• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/entropy.h"
4#include "constant_time_internal.h"
5#include "bignum_core.h"
6#include "test/constant_flow.h"
7
8#if MBEDTLS_MPI_MAX_BITS > 792
9#define MPI_MAX_BITS_LARGER_THAN_792
10#endif
11
12/* Check the validity of the sign bit in an MPI object. Reject representations
13 * that are not supported by the rest of the library and indicate a bug when
14 * constructing the value. */
15static int sign_is_valid(const mbedtls_mpi *X)
16{
17    /* Only +1 and -1 are valid sign bits, not e.g. 0 */
18    if (X->s != 1 && X->s != -1) {
19        return 0;
20    }
21
22    /* The value 0 must be represented with the sign +1. A "negative zero"
23     * with s=-1 is an invalid representation. Forbid that. As an exception,
24     * we sometimes test the robustness of library functions when given
25     * a negative zero input. If a test case has a negative zero as input,
26     * we don't mind if the function has a negative zero output. */
27    if (!mbedtls_test_case_uses_negative_0 &&
28        mbedtls_mpi_bitlen(X) == 0 && X->s != 1) {
29        return 0;
30    }
31
32    return 1;
33}
34
35typedef struct mbedtls_test_mpi_random {
36    data_t *data;
37    size_t  pos;
38    size_t  chunk_len;
39} mbedtls_test_mpi_random;
40
41/*
42 * This function is called by the Miller-Rabin primality test each time it
43 * chooses a random witness. The witnesses (or non-witnesses as provided by the
44 * test) are stored in the data member of the state structure. Each number is in
45 * the format that mbedtls_mpi_read_string understands and is chunk_len long.
46 */
47int mbedtls_test_mpi_miller_rabin_determinizer(void *state,
48                                               unsigned char *buf,
49                                               size_t len)
50{
51    mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state;
52
53    if (random == NULL || random->data->x == NULL || buf == NULL) {
54        return -1;
55    }
56
57    if (random->pos + random->chunk_len > random->data->len
58        || random->chunk_len > len) {
59        return -1;
60    }
61
62    memset(buf, 0, len);
63
64    /* The witness is written to the end of the buffer, since the buffer is
65     * used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
66     * Writing the witness to the start of the buffer would result in the
67     * buffer being 'witness 000...000', which would be treated as
68     * witness * 2^n for some n. */
69    memcpy(buf + len - random->chunk_len, &random->data->x[random->pos],
70           random->chunk_len);
71
72    random->pos += random->chunk_len;
73
74    return 0;
75}
76
77/* Random generator that is told how many bytes to return. */
78static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len)
79{
80    size_t *bytes_left = state;
81    size_t i;
82    for (i = 0; i < len; i++) {
83        if (*bytes_left == 0) {
84            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
85        }
86        buf[i] = *bytes_left & 0xff;
87        --(*bytes_left);
88    }
89    return 0;
90}
91
92/* END_HEADER */
93
94/* BEGIN_DEPENDENCIES
95 * depends_on:MBEDTLS_BIGNUM_C
96 * END_DEPENDENCIES
97 */
98
99/* BEGIN_CASE */
100void mpi_null()
101{
102    mbedtls_mpi X, Y, Z;
103
104    mbedtls_mpi_init(&X);
105    mbedtls_mpi_init(&Y);
106    mbedtls_mpi_init(&Z);
107
108    TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0);
109    TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0);
110    TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0);
111    TEST_ASSERT(mbedtls_mpi_size(&X) == 0);
112
113exit:
114    mbedtls_mpi_free(&X);
115}
116/* END_CASE */
117
118/* BEGIN_CASE */
119void mpi_read_write_string(int radix_X, char *input_X, int radix_A,
120                           char *input_A, int output_size, int result_read,
121                           int result_write)
122{
123    mbedtls_mpi X;
124    char str[1000];
125    size_t len;
126
127    mbedtls_mpi_init(&X);
128
129    memset(str, '!', sizeof(str));
130
131    TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read);
132    if (result_read == 0) {
133        TEST_ASSERT(sign_is_valid(&X));
134        TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write);
135        if (result_write == 0) {
136            TEST_ASSERT(strcasecmp(str, input_A) == 0);
137            TEST_ASSERT(str[len] == '!');
138        }
139    }
140
141exit:
142    mbedtls_mpi_free(&X);
143}
144/* END_CASE */
145
146/* BEGIN_CASE */
147void mpi_read_binary(data_t *buf, char *input_A)
148{
149    mbedtls_mpi X;
150    char str[1000];
151    size_t len;
152
153    mbedtls_mpi_init(&X);
154
155
156    TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0);
157    TEST_ASSERT(sign_is_valid(&X));
158    TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0);
159    TEST_ASSERT(strcmp((char *) str, input_A) == 0);
160
161exit:
162    mbedtls_mpi_free(&X);
163}
164/* END_CASE */
165
166/* BEGIN_CASE */
167void mpi_read_binary_le(data_t *buf, char *input_A)
168{
169    mbedtls_mpi X;
170    char str[1000];
171    size_t len;
172
173    mbedtls_mpi_init(&X);
174
175
176    TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0);
177    TEST_ASSERT(sign_is_valid(&X));
178    TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0);
179    TEST_ASSERT(strcmp((char *) str, input_A) == 0);
180
181exit:
182    mbedtls_mpi_free(&X);
183}
184/* END_CASE */
185
186/* BEGIN_CASE */
187void mpi_write_binary(char *input_X, data_t *input_A,
188                      int output_size, int result)
189{
190    mbedtls_mpi X;
191    unsigned char buf[1000];
192    size_t buflen;
193
194    memset(buf, 0x00, 1000);
195
196    mbedtls_mpi_init(&X);
197
198    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
199
200    buflen = mbedtls_mpi_size(&X);
201    if (buflen > (size_t) output_size) {
