len) 50{ 51 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; 52 53 if (random == NULL || random->data->x == NULL || buf == NULL) { 54 return -1; 55 } 56 57 if (random->pos + random->chunk_len > random->data->len 58 || random->chunk_len > len) { 59 return -1; 60 } 61 62 memset(buf, 0, len); 63 64 /* The witness is written to the end of the buffer, since the buffer is 65 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 66 * Writing the witness to the start of the buffer would result in the 67 * buffer being 'witness 000...000', which would be treated as 68 * witness * 2^n for some n. */ 69 memcpy(buf + len - random->chunk_len, &random->data->x[random->pos], 70 random->chunk_len); 71 72 random->pos += random->chunk_len; 73 74 return 0; 75} 76 77/* Random generator that is told how many bytes to return. */ 78static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) 79{ 80 size_t *bytes_left = state; 81 size_t i; 82 for (i = 0; i < len; i++) { 83 if (*bytes_left == 0) { 84 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 85 } 86 buf[i] = *bytes_left & 0xff; 87 --(*bytes_left); 88 } 89 return 0; 90} 91 92/* END_HEADER */ 93 94/* BEGIN_DEPENDENCIES 95 * depends_on:MBEDTLS_BIGNUM_C 96 * END_DEPENDENCIES 97 */ 98 99/* BEGIN_CASE */ 100void mpi_null() 101{ 102 mbedtls_mpi X, Y, Z; 103 104 mbedtls_mpi_init(&X); 105 mbedtls_mpi_init(&Y); 106 mbedtls_mpi_init(&Z); 107 108 TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0); 109 TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0); 110 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0); 111 TEST_ASSERT(mbedtls_mpi_size(&X) == 0); 112 113exit: 114 mbedtls_mpi_free(&X); 115} 116/* END_CASE */ 117 118/* BEGIN_CASE */ 119void mpi_read_write_string(int radix_X, char *input_X, int radix_A, 120 char *input_A, int output_size, int result_read, 121 int result_write) 122{ 123 mbedtls_mpi X; 124 char str[1000]; 125 size_t len; 126 127 mbedtls_mpi_init(&X); 128 129 memset(str, '!', sizeof(str)); 130 131 TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read); 132 if (result_read == 0) { 133 TEST_ASSERT(sign_is_valid(&X)); 134 TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write); 135 if (result_write == 0) { 136 TEST_ASSERT(strcmp(str, input_A) == 0); 137 TEST_ASSERT(str[len] == '!'); 138 } 139 } 140 141exit: 142 mbedtls_mpi_free(&X); 143} 144/* END_CASE */ 145 146/* BEGIN_CASE */ 147void mpi_zero_length_buffer_is_null() 148{ 149 mbedtls_mpi X; 150 size_t olen; 151 152 mbedtls_mpi_init(&X); 153 154 /* Simply test that the following functions do not crash when a NULL buffer 155 * pointer and 0 length is passed. We don't care much about the return value. */ 156 TEST_EQUAL(mbedtls_mpi_read_binary(&X, NULL, 0), 0); 157 TEST_EQUAL(mbedtls_mpi_read_binary_le(&X, NULL, 0), 0); 158 TEST_EQUAL(mbedtls_mpi_write_string(&X, 16, NULL, 0, &olen), MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); 159 TEST_EQUAL(mbedtls_mpi_write_binary(&X, NULL, 0), 0); 160 161exit: 162 mbedtls_mpi_free(&X); 163} 164/* END_CASE */ 165 166/* BEGIN_CASE */ 167void mpi_read_binary(data_t *buf, char *input_A) 168{ 169 mbedtls_mpi X; 170 char str[1000]; 171 size_t len; 172 173 mbedtls_mpi_init(&X); 174 175 176 TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0); 177 TEST_ASSERT(sign_is_valid(&X)); 178 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 179 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 180 181exit: 182 mbedtls_mpi_free(&X); 183} 184/* END_CASE */ 185 186/* BEGIN_CASE */ 187void mpi_read_binary_le(data_t *buf, char *input_A) 188{ 189 mbedtls_mpi X; 190 char str[1000]; 191 size_t len; 192 193 mbedtls_mpi_init(&X); 194 195 196 TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0); 197 TEST_ASSERT(sign_is_valid(&X)); 198 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 199 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 200 201exit: 202 mbedtls_mpi_free(&X); 203} 204/* END_CASE */ 205 206/* BEGIN_CASE */ 207void mpi_write_binary(char *input_X, data_t *input_A, 208 int output_size, int result) 209{ 210 mbedtls_mpi X; 211 unsigned char buf[1000]; 212 size_t buflen; 213 214 memset(buf, 0x00, 1000); 215 216 mbedtls_mpi_init(&X); 217 218 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 219 220 buflen = mbedtls_mpi_size(&X); 221 if (buflen > (size_t) output_size) { 222 buflen = (size_t) output_size; 223 } 224 225 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result); 226 if (result == 0) { 227 228 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 229 buflen, input_A->len) == 0); 230 } 231 232exit: 233 mbedtls_mpi_free(&X); 234} 235/* END_CASE */ 236 237/* BEGIN_CASE */ 238void mpi_write_binary_le(char *input_X, data_t *input_A, 239 int output_size, int result) 240{ 241 mbedtls_mpi X; 242 unsigned char buf[1000]; 243 size_t buflen; 244 245 memset(buf, 0x00, 1000); 246 247 mbedtls_mpi_init(&X); 248 249 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 250 251 buflen = mbedtls_mpi_size(&X); 252 if (buflen > (size_t) output_size) { 253 buflen = (size_t) output_size; 254 } 255 256 TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result); 257 if (result == 0) { 258 259 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 260 buflen, input_A->len) == 0); 261 } 262 263exit: 264 mbedtls_mpi_free(&X); 265} 266/* END_CASE */ 267 268/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 269void mpi_read_file(char *input_file, data_t *input_A, int result) 270{ 271 mbedtls_mpi X; 272 unsigned char buf[1000]; 273 size_t buflen; 274 FILE *file; 275 int ret; 276 277 memset(buf, 0x00, 1000); 278 279 mbedtls_mpi_init(&X); 280 281 file = fopen(input_file, "r"); 282 TEST_ASSERT(file != NULL); 283 ret = mbedtls_mpi_read_file(&X, 16, file); 284 fclose(file); 285 TEST_ASSERT(ret == result); 286 287 if (result == 0) { 288 TEST_ASSERT(sign_is_valid(&X)); 289 buflen = mbedtls_mpi_size(&X); 290 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0); 291 292 293 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 294 buflen, input_A->len) == 0); 295 } 296 297exit: 298 mbedtls_mpi_free(&X); 299} 300/* END_CASE */ 301 302/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 303void mpi_write_file(char *input_X, char *output_file) 304{ 305 mbedtls_mpi X, Y; 306 FILE *file_out, *file_in; 307 int ret; 308 309 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 310 311 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 312 313 file_out = fopen(output_file, "w"); 314 TEST_ASSERT(file_out != NULL); 315 ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out); 316 fclose(file_out); 317 TEST_ASSERT(ret == 0); 318 319 file_in = fopen(output_file, "r"); 320 TEST_ASSERT(file_in != NULL); 321 ret = mbedtls_mpi_read_file(&Y, 16, file_in); 322 fclose(file_in); 323 TEST_ASSERT(ret == 0); 324 325 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 326 327exit: 328 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 329} 330/* END_CASE */ 331 332/* BEGIN_CASE */ 333void mpi_get_bit(char *input_X, int pos, int val) 334{ 335 mbedtls_mpi X; 336 mbedtls_mpi_init(&X); 337 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 338 TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val); 339 340exit: 341 mbedtls_mpi_free(&X); 342} 343/* END_CASE */ 344 345/* BEGIN_CASE */ 346void mpi_set_bit(char *input_X, int pos, int val, 347 char *output_Y, int result) 348{ 349 mbedtls_mpi X, Y; 350 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 351 352 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 353 TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0); 354 TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result); 355 356 if (result == 0) { 357 TEST_ASSERT(sign_is_valid(&X)); 358 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 359 } 360 361exit: 362 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 363} 364/* END_CASE */ 365 366/* BEGIN_CASE */ 367void mpi_lsb(char *input_X, int nr_bits) 368{ 369 mbedtls_mpi X; 370 mbedtls_mpi_init(&X); 371 372 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 373 TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits); 374 375exit: 376 mbedtls_mpi_free(&X); 377} 378/* END_CASE */ 379 380/* BEGIN_CASE */ 381void mpi_bitlen(char *input_X, int nr_bits) 382{ 383 mbedtls_mpi X; 384 mbedtls_mpi_init(&X); 385 386 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 387 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits); 388 389exit: 390 mbedtls_mpi_free(&X); 391} 392/* END_CASE */ 393 394/* BEGIN_CASE */ 395void mpi_gcd(char *input_X, char *input_Y, 396 char *input_A) 397{ 398 mbedtls_mpi A, X, Y, Z; 399 mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 400 401 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 402 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 403 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 404 TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0); 405 TEST_ASSERT(sign_is_valid(&Z)); 406 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 407 408exit: 409 mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 410} 411/* END_CASE */ 412 413/* BEGIN_CASE */ 414void mpi_cmp_int(int input_X, int input_A, int result_CMP) 415{ 416 mbedtls_mpi X; 417 mbedtls_mpi_init(&X); 418 419 TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0); 420 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP); 421 422exit: 423 mbedtls_mpi_free(&X); 424} 425/* END_CASE */ 426 427/* BEGIN_CASE */ 428void mpi_cmp_mpi(char *input_X, char *input_Y, 429 int input_A) 430{ 431 mbedtls_mpi X, Y; 432 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 433 434 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 435 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 436 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A); 437 438exit: 439 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 440} 441/* END_CASE */ 442 443/* BEGIN_CASE */ 444void mpi_lt_mpi_ct(int size_X, char *input_X, 445 int size_Y, char *input_Y, 446 int input_ret, int input_err) 447{ 448 unsigned ret = -1; 449 unsigned input_uret = input_ret; 450 mbedtls_mpi X, Y; 451 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 452 453 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 454 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 455 456 TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0); 457 TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0); 458 459 TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err); 460 if (input_err == 0) { 461 TEST_EQUAL(ret, input_uret); 462 } 463 464exit: 465 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 466} 467/* END_CASE */ 468 469/* BEGIN_CASE */ 470void mpi_cmp_abs(char *input_X, char *input_Y, 471 int input_A) 472{ 473 mbedtls_mpi X, Y; 474 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 475 476 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 477 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 478 TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A); 479 480exit: 481 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 482} 483/* END_CASE */ 484 485/* BEGIN_CASE */ 486void mpi_copy(char *src_hex, char *dst_hex) 487{ 488 mbedtls_mpi src, dst, ref; 489 mbedtls_mpi_init(&src); 490 mbedtls_mpi_init(&dst); 491 mbedtls_mpi_init(&ref); 492 493 TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0); 494 TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0); 495 496 /* mbedtls_mpi_copy() */ 497 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 498 TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0); 499 TEST_ASSERT(sign_is_valid(&dst)); 500 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 501 502 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 503 mbedtls_mpi_free(&dst); 504 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 505 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0); 506 TEST_ASSERT(sign_is_valid(&dst)); 507 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 508 509 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 510 mbedtls_mpi_free(&dst); 511 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 512 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0); 513 TEST_ASSERT(sign_is_valid(&dst)); 514 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0); 515 516exit: 517 mbedtls_mpi_free(&src); 518 mbedtls_mpi_free(&dst); 519 mbedtls_mpi_free(&ref); 520} 521/* END_CASE */ 522 523/* BEGIN_CASE */ 524void mpi_copy_self(char *input_X) 525{ 526 mbedtls_mpi X, A; 527 mbedtls_mpi_init(&A); 528 mbedtls_mpi_init(&X); 529 530 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 531 TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0); 532 533 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0); 534 TEST_ASSERT(sign_is_valid(&X)); 535 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 536 537exit: 538 mbedtls_mpi_free(&A); 539 mbedtls_mpi_free(&X); 540} 541/* END_CASE */ 542 543/* BEGIN_CASE */ 544void mpi_swap(char *X_hex, char *Y_hex) 545{ 546 mbedtls_mpi X, Y, X0, Y0; 547 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 548 mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0); 549 550 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 551 TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0); 552 553 /* mbedtls_mpi_swap() */ 554 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 555 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 556 mbedtls_mpi_swap(&X, &Y); 557 TEST_ASSERT(sign_is_valid(&X)); 558 TEST_ASSERT(sign_is_valid(&Y)); 559 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 560 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 561 562 /* mbedtls_mpi_safe_cond_swap(), swap done */ 563 mbedtls_mpi_free(&X); 564 mbedtls_mpi_free(&Y); 565 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 566 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 567 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0); 568 TEST_ASSERT(sign_is_valid(&X)); 569 TEST_ASSERT(sign_is_valid(&Y)); 570 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 571 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 572 573 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 574 mbedtls_mpi_free(&X); 575 mbedtls_mpi_free(&Y); 576 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 577 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 578 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0); 579 TEST_ASSERT(sign_is_valid(&X)); 580 TEST_ASSERT(sign_is_valid(&Y)); 581 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 582 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0); 583 584exit: 585 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 586 mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0); 587} 588/* END_CASE */ 589 590/* BEGIN_CASE */ 591void mpi_swap_self(char *X_hex) 592{ 593 mbedtls_mpi X, X0; 594 mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0); 595 596 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 597 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 598 599 mbedtls_mpi_swap(&X, &X); 600 TEST_ASSERT(sign_is_valid(&X)); 601 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 602 603exit: 604 mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0); 605} 606/* END_CASE */ 607 608/* BEGIN_CASE */ 609void mpi_shrink(int before, int used, int min, int after) 610{ 611 mbedtls_mpi X; 612 mbedtls_mpi_init(&X); 613 614 TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0); 615 if (used > 0) { 616 size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint); 617 TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0); 618 } 619 TEST_EQUAL(X.n, (size_t) before); 620 TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0); 621 TEST_EQUAL(X.n, (size_t) after); 622 623exit: 624 mbedtls_mpi_free(&X); 625} 626/* END_CASE */ 627 628/* BEGIN_CASE */ 629void mpi_add_mpi(char *input_X, char *input_Y, 630 char *input_A) 631{ 632 mbedtls_mpi X, Y, Z, A; 633 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 