202        buflen = (size_t) output_size;
203    }
204
205    TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result);
206    if (result == 0) {
207
208        TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
209                                        buflen, input_A->len) == 0);
210    }
211
212exit:
213    mbedtls_mpi_free(&X);
214}
215/* END_CASE */
216
217/* BEGIN_CASE */
218void mpi_write_binary_le(char *input_X, data_t *input_A,
219                         int output_size, int result)
220{
221    mbedtls_mpi X;
222    unsigned char buf[1000];
223    size_t buflen;
224
225    memset(buf, 0x00, 1000);
226
227    mbedtls_mpi_init(&X);
228
229    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
230
231    buflen = mbedtls_mpi_size(&X);
232    if (buflen > (size_t) output_size) {
233        buflen = (size_t) output_size;
234    }
235
236    TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result);
237    if (result == 0) {
238
239        TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
240                                        buflen, input_A->len) == 0);
241    }
242
243exit:
244    mbedtls_mpi_free(&X);
245}
246/* END_CASE */
247
248/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
249void mpi_read_file(char *input_file, data_t *input_A, int result)
250{
251    mbedtls_mpi X;
252    unsigned char buf[1000];
253    size_t buflen;
254    FILE *file;
255    int ret;
256
257    memset(buf, 0x00, 1000);
258
259    mbedtls_mpi_init(&X);
260
261    file = fopen(input_file, "r");
262    TEST_ASSERT(file != NULL);
263    ret = mbedtls_mpi_read_file(&X, 16, file);
264    fclose(file);
265    TEST_ASSERT(ret == result);
266
267    if (result == 0) {
268        TEST_ASSERT(sign_is_valid(&X));
269        buflen = mbedtls_mpi_size(&X);
270        TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0);
271
272
273        TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
274                                        buflen, input_A->len) == 0);
275    }
276
277exit:
278    mbedtls_mpi_free(&X);
279}
280/* END_CASE */
281
282/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
283void mpi_write_file(char *input_X, char *output_file)
284{
285    mbedtls_mpi X, Y;
286    FILE *file_out, *file_in;
287    int ret;
288
289    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
290
291    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
292
293    file_out = fopen(output_file, "w");
294    TEST_ASSERT(file_out != NULL);
295    ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out);
296    fclose(file_out);
297    TEST_ASSERT(ret == 0);
298
299    file_in = fopen(output_file, "r");
300    TEST_ASSERT(file_in != NULL);
301    ret = mbedtls_mpi_read_file(&Y, 16, file_in);
302    fclose(file_in);
303    TEST_ASSERT(ret == 0);
304
305    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0);
306
307exit:
308    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
309}
310/* END_CASE */
311
312/* BEGIN_CASE */
313void mpi_get_bit(char *input_X, int pos, int val)
314{
315    mbedtls_mpi X;
316    mbedtls_mpi_init(&X);
317    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
318    TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val);
319
320exit:
321    mbedtls_mpi_free(&X);
322}
323/* END_CASE */
324
325/* BEGIN_CASE */
326void mpi_set_bit(char *input_X, int pos, int val,
327                 char *output_Y, int result)
328{
329    mbedtls_mpi X, Y;
330    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
331
332    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
333    TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0);
334    TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result);
335
336    if (result == 0) {
337        TEST_ASSERT(sign_is_valid(&X));
338        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0);
339    }
340
341exit:
342    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
343}
344/* END_CASE */
345
346/* BEGIN_CASE */
347void mpi_lsb(char *input_X, int nr_bits)
348{
349    mbedtls_mpi X;
350    mbedtls_mpi_init(&X);
351
352    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
353    TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits);
354
355exit:
356    mbedtls_mpi_free(&X);
357}
358/* END_CASE */
359
360/* BEGIN_CASE */
361void mpi_bitlen(char *input_X, int nr_bits)
362{
363    mbedtls_mpi X;
364    mbedtls_mpi_init(&X);
365
366    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
367    TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits);
368
369exit:
370    mbedtls_mpi_free(&X);
371}
372/* END_CASE */
373
374/* BEGIN_CASE */
375void mpi_gcd(char *input_X, char *input_Y,
376             char *input_A)
377{
378    mbedtls_mpi A, X, Y, Z;
379    mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
380
381    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
382    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
383    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
384    TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0);
385    TEST_ASSERT(sign_is_valid(&Z));
386    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
387
388exit:
389    mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
390}
391/* END_CASE */
392
393/* BEGIN_CASE */
394void mpi_cmp_int(int input_X, int input_A, int result_CMP)
395{
396    mbedtls_mpi X;
397    mbedtls_mpi_init(&X);
398
399    TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0);
400    TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP);
401
402exit:
403    mbedtls_mpi_free(&X);
404}
405/* END_CASE */
406
407/* BEGIN_CASE */
408void mpi_cmp_mpi(char *input_X, char *input_Y,
409                 int input_A)
410{
411    mbedtls_mpi X, Y;
412    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
413
414    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
415    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
416    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A);
417
418exit:
419    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
420}
421/* END_CASE */
422
423/* BEGIN_CASE */
424void mpi_lt_mpi_ct(int size_X, char *input_X,
425                   int size_Y, char *input_Y,
426                   int input_ret, int input_err)
427{
428    unsigned ret = -1;
429    unsigned input_uret = input_ret;
430    mbedtls_mpi X, Y;
431    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
432
433    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
434    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
435
436    TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0);
437    TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0);
438
439    TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err);
440    if (input_err == 0) {
441        TEST_ASSERT(ret == input_uret);
442    }
443
444exit:
445    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
446}
447/* END_CASE */
448
449/* BEGIN_CASE */
450void mpi_cmp_abs(char *input_X, char *input_Y,
451                 int input_A)
452{
453    mbedtls_mpi X, Y;
454    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
455
456    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
457    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
458    TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A);
459
460exit:
461    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
462}
463/* END_CASE */
464
465/* BEGIN_CASE */
466void mpi_copy(char *src_hex, char *dst_hex)
467{
468    mbedtls_mpi src, dst, ref;
469    mbedtls_mpi_init(&src);
470    mbedtls_mpi_init(&dst);
471    mbedtls_mpi_init(&ref);
472
473    TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0);
474    TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0);
475
476    /* mbedtls_mpi_copy() */
477    TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
478    TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0);
479    TEST_ASSERT(sign_is_valid(&dst));
480    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0);
481
482    /* mbedtls_mpi_safe_cond_assign(), assignment done */
483    mbedtls_mpi_free(&dst);
484    TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
485    TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0);
486    TEST_ASSERT(sign_is_valid(&dst));
487    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0);
488
489    /* mbedtls_mpi_safe_cond_assign(), assignment not done */
490    mbedtls_mpi_free(&dst);
491    TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
492    TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0);
493    TEST_ASSERT(sign_is_valid(&dst));
494    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0);
495
496exit:
497    mbedtls_mpi_free(&src);
498    mbedtls_mpi_free(&dst);
499    mbedtls_mpi_free(&ref);
500}
501/* END_CASE */
502
503/* BEGIN_CASE */
504void mpi_copy_self(char *input_X)
505{
506    mbedtls_mpi X, A;
507    mbedtls_mpi_init(&A);
508    mbedtls_mpi_init(&X);
509
510    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
511    TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0);
512
513    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0);
514    TEST_ASSERT(sign_is_valid(&X));
515    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
516
517exit:
518    mbedtls_mpi_free(&A);
519    mbedtls_mpi_free(&X);
520}
521/* END_CASE */
522
523/* BEGIN_CASE */
524void mpi_swap(char *X_hex, char *Y_hex)
525{
526    mbedtls_mpi X, Y, X0, Y0;
527    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
528    mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0);
529
530    TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0);
531    TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0);
532
533    /* mbedtls_mpi_swap() */
534    TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
535    TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0);
536    mbedtls_mpi_swap(&X, &Y);
537    TEST_ASSERT(sign_is_valid(&X));
538    TEST_ASSERT(sign_is_valid(&Y));
539    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0);
540    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0);
541
542    /* mbedtls_mpi_safe_cond_swap(), swap done */
543    mbedtls_mpi_free(&X);
544    mbedtls_mpi_free(&Y);
545    TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
546    TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0);
547    TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0);
548    TEST_ASSERT(sign_is_valid(&X));
549    TEST_ASSERT(sign_is_valid(&Y));
550    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0);
551    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0);
552
553    /* mbedtls_mpi_safe_cond_swap(), swap not done */
554    mbedtls_mpi_free(&X);
555    mbedtls_mpi_free(&Y);
556    TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
557    TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0);
558    TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0);
559    TEST_ASSERT(sign_is_valid(&X));
560    TEST_ASSERT(sign_is_valid(&Y));
561    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0);
562    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0);
563
564exit:
565    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
566    mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0);
567}
568/* END_CASE */
569
570/* BEGIN_CASE */
571void mpi_swap_self(char *X_hex)
572{
573    mbedtls_mpi X, X0;
574    mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0);
575
576    TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0);
577    TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0);
578
579    mbedtls_mpi_swap(&X, &X);
580    TEST_ASSERT(sign_is_valid(&X));
581    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0);
582
583exit:
584    mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0);