634 635 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 636 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 637 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 638 TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0); 639 TEST_ASSERT(sign_is_valid(&Z)); 640 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 641 642 /* result == first operand */ 643 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0); 644 TEST_ASSERT(sign_is_valid(&X)); 645 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 646 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 647 648 /* result == second operand */ 649 TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0); 650 TEST_ASSERT(sign_is_valid(&Y)); 651 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 652 653exit: 654 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 655} 656/* END_CASE */ 657 658/* BEGIN_CASE */ 659void mpi_add_mpi_inplace(char *input_X, char *input_A) 660{ 661 mbedtls_mpi X, A; 662 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 663 664 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 665 666 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 667 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0); 668 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0); 669 TEST_ASSERT(sign_is_valid(&X)); 670 671 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 672 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0); 673 TEST_ASSERT(sign_is_valid(&X)); 674 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 675 676 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 677 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0); 678 TEST_ASSERT(sign_is_valid(&X)); 679 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 680 681exit: 682 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 683} 684/* END_CASE */ 685 686 687/* BEGIN_CASE */ 688void mpi_add_abs(char *input_X, char *input_Y, 689 char *input_A) 690{ 691 mbedtls_mpi X, Y, Z, A; 692 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 693 694 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 695 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 696 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 697 TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0); 698 TEST_ASSERT(sign_is_valid(&Z)); 699 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 700 701 /* result == first operand */ 702 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0); 703 TEST_ASSERT(sign_is_valid(&X)); 704 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 705 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 706 707 /* result == second operand */ 708 TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0); 709 TEST_ASSERT(sign_is_valid(&Y)); 710 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 711 712exit: 713 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 714} 715/* END_CASE */ 716 717/* BEGIN_CASE */ 718void mpi_add_int(char *input_X, int input_Y, 719 char *input_A) 720{ 721 mbedtls_mpi X, Z, A; 722 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 723 724 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 725 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 726 TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0); 727 TEST_ASSERT(sign_is_valid(&Z)); 728 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 729 730exit: 731 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 732} 733/* END_CASE */ 734 735/* BEGIN_CASE */ 736void mpi_sub_mpi(char *input_X, char *input_Y, 737 char *input_A) 738{ 739 mbedtls_mpi X, Y, Z, A; 740 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 741 742 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 743 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 744 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 745 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0); 746 TEST_ASSERT(sign_is_valid(&Z)); 747 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 748 749 /* result == first operand */ 750 TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0); 751 TEST_ASSERT(sign_is_valid(&X)); 752 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 753 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 754 755 /* result == second operand */ 756 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0); 757 TEST_ASSERT(sign_is_valid(&Y)); 758 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 759 760exit: 761 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 762} 763/* END_CASE */ 764 765/* BEGIN_CASE */ 766void mpi_sub_abs(char *input_X, char *input_Y, 767 char *input_A, int sub_result) 768{ 769 mbedtls_mpi X, Y, Z, A; 770 int res; 771 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 772 773 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 774 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 775 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 776 777 res = mbedtls_mpi_sub_abs(&Z, &X, &Y); 778 TEST_ASSERT(res == sub_result); 779 TEST_ASSERT(sign_is_valid(&Z)); 780 if (res == 0) { 781 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 782 } 783 784 /* result == first operand */ 785 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result); 786 TEST_ASSERT(sign_is_valid(&X)); 787 if (sub_result == 0) { 788 