585}
586/* END_CASE */
587
588/* BEGIN_CASE */
589void mpi_shrink(int before, int used, int min, int after)
590{
591    mbedtls_mpi X;
592    mbedtls_mpi_init(&X);
593
594    TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0);
595    if (used > 0) {
596        size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint);
597        TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0);
598    }
599    TEST_EQUAL(X.n, (size_t) before);
600    TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0);
601    TEST_EQUAL(X.n, (size_t) after);
602
603exit:
604    mbedtls_mpi_free(&X);
605}
606/* END_CASE */
607
608/* BEGIN_CASE */
609void mpi_add_mpi(char *input_X, char *input_Y,
610                 char *input_A)
611{
612    mbedtls_mpi X, Y, Z, A;
613    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
614
615    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
616    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
617    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
618    TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0);
619    TEST_ASSERT(sign_is_valid(&Z));
620    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
621
622    /* result == first operand */
623    TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0);
624    TEST_ASSERT(sign_is_valid(&X));
625    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
626    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
627
628    /* result == second operand */
629    TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0);
630    TEST_ASSERT(sign_is_valid(&Y));
631    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
632
633exit:
634    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
635}
636/* END_CASE */
637
638/* BEGIN_CASE */
639void mpi_add_mpi_inplace(char *input_X, char *input_A)
640{
641    mbedtls_mpi X, A;
642    mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
643
644    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
645
646    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
647    TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0);
648    TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0);
649    TEST_ASSERT(sign_is_valid(&X));
650
651    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
652    TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0);
653    TEST_ASSERT(sign_is_valid(&X));
654    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
655
656    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
657    TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0);
658    TEST_ASSERT(sign_is_valid(&X));
659    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
660
661exit:
662    mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
663}
664/* END_CASE */
665
666
667/* BEGIN_CASE */
668void mpi_add_abs(char *input_X, char *input_Y,
669                 char *input_A)
670{
671    mbedtls_mpi X, Y, Z, A;
672    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
673
674    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
675    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
676    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
677    TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0);
678    TEST_ASSERT(sign_is_valid(&Z));
679    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
680
681    /* result == first operand */
682    TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0);
683    TEST_ASSERT(sign_is_valid(&X));
684    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
685    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
686
687    /* result == second operand */
688    TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0);
689    TEST_ASSERT(sign_is_valid(&Y));
690    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
691
692exit:
693    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
694}
695/* END_CASE */
696
697/* BEGIN_CASE */
698void mpi_add_int(char *input_X, int input_Y,
699                 char *input_A)
700{
701    mbedtls_mpi X, Z, A;
702    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
703
704    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
705    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
706    TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0);
707    TEST_ASSERT(sign_is_valid(&Z));
708    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
709
710exit:
711    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
712}
713/* END_CASE */
714
715/* BEGIN_CASE */
716void mpi_sub_mpi(char *input_X, char *input_Y,
717                 char *input_A)
718{
719    mbedtls_mpi X, Y, Z, A;
720    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
721
722    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
723    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
724    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
725    TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0);
726    TEST_ASSERT(sign_is_valid(&Z));
727    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
728
729    /* result == first operand */
730    TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0);
731    TEST_ASSERT(sign_is_valid(&X));
732    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
733    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
734
735    /* result == second operand */
736    TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0);
737    TEST_ASSERT(sign_is_valid(&Y));
738    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
739
740exit:
741    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
742}
743/* END_CASE */
744
745/* BEGIN_CASE */
746void mpi_sub_abs(char *input_X, char *input_Y,
747                 char *input_A, int sub_result)
748{
749    mbedtls_mpi X, Y, Z, A;
750    int res;
751    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
752
753    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
754    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
755    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
756
757    res = mbedtls_mpi_sub_abs(&Z, &X, &Y);
758    TEST_ASSERT(res == sub_result);
759    TEST_ASSERT(sign_is_valid(&Z));
760    if (res == 0) {
761        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
762    }
763
764    /* result == first operand */
765    TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result);
766    TEST_ASSERT(sign_is_valid(&X));
767    if (sub_result == 0) {
768        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
769    }
770    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
771
772    /* result == second operand */
773    TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result);
774    TEST_ASSERT(sign_is_valid(&Y));
775    if (sub_result == 0) {
776        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
777    }
778
779exit:
780    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
781}
782/* END_CASE */
783
784/* BEGIN_CASE */
785void mpi_sub_int(char *input_X, int input_Y,
786                 char *input_A)
787{
788    mbedtls_mpi X, Z, A;
789    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
790
791    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
792    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
793    TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0);
794    TEST_ASSERT(sign_is_valid(&Z));
795    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
796
797exit:
798    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
799}
800/* END_CASE */
801
802/* BEGIN_CASE */
803void mpi_mul_mpi(char *input_X, char *input_Y,
804                 char *input_A)
805{
806    mbedtls_mpi X, Y, Z, A;
807    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
808
809    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
810    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
811    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
812    TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0);
813    TEST_ASSERT(sign_is_valid(&Z));
814    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
815
816exit:
817    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
818}
819/* END_CASE */
820
821/* BEGIN_CASE */
822void mpi_mul_int(char *input_X, int input_Y,
823                 char *input_A, char *result_comparison)
824{
825    mbedtls_mpi X, Z, A;
826    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
827
828    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
829    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
830    TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0);
831    TEST_ASSERT(sign_is_valid(&Z));
832    if (strcmp(result_comparison, "==") == 0) {
833        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
834    } else if (strcmp(result_comparison, "!=") == 0) {
835        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0);
836    } else {
837        TEST_ASSERT("unknown operator" == 0);
838    }
839
840exit:
841    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
842}
843/* END_CASE */
844
845/* BEGIN_CASE */
846void mpi_div_mpi(char *input_X, char *input_Y,
847                 char *input_A, char *input_B,
848                 int div_result)
849{
850    mbedtls_mpi X, Y, Q, R, A, B;
851    int res;
852    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R);
853    mbedtls_mpi_init(&A); mbedtls_mpi_init(&B);
854
855    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
856    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
857    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
858    TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0);
859    res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y);
860    TEST_ASSERT(res == div_result);
861    if (res == 0) {
862        TEST_ASSERT(sign_is_valid(&Q));
863        TEST_ASSERT(sign_is_valid(&R));
864        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0);
865        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0);
866    }
867
868exit:
869    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R);
870    mbedtls_mpi_free(&A); mbedtls_mpi_free(&B);
871}
872/* END_CASE */
873
874/* BEGIN_CASE */
875void mpi_div_int(char *input_X, int input_Y,
876                 char *input_A, char *input_B,
877                 int div_result)
878{
879    mbedtls_mpi X, Q, R, A, B;
880    int res;
881    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A);
882    mbedtls_mpi_init(&B);
883
884    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
885    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
886    TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0);
887    res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y);
888    TEST_ASSERT(res == div_result);
889    if (res == 0) {
890        TEST_ASSERT(sign_is_valid(&Q));
891        TEST_ASSERT(sign_is_valid(&R));
892        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0);
893        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0);
894    }
895
896exit:
897    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A);
898    mbedtls_mpi_free(&B);
899}
900/* END_CASE */
901
902/* BEGIN_CASE */
903void mpi_mod_mpi(char *input_X, char *input_Y,
904                 char *input_A, int div_result)
905{
906    mbedtls_mpi X, Y, A;
907    int res;
908    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A);
909
910    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
911    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
912    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
913    res = mbedtls_mpi_mod_mpi(&X, &X, &Y);
914    TEST_ASSERT(res == div_result);
915    if (res == 0) {
916        TEST_ASSERT(sign_is_valid(&X));
917        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