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 789 } 790 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 791 792 /* result == second operand */ 793 TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result); 794 TEST_ASSERT(sign_is_valid(&Y)); 795 if (sub_result == 0) { 796 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 797 } 798 799exit: 800 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 801} 802/* END_CASE */ 803 804/* BEGIN_CASE */ 805void mpi_sub_int(char *input_X, int input_Y, 806 char *input_A) 807{ 808 mbedtls_mpi X, Z, A; 809 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 810 811 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 812 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 813 TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0); 814 TEST_ASSERT(sign_is_valid(&Z)); 815 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 816 817exit: 818 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 819} 820/* END_CASE */ 821 822/* BEGIN_CASE */ 823void mpi_mul_mpi(char *input_X, char *input_Y, 824 char *input_A) 825{ 826 mbedtls_mpi X, Y, Z, A; 827 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 828 829 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 830 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 831 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 832 TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0); 833 TEST_ASSERT(sign_is_valid(&Z)); 834 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 835 836exit: 837 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 838} 839/* END_CASE */ 840 841/* BEGIN_CASE */ 842void mpi_mul_int(char *input_X, int input_Y, 843 char *input_A, char *result_comparison) 844{ 845 mbedtls_mpi X, Z, A; 846 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 847 848 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 849 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 850 TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0); 851 TEST_ASSERT(sign_is_valid(&Z)); 852 if (strcmp(result_comparison, "==") == 0) { 853 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 854 } else if (strcmp(result_comparison, "!=") == 0) { 855 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0); 856 } else { 857 TEST_FAIL("unknown operator"); 858 } 859 860exit: 861 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 862} 863/* END_CASE */ 864 865/* BEGIN_CASE */ 866void mpi_div_mpi(char *input_X, char *input_Y, 867 char *input_A, char *input_B, 868 int div_result) 869{ 870 mbedtls_mpi X, Y, Q, R, A, B; 871 int res; 872 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); 873 mbedtls_mpi_init(&A); mbedtls_mpi_init(&B); 874 875 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 876 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 877 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 878 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 879 res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y); 880 TEST_ASSERT(res == div_result); 881 if (res == 0) { 882 TEST_ASSERT(sign_is_valid(&Q)); 883 TEST_ASSERT(sign_is_valid(&R)); 884 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 885 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 886 } 887 888exit: 889 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); 890 mbedtls_mpi_free(&A); mbedtls_mpi_free(&B); 891} 892/* END_CASE */ 893 894/* BEGIN_CASE */ 895void mpi_div_int(char *input_X, int input_Y, 896 char *input_A, char *input_B, 897 int div_result) 898{ 899 mbedtls_mpi X, Q, R, A, B; 900 int res; 901 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A); 902 mbedtls_mpi_init(&B); 903 904 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 905 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 906 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 907 res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y); 908 TEST_ASSERT(res == div_result); 909 if (res == 0) { 910 TEST_ASSERT(sign_is_valid(&Q)); 911 TEST_ASSERT(sign_is_valid(&R)); 912 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 913 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 914 } 915 916exit: 917 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A); 918 mbedtls_mpi_free(&B); 919} 920/* END_CASE */ 921 922/* BEGIN_CASE */ 923void mpi_mod_mpi(char *input_X, char *input_Y, 924 char *input_A, int div_result) 925{ 926 mbedtls_mpi X, Y, A; 927 int res; 928 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A); 929 930 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 931 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 932 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 933 res = mbedtls_mpi_mod_mpi(&X, &X, &Y); 934 TEST_ASSERT(res == div_result); 935 if (res == 0) { 936 TEST_ASSERT(sign_is_valid(&X)); 937 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 938 } 939 940exit: 941 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A); 942} 943/* END_CASE */ 944 945/* BEGIN_CASE */ 946void mpi_mod_int(char *input_X, mbedtls_mpi_sint y, 947 mbedtls_mpi_sint a, int mod_result) 948{ 949 mbedtls_mpi X; 950 int res; 951 mbedtls_mpi_uint r; 952 953 mbedtls_mpi_init(&X); 954 955 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 956 957 res = mbedtls_mpi_mod_int(&r, &X, y); 958 TEST_EQUAL(res, mod_result); 959 if (res == 0) { 960 TEST_EQUAL(r, a); 961 } 962 963exit: 964 mbedtls_mpi_free(&X); 965} 966/* END_CASE */ 967 968/* BEGIN_CASE */ 969void mpi_exp_mod_min_RR(char *input_A, char *input_E, 970 char *input_N, char *input_X, 971 int exp_result) 972{ 973 mbedtls_mpi A, E, N, RR, Z, X; 974 int res; 975 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 976 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 977 978 TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0); 979 TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); 980 TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); 981 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 982 983 TEST_EQUAL(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N), 0); 984 TEST_EQUAL(mbedtls_mpi_shrink(&RR, 0), 0); 985 /* The objective of this test is to check that exp_mod defends 986 * against a smaller RR. */ 987 TEST_LE_U(RR.n, N.n - 1); 988 989 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 990 /* We know that exp_mod internally needs RR to be as large as N. 991 * Validate that it is the case now, otherwise there was probably 992 * a buffer overread. */ 993 TEST_EQUAL(RR.n, N.n); 994 995 TEST_EQUAL(res, exp_result); 996 if (res == 0) { 997 TEST_EQUAL(sign_is_valid(&Z), 1); 998 TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &X), 0); 999 } 1000 1001exit: 1002 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1003 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1004} 1005/* END_CASE */ 1006 1007/* BEGIN_CASE */ 1008void mpi_exp_mod(char *input_A, char *input_E, 1009 char *input_N, char *input_X, 1010 int exp_result) 1011{ 1012 mbedtls_mpi A, E, N, RR, Z, X; 1013 int res; 1014 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1015 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 1016 1017 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1018 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1019 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1020 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1021 1022 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL); 1023 TEST_ASSERT(res == exp_result); 1024 if (res == 0) { 1025 TEST_ASSERT(sign_is_valid(&Z)); 1026 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1027 } 1028 1029 /* Now test again with the speed-up parameter supplied as an output. */ 1030 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1031 TEST_ASSERT(res == exp_result); 1032 if (res == 0) { 1033 TEST_ASSERT(sign_is_valid(&Z)); 1034 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1035 } 1036 1037 /* Now test again with the speed-up parameter supplied in calculated form. */ 1038 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1039 TEST_ASSERT(res == exp_result); 1040 if (res == 0) { 1041 TEST_ASSERT(sign_is_valid(&Z)); 1042 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1043 } 1044 1045exit: 1046 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1047 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1048} 1049/* END_CASE */ 1050 1051/* BEGIN_CASE */ 1052void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes, 1053 char *input_RR, int exp_result) 1054{ 1055 mbedtls_mpi A, E, N, RR, Z; 1056 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1057 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); 1058 1059 /* Set A to 2^(A_bytes - 1) + 1 */ 1060 TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0); 1061 TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0); 1062 TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0); 1063 1064 /* Set E to 2^(E_bytes - 1) + 1 */ 1065 TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0); 1066 TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0); 1067 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0); 1068 1069 /* Set N to 2^(N_bytes - 1) + 1 */ 1070 TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0); 1071 TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0); 1072 TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0); 1073 1074 if (strlen(input_RR)) { 1075 TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0); 1076 } 1077 1078 TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result); 1079 1080exit: 1081 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1082 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); 1083} 1084/* END_CASE */ 1085 1086/* BEGIN_CASE */ 1087void mpi_inv_mod(char *input_X, char *input_Y, 1088 char *input_A, int div_result) 1089{ 1090 mbedtls_mpi X, Y, Z, A; 1091 int res; 1092 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1093 1094 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1095 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1096 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1097 res = mbedtls_mpi_inv_mod(&Z, &X, &Y); 1098 TEST_ASSERT(res == div_result); 1099 if (res == 0) { 1100 TEST_ASSERT(sign_is_valid(&Z)); 1101 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1102 } 1103 1104exit: 1105 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1106} 1107/* END_CASE */ 1108 1109/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1110void mpi_is_prime(char *input_X, int div_result) 1111{ 1112 mbedtls_mpi X; 1113 int res; 1114 mbedtls_mpi_init(&X); 1115 1116 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1117 