918    }
919
920exit:
921    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A);
922}
923/* END_CASE */
924
925/* BEGIN_CASE */
926void mpi_mod_int(char *input_X, char *input_Y,
927                 char *input_A, int mod_result)
928{
929    mbedtls_mpi X;
930    mbedtls_mpi Y;
931    mbedtls_mpi A;
932    int res;
933    mbedtls_mpi_uint r;
934
935    mbedtls_mpi_init(&X);
936    mbedtls_mpi_init(&Y);
937    mbedtls_mpi_init(&A);
938
939    /* We use MPIs to read Y and A since the test framework limits us to
940     * ints, so we can't have 64-bit values */
941    TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
942    TEST_EQUAL(mbedtls_test_read_mpi(&Y, input_Y), 0);
943    TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
944
945    TEST_EQUAL(Y.n, 1);
946    TEST_EQUAL(A.n, 1);
947
948    /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */
949
950    /* Since we're converting sign+magnitude to two's complement, we lose one
951     * bit of value in the output. This means there are some values we can't
952     * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically
953     * invalid test cases, so could be considered "won't happen", but they are
954     * easy to test for, and this helps guard against human error. */
955
956    mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
957    TEST_ASSERT(y >= 0);        /* If y < 0 here, we can't make negative y */
958    if (Y.s == -1) {
959        y = -y;
960    }
961
962    mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
963    TEST_ASSERT(a >= 0);        /* Same goes for a */
964    if (A.s == -1) {
965        a = -a;
966    }
967
968    res = mbedtls_mpi_mod_int(&r, &X, y);
969    TEST_EQUAL(res, mod_result);
970    if (res == 0) {
971        TEST_EQUAL(r, a);
972    }
973
974exit:
975    mbedtls_mpi_free(&X);
976    mbedtls_mpi_free(&Y);
977    mbedtls_mpi_free(&A);
978}
979/* END_CASE */
980
981/* BEGIN_CASE */
982void mpi_exp_mod(char *input_A, char *input_E,
983                 char *input_N, char *input_X,
984                 int exp_result)
985{
986    mbedtls_mpi A, E, N, RR, Z, X;
987    int res;
988    mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
989    mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X);
990
991    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
992    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
993    TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
994    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
995
996    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL);
997    TEST_ASSERT(res == exp_result);
998    if (res == 0) {
999        TEST_ASSERT(sign_is_valid(&Z));
1000        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
1001    }
1002
1003    /* Now test again with the speed-up parameter supplied as an output. */
1004    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
1005    TEST_ASSERT(res == exp_result);
1006    if (res == 0) {
1007        TEST_ASSERT(sign_is_valid(&Z));
1008        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
1009    }
1010
1011    /* Now test again with the speed-up parameter supplied in calculated form. */
1012    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
1013    TEST_ASSERT(res == exp_result);
1014    if (res == 0) {
1015        TEST_ASSERT(sign_is_valid(&Z));
1016        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
1017    }
1018
1019exit:
1020    mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
1021    mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X);
1022}
1023/* END_CASE */
1024
1025/* BEGIN_CASE */
1026void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes,
1027                      char *input_RR, int exp_result)
1028{
1029    mbedtls_mpi A, E, N, RR, Z;
1030    mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
1031    mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z);
1032
1033    /* Set A to 2^(A_bytes - 1) + 1 */
1034    TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0);
1035    TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0);
1036    TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0);
1037
1038    /* Set E to 2^(E_bytes - 1) + 1 */
1039    TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0);
1040    TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0);
1041    TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0);
1042
1043    /* Set N to 2^(N_bytes - 1) + 1 */
1044    TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0);
1045    TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0);
1046    TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0);
1047
1048    if (strlen(input_RR)) {
1049        TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0);
1050    }
1051
1052    TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result);
1053
1054exit:
1055    mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
1056    mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z);
1057}
1058/* END_CASE */
1059
1060/* BEGIN_CASE */
1061void mpi_inv_mod(char *input_X, char *input_Y,
1062                 char *input_A, int div_result)
1063{
1064    mbedtls_mpi X, Y, Z, A;
1065    int res;
1066    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
1067
1068    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
1069    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
1070    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
1071    res = mbedtls_mpi_inv_mod(&Z, &X, &Y);
1072    TEST_ASSERT(res == div_result);
1073    if (res == 0) {
1074        TEST_ASSERT(sign_is_valid(&Z));
1075        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
1076    }
1077
1078exit:
1079    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
1080}
1081/* END_CASE */
1082
1083/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
1084void mpi_is_prime(char *input_X, int div_result)
1085{
1086    mbedtls_mpi X;
1087    int res;
1088    mbedtls_mpi_init(&X);
1089
1090    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
1091    res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL);
1092    TEST_ASSERT(res == div_result);
1093
1094exit:
1095    mbedtls_mpi_free(&X);
1096}
1097/* END_CASE */
1098
1099/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
1100void mpi_is_prime_det(data_t *input_X, data_t *witnesses,
1101                      int chunk_len, int rounds)
1102{
1103    mbedtls_mpi X;
1104    int res;
1105    mbedtls_test_mpi_random rand;
1106
1107    mbedtls_mpi_init(&X);
1108    rand.data = witnesses;
1109    rand.pos = 0;
1110    rand.chunk_len = chunk_len;
1111
1112    TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0);
1113    res = mbedtls_mpi_is_prime_ext(&X, rounds - 1,
1114                                   mbedtls_test_mpi_miller_rabin_determinizer,
1115                                   &rand);
1116    TEST_ASSERT(res == 0);
1117
1118    rand.data = witnesses;
1119    rand.pos = 0;
1120    rand.chunk_len = chunk_len;
1121
1122    res = mbedtls_mpi_is_prime_ext(&X, rounds,
1123                                   mbedtls_test_mpi_miller_rabin_determinizer,
1124                                   &rand);
1125    TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);
1126
1127exit:
1128    mbedtls_mpi_free(&X);
1129}
1130/* END_CASE */
1131
1132/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
1133void mpi_gen_prime(int bits, int flags, int ref_ret)
1134{
1135    mbedtls_mpi X;
1136    int my_ret;
1137
1138    mbedtls_mpi_init(&X);
1139
1140    my_ret = mbedtls_mpi_gen_prime(&X, bits, flags,
1141                                   mbedtls_test_rnd_std_rand, NULL);
1142    TEST_ASSERT(my_ret == ref_ret);
1143
1144    if (ref_ret == 0) {
1145        size_t actual_bits = mbedtls_mpi_bitlen(&X);
1146
1147        TEST_ASSERT(actual_bits >= (size_t) bits);
1148        TEST_ASSERT(actual_bits <= (size_t) bits + 1);
1149        TEST_ASSERT(sign_is_valid(&X));
1150
1151        TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40,
1152                                             mbedtls_test_rnd_std_rand,
1153                                             NULL) == 0);
1154        if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) {
1155            /* X = ( X - 1 ) / 2 */
1156            TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0);
1157            TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40,
1158                                                 mbedtls_test_rnd_std_rand,
1159                                                 NULL) == 0);
1160        }
1161    }
1162
1163exit:
1164    mbedtls_mpi_free(&X);
1165}
1166/* END_CASE */
1167
1168/* BEGIN_CASE */
1169void mpi_shift_l(char *input_X, int shift_X,
1170                 char *input_A)
1171{
1172    mbedtls_mpi X, A;
1173    mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
1174
1175    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
1176    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
1177    TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0);
1178    TEST_ASSERT(sign_is_valid(&X));
1179    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
1180
1181exit:
1182    mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
1183}
1184/* END_CASE */
1185
1186/* BEGIN_CASE */
1187void mpi_shift_r(char *input_X, int shift_X,
1188                 char *input_A)
1189{
1190    mbedtls_mpi X, A;
1191    mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
1192
1193    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
1194    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
1195    TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0);
1196    TEST_ASSERT(sign_is_valid(&X));
1197    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
1198
1199exit:
1200    mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
1201}
1202/* END_CASE */
1203
1204/* BEGIN_CASE */
1205void mpi_fill_random(int wanted_bytes, int rng_bytes,
1206                     int before, int expected_ret)
1207{
1208    mbedtls_mpi X;
1209    int ret;
1210    size_t bytes_left = rng_bytes;
1211    mbedtls_mpi_init(&X);
1212
1213    if (before != 0) {
1214        /* Set X to sign(before) * 2^(|before|-1) */
1215        TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0);
1216        if (before < 0) {
1217            before = -before;
1218        }
1219        TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0);
1220    }
1221
1222    ret = mbedtls_mpi_fill_random(&X, wanted_bytes,
1223                                  f_rng_bytes_left, &bytes_left);
1224    TEST_ASSERT(ret == expected_ret);
1225
1226    if (expected_ret == 0) {
1227        /* mbedtls_mpi_fill_random is documented to use bytes from the RNG
1228         * as a big-endian representation of the number. We know when
1229         * our RNG function returns null bytes, so we know how many
1230         * leading zero bytes the number has. */
1231        size_t leading_zeros = 0;
1232        if (wanted_bytes > 0 && rng_bytes % 256 == 0) {
1233            leading_zeros = 1;
1234        }
1235        TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros ==
1236                    (size_t) wanted_bytes);
1237        TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes);
1238        TEST_ASSERT(sign_is_valid(&X));
1239    }
1240
1241exit:
1242    mbedtls_mpi_free(&X);
1243}
1244/* END_CASE */
1245
1246/* BEGIN_CASE */
1247void most_negative_mpi_sint()
1248{
1249    /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We
1250     * guarantee that mbedtls_mpi_sint is a two's complement type, so this
1251     * is a valid value. However, negating it (`-n`) has undefined behavior
1252     * (although in practice `-n` evaluates to the value n).