res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL); 1118 TEST_ASSERT(res == div_result); 1119 1120exit: 1121 mbedtls_mpi_free(&X); 1122} 1123/* END_CASE */ 1124 1125/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1126void mpi_is_prime_det(data_t *input_X, data_t *witnesses, 1127 int chunk_len, int rounds) 1128{ 1129 mbedtls_mpi X; 1130 int res; 1131 mbedtls_test_mpi_random rand; 1132 1133 mbedtls_mpi_init(&X); 1134 rand.data = witnesses; 1135 rand.pos = 0; 1136 rand.chunk_len = chunk_len; 1137 1138 TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0); 1139 res = mbedtls_mpi_is_prime_ext(&X, rounds - 1, 1140 mbedtls_test_mpi_miller_rabin_determinizer, 1141 &rand); 1142 TEST_ASSERT(res == 0); 1143 1144 rand.data = witnesses; 1145 rand.pos = 0; 1146 rand.chunk_len = chunk_len; 1147 1148 res = mbedtls_mpi_is_prime_ext(&X, rounds, 1149 mbedtls_test_mpi_miller_rabin_determinizer, 1150 &rand); 1151 TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); 1152 1153exit: 1154 mbedtls_mpi_free(&X); 1155} 1156/* END_CASE */ 1157 1158/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1159void mpi_gen_prime(int bits, int flags, int ref_ret) 1160{ 1161 mbedtls_mpi X; 1162 int my_ret; 1163 1164 mbedtls_mpi_init(&X); 1165 1166 my_ret = mbedtls_mpi_gen_prime(&X, bits, flags, 1167 mbedtls_test_rnd_std_rand, NULL); 1168 TEST_ASSERT(my_ret == ref_ret); 1169 1170 if (ref_ret == 0) { 1171 size_t actual_bits = mbedtls_mpi_bitlen(&X); 1172 1173 TEST_ASSERT(actual_bits >= (size_t) bits); 1174 TEST_ASSERT(actual_bits <= (size_t) bits + 1); 1175 TEST_ASSERT(sign_is_valid(&X)); 1176 1177 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1178 mbedtls_test_rnd_std_rand, 1179 NULL) == 0); 1180 if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) { 1181 /* X = ( X - 1 ) / 2 */ 1182 TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0); 1183 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1184 mbedtls_test_rnd_std_rand, 1185 NULL) == 0); 1186 } 1187 } 1188 1189exit: 1190 mbedtls_mpi_free(&X); 1191} 1192/* END_CASE */ 1193 1194/* BEGIN_CASE */ 1195void mpi_shift_l(char *input_X, int shift_X, 1196 char *input_A) 1197{ 1198 mbedtls_mpi X, A; 1199 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1200 1201 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1202 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1203 TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0); 1204 TEST_ASSERT(sign_is_valid(&X)); 1205 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1206 1207exit: 1208 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1209} 1210/* END_CASE */ 1211 1212/* BEGIN_CASE */ 1213void mpi_shift_r(char *input_X, int shift_X, 1214 char *input_A) 1215{ 1216 mbedtls_mpi X, A; 1217 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1218 1219 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1220 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1221 TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0); 1222 TEST_ASSERT(sign_is_valid(&X)); 1223 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1224 1225exit: 1226 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1227} 1228/* END_CASE */ 1229 1230/* BEGIN_CASE */ 1231void mpi_fill_random(int wanted_bytes, int rng_bytes, 1232 int before, int expected_ret) 1233{ 1234 mbedtls_mpi X; 1235 int ret; 1236 size_t bytes_left = rng_bytes; 1237 mbedtls_mpi_init(&X); 1238 1239 if (before != 0) { 1240 /* Set X to sign(before) * 2^(|before|-1) */ 1241 TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0); 1242 if (before < 0) { 1243 before = -before; 1244 } 1245 TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0); 1246 } 1247 1248 ret = mbedtls_mpi_fill_random(&X, wanted_bytes, 1249 f_rng_bytes_left, &bytes_left); 1250 TEST_ASSERT(ret == expected_ret); 1251 1252 if (expected_ret == 0) { 1253 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1254 * as a big-endian representation of the number. We know when 1255 * our RNG function returns null bytes, so we know how many 1256 * leading zero bytes the number has. */ 1257 size_t leading_zeros = 0; 1258 if (wanted_bytes > 0 && rng_bytes % 256 == 0) { 1259 leading_zeros = 1; 1260 } 1261 TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros == 1262 (size_t) wanted_bytes); 1263 TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes); 1264 TEST_ASSERT(sign_is_valid(&X)); 1265 } 1266 1267exit: 1268 mbedtls_mpi_free(&X); 1269} 1270/* END_CASE */ 1271 1272/* BEGIN_CASE */ 1273void most_negative_mpi_sint() 1274{ 1275 /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We 1276 * guarantee that mbedtls_mpi_sint is a two's complement type, so this 1277 * is a valid value. However, negating it (`-n`) has undefined behavior 1278 * (although in practice `-n` evaluates to the value n). 1279 * 1280 * This function has ad hoc tests for this value. It's separated from other 1281 * functions because the test framework makes it hard to pass this value 1282 * into test cases. 