1253     *
1254     * This function has ad hoc tests for this value. It's separated from other
1255     * functions because the test framework makes it hard to pass this value
1256     * into test cases.
1257     *
1258     * In the comments here:
1259     * - biL = number of bits in limbs
1260     * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range)
1261     * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range)
1262     */
1263
1264    mbedtls_mpi A, R, X;
1265    mbedtls_mpi_init(&A);
1266    mbedtls_mpi_init(&R);
1267    mbedtls_mpi_init(&X);
1268
1269    mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1);
1270    const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1;
1271    const mbedtls_mpi_sint most_negative = -most_positive - 1;
1272    TEST_EQUAL((mbedtls_mpi_uint) most_negative,
1273               (mbedtls_mpi_uint) 1 << (biL - 1));
1274    TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0);
1275
1276    /* Test mbedtls_mpi_lset() */
1277    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
1278    TEST_EQUAL(A.s, -1);
1279    TEST_EQUAL(A.n, 1);
1280    TEST_EQUAL(A.p[0], most_positive_plus_1);
1281
1282    /* Test mbedtls_mpi_cmp_int(): -p == -p */
1283    TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0);
1284
1285    /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */
1286    A.p[0] = most_positive_plus_1 + 1;
1287    TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1);
1288
1289    /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */
1290    A.p[0] = most_positive_plus_1 - 1;
1291    TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1);
1292
1293    /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */
1294    TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
1295    TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
1296    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0);
1297
1298    /* Test mbedtls_mpi_add_int(): (0) + (-p) */
1299    TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0);
1300    TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
1301    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0);
1302
1303    /* Test mbedtls_mpi_add_int(): (-p) + (-p) */
1304    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
1305    TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
1306    TEST_EQUAL(X.s, -1);
1307    TEST_EQUAL(X.n, 2);
1308    TEST_EQUAL(X.p[0], 0);
1309    TEST_EQUAL(X.p[1], 1);
1310
1311    /* Test mbedtls_mpi_sub_int(): (p) - (-p) */
1312    mbedtls_mpi_free(&X);
1313    TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
1314    TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
1315    TEST_EQUAL(X.s, 1);
1316    TEST_EQUAL(X.n, 1);
1317    TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0);
1318
1319    /* Test mbedtls_mpi_sub_int(): (0) - (-p) */
1320    TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0);
1321    TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
1322    TEST_EQUAL(X.s, 1);
1323    TEST_EQUAL(X.n, 1);
1324    TEST_EQUAL(X.p[0], most_positive_plus_1);
1325
1326    /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */
1327    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
1328    TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
1329    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
1330
1331    /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */
1332    TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0);
1333    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1334    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
1335    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0);
1336
1337    /* Test mbedtls_mpi_div_int(): (-p) / (-p) */
1338    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
1339    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1340    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0);
1341    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
1342
1343    /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */
1344    TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0);
1345    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1346    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0);
1347    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
1348
1349    /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */
1350    TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0);
1351    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1352    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0);
1353    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0);
1354
1355    /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */
1356    TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
1357    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1358    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
1359    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0);
1360
1361    /* Test mbedtls_mpi_div_int(): (p) / (-p) */
1362    TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0);
1363    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1364    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0);
1365    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
1366
1367    /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */
1368    TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0);
1369    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
1370    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0);
1371    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);
1372
1373    /* Test mbedtls_mpi_mod_int(): never valid */
1374    TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative),
1375               MBEDTLS_ERR_MPI_NEGATIVE_VALUE);
1376
1377    /* Test mbedtls_mpi_random(): never valid */
1378    TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A,
1379                                  mbedtls_test_rnd_std_rand, NULL),
1380               MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
1381
1382exit:
1383    mbedtls_mpi_free(&A);
1384    mbedtls_mpi_free(&R);
1385    mbedtls_mpi_free(&X);
1386}
1387/* END_CASE */
1388
1389/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
1390void mpi_selftest()
1391{
1392    TEST_ASSERT(mbedtls_mpi_self_test(1) == 0);
1393}
1394/* END_CASE */
1395