1283 * 1284 * In the comments here: 1285 * - biL = number of bits in limbs 1286 * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) 1287 * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) 1288 */ 1289 1290 mbedtls_mpi A, R, X; 1291 mbedtls_mpi_init(&A); 1292 mbedtls_mpi_init(&R); 1293 mbedtls_mpi_init(&X); 1294 1295 mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1); 1296 const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; 1297 const mbedtls_mpi_sint most_negative = -most_positive - 1; 1298 TEST_EQUAL((mbedtls_mpi_uint) most_negative, 1299 (mbedtls_mpi_uint) 1 << (biL - 1)); 1300 TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0); 1301 1302 /* Test mbedtls_mpi_lset() */ 1303 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1304 TEST_EQUAL(A.s, -1); 1305 TEST_EQUAL(A.n, 1); 1306 TEST_EQUAL(A.p[0], most_positive_plus_1); 1307 1308 /* Test mbedtls_mpi_cmp_int(): -p == -p */ 1309 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0); 1310 1311 /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ 1312 A.p[0] = most_positive_plus_1 + 1; 1313 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1); 1314 1315 /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ 1316 A.p[0] = most_positive_plus_1 - 1; 1317 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1); 1318 1319 /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ 1320 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1321 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1322 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1323 1324 /* Test mbedtls_mpi_add_int(): (0) + (-p) */ 1325 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1326 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1327 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0); 1328 1329 /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ 1330 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1331 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1332 TEST_EQUAL(X.s, -1); 1333 TEST_EQUAL(X.n, 2); 1334 TEST_EQUAL(X.p[0], 0); 1335 TEST_EQUAL(X.p[1], 1); 1336 1337 /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ 1338 mbedtls_mpi_free(&X); 1339 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1340 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1341 TEST_EQUAL(X.s, 1); 1342 TEST_EQUAL(X.n, 1); 1343 TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0); 1344 1345 /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ 1346 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1347 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1348 TEST_EQUAL(X.s, 1); 1349 TEST_EQUAL(X.n, 1); 1350 TEST_EQUAL(X.p[0], most_positive_plus_1); 1351 1352 /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ 1353 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1354 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1355 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1356 1357 /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ 1358 TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0); 1359 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1360 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1361 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1362 1363 /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ 1364 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1365 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1366 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1367 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1368 1369 /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ 1370 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1371 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1372 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0); 1373 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1374 1375 /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ 1376 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1377 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1378 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1379 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1380 1381 /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ 1382 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1383 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1384 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1385 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0); 1386 1387 /* Test mbedtls_mpi_div_int(): (p) / (-p) */ 1388 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1389 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1390 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1391 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1392 1393 /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ 1394 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1395 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1396 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0); 1397 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1398 1399 /* Test mbedtls_mpi_mod_int(): never valid */ 1400 TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative), 1401 MBEDTLS_ERR_MPI_NEGATIVE_VALUE); 1402 1403 /* Test mbedtls_mpi_random(): never valid */ 1404 TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A, 1405 mbedtls_test_rnd_std_rand, NULL), 1406 MBEDTLS_ERR_MPI_BAD_INPUT_DATA); 1407 1408exit: 1409 mbedtls_mpi_free(&A); 1410 mbedtls_mpi_free(&R); 1411 mbedtls_mpi_free(&X); 1412} 1413/* END_CASE */ 1414 1415/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1416void mpi_selftest() 1417{ 1418 TEST_ASSERT(mbedtls_mpi_self_test(1) == 0); 1419} 1420/* END_CASE */ 1421