1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/entropy.h" 4#include "constant_time_internal.h" 5#include "test/constant_flow.h" 6 7#if MBEDTLS_MPI_MAX_BITS > 792 8#define MPI_MAX_BITS_LARGER_THAN_792 9#endif 10 11/* Check the validity of the sign bit in an MPI object. Reject representations 12 * that are not supported by the rest of the library and indicate a bug when 13 * constructing the value. */ 14static int sign_is_valid( const mbedtls_mpi *X ) 15{ 16 /* Only +1 and -1 are valid sign bits, not e.g. 0 */ 17 if( X->s != 1 && X->s != -1 ) 18 return( 0 ); 19 20 /* The value 0 must be represented with the sign +1. A "negative zero" 21 * with s=-1 is an invalid representation. Forbid that. As an exception, 22 * we sometimes test the robustness of library functions when given 23 * a negative zero input. If a test case has a negative zero as input, 24 * we don't mind if the function has a negative zero output. */ 25 if( ! mbedtls_test_case_uses_negative_0 && 26 mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 ) 27 { 28 return( 0 ); 29 } 30 31 return( 1 ); 32} 33 34typedef struct mbedtls_test_mpi_random 35{ 36 data_t *data; 37 size_t pos; 38 size_t chunk_len; 39} mbedtls_test_mpi_random; 40 41/* 42 * This function is called by the Miller-Rabin primality test each time it 43 * chooses a random witness. The witnesses (or non-witnesses as provided by the 44 * test) are stored in the data member of the state structure. Each number is in 45 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 46 */ 47int mbedtls_test_mpi_miller_rabin_determinizer( void* state, 48 unsigned char* buf, 49 size_t len ) 50{ 51 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state; 52 53 if( random == NULL || random->data->x == NULL || buf == NULL ) 54 return( -1 ); 55 56 if( random->pos + random->chunk_len > random->data->len 57 || random->chunk_len > len ) 58 { 59 return( -1 ); 60 } 61 62 memset( buf, 0, len ); 63 64 /* The witness is written to the end of the buffer, since the buffer is 65 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 66 * Writing the witness to the start of the buffer would result in the 67 * buffer being 'witness 000...000', which would be treated as 68 * witness * 2^n for some n. */ 69 memcpy( buf + len - random->chunk_len, &random->data->x[random->pos], 70 random->chunk_len ); 71 72 random->pos += random->chunk_len; 73 74 return( 0 ); 75} 76 77/* Random generator that is told how many bytes to return. */ 78static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len ) 79{ 80 size_t *bytes_left = state; 81 size_t i; 82 for( i = 0; i < len; i++ ) 83 { 84 if( *bytes_left == 0 ) 85 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 86 buf[i] = *bytes_left & 0xff; 87 --( *bytes_left ); 88 } 89 return( 0 ); 90} 91 92/* Test whether bytes represents (in big-endian base 256) a number b that 93 * is significantly above a power of 2. That is, b must not have a long run 94 * of unset bits after the most significant bit. 95 * 96 * Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}. 97 * This function returns 1 if, when drawing a number between 0 and b, 98 * the probability that this number is at least 2^n is not negligible. 99 * This probability is (b - 2^n) / b and this function checks that this 100 * number is above some threshold A. The threshold value is heuristic and 101 * based on the needs of mpi_random_many(). 102 */ 103static int is_significantly_above_a_power_of_2( data_t *bytes ) 104{ 105 const uint8_t *p = bytes->x; 106 size_t len = bytes->len; 107 unsigned x; 108 109 /* Skip leading null bytes */ 110 while( len > 0 && p[0] == 0 ) 111 { 112 ++p; 113 --len; 114 } 115 /* 0 is not significantly above a power of 2 */ 116 if( len == 0 ) 117 return( 0 ); 118 /* Extract the (up to) 2 most significant bytes */ 119 if( len == 1 ) 120 x = p[0]; 121 else 122 x = ( p[0] << 8 ) | p[1]; 123 124 /* Shift the most significant bit of x to position 8 and mask it out */ 125 while( ( x & 0xfe00 ) != 0 ) 126 x >>= 1; 127 x &= 0x00ff; 128 129 /* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above 130 * a power of 2 iff x is significantly above 0 compared to 2^8. 131 * Testing x >= 2^4 amounts to picking A = 1/16 in the function 132 * description above. */ 133 return( x >= 0x10 ); 134} 135 136/* END_HEADER */ 137 138/* BEGIN_DEPENDENCIES 139 * depends_on:MBEDTLS_BIGNUM_C 140 * END_DEPENDENCIES 141 */ 142 143/* BEGIN_CASE */ 144void mpi_null( ) 145{ 146 mbedtls_mpi X, Y, Z; 147 148 mbedtls_mpi_init( &X ); 149 mbedtls_mpi_init( &Y ); 150 mbedtls_mpi_init( &Z ); 151 152 TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 ); 153 TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 ); 154 TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == 0 ); 155 TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 ); 156 157exit: 158 mbedtls_mpi_free( &X ); 159} 160/* END_CASE */ 161 162/* BEGIN_CASE */ 163void mpi_read_write_string( int radix_X, char * input_X, int radix_A, 164 char * input_A, int output_size, int result_read, 165 int result_write ) 166{ 167 mbedtls_mpi X; 168 char str[1000]; 169 size_t len; 170 171 mbedtls_mpi_init( &X ); 172 173 memset( str, '!', sizeof( str ) ); 174 175 TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); 176 if( result_read == 0 ) 177 { 178 TEST_ASSERT( sign_is_valid( &X ) ); 179 TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write ); 180 if( result_write == 0 ) 181 { 182 TEST_ASSERT( strcasecmp( str, input_A ) == 0 ); 183 TEST_ASSERT( str[len] == '!' ); 184 } 185 } 186 187exit: 188 mbedtls_mpi_free( &X ); 189} 190/* END_CASE */ 191 192/* BEGIN_CASE */ 193void mpi_read_binary( data_t * buf, char * input_A ) 194{ 195 mbedtls_mpi X; 196 char str[1000]; 197 size_t len; 198 199 mbedtls_mpi_init( &X ); 200 201 202 TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 ); 203 TEST_ASSERT( sign_is_valid( &X ) ); 204 TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 ); 205 TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 ); 206 207exit: 208 mbedtls_mpi_free( &X ); 209} 210/* END_CASE */ 211 212/* BEGIN_CASE */ 213void mpi_read_binary_le( data_t * buf, char * input_A ) 214{ 215 mbedtls_mpi X; 216 char str[1000]; 217 size_t len; 218 219 mbedtls_mpi_init( &X ); 220 221 222 TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 ); 223 TEST_ASSERT( sign_is_valid( &X ) ); 224 TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 ); 225 TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 ); 226 227exit: 228 mbedtls_mpi_free( &X ); 229} 230/* END_CASE */ 231 232/* BEGIN_CASE */ 233void mpi_write_binary( char * input_X, data_t * input_A, 234 int output_size, int result ) 235{ 236 mbedtls_mpi X; 237 unsigned char buf[1000]; 238 size_t buflen; 239 240 memset( buf, 0x00, 1000 ); 241 242 mbedtls_mpi_init( &X ); 243 244 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 245 246 buflen = mbedtls_mpi_size( &X ); 247 if( buflen > (size_t) output_size ) 248 buflen = (size_t) output_size; 249 250 TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result ); 251 if( result == 0) 252 { 253 254 TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, 255 buflen, input_A->len ) == 0 ); 256 } 257 258exit: 259 mbedtls_mpi_free( &X ); 260} 261/* END_CASE */ 262 263/* BEGIN_CASE */ 264void mpi_write_binary_le( char * input_X, data_t * input_A, 265 int output_size, int result ) 266{ 267 mbedtls_mpi X; 268 unsigned char buf[1000]; 269 size_t buflen; 270 271 memset( buf, 0x00, 1000 ); 272 273 mbedtls_mpi_init( &X ); 274 275 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 276 277 buflen = mbedtls_mpi_size( &X ); 278 if( buflen > (size_t) output_size ) 279 buflen = (size_t) output_size; 280 281 TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result ); 282 if( result == 0) 283 { 284 285 TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, 286 buflen, input_A->len ) == 0 ); 287 } 288 289exit: 290 mbedtls_mpi_free( &X ); 291} 292/* END_CASE */ 293 294/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 295void mpi_read_file( char * input_file, data_t * input_A, int result ) 296{ 297 mbedtls_mpi X; 298 unsigned char buf[1000]; 299 size_t buflen; 300 FILE *file; 301 int ret; 302 303 memset( buf, 0x00, 1000 ); 304 305 mbedtls_mpi_init( &X ); 306 307 file = fopen( input_file, "r" ); 308 TEST_ASSERT( file != NULL ); 309 ret = mbedtls_mpi_read_file( &X, 16, file ); 310 fclose(file); 311 TEST_ASSERT( ret == result ); 312 313 if( result == 0 ) 314 { 315 TEST_ASSERT( sign_is_valid( &X ) ); 316 buflen = mbedtls_mpi_size( &X ); 317 TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); 318 319 320 TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, 321 buflen, input_A->len ) == 0 ); 322 } 323 324exit: 325 mbedtls_mpi_free( &X ); 326} 327/* END_CASE */ 328 329/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 330void mpi_write_file( char * input_X, char * output_file ) 331{ 332 mbedtls_mpi X, Y; 333 FILE *file_out, *file_in; 334 int ret; 335 336 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 337 338 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 339 340 file_out = fopen( output_file, "w" ); 341 TEST_ASSERT( file_out != NULL ); 342 ret = mbedtls_mpi_write_file( NULL, &X, 16, file_out ); 343 fclose(file_out); 344 TEST_ASSERT( ret == 0 ); 345 346 file_in = fopen( output_file, "r" ); 347 TEST_ASSERT( file_in != NULL ); 348 ret = mbedtls_mpi_read_file( &Y, 16, file_in ); 349 fclose(file_in); 350 TEST_ASSERT( ret == 0 ); 351 352 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); 353 354exit: 355 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 356} 357/* END_CASE */ 358 359/* BEGIN_CASE */ 360void mpi_get_bit( char * input_X, int pos, int val ) 361{ 362 mbedtls_mpi X; 363 mbedtls_mpi_init( &X ); 364 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 365 TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val ); 366 367exit: 368 mbedtls_mpi_free( &X ); 369} 370/* END_CASE */ 371 372/* BEGIN_CASE */ 373void mpi_set_bit( char * input_X, int pos, int val, 374 char * output_Y, int result ) 375{ 376 mbedtls_mpi X, Y; 377 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 378 379 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 380 TEST_ASSERT( mbedtls_test_read_mpi( &Y, output_Y ) == 0 ); 381 TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result ); 382 383 if( result == 0 ) 384 { 385 TEST_ASSERT( sign_is_valid( &X ) ); 386 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); 387 } 388 389exit: 390 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 391} 392/* END_CASE */ 393 394/* BEGIN_CASE */ 395void mpi_lsb( char * input_X, int nr_bits ) 396{ 397 mbedtls_mpi X; 398 mbedtls_mpi_init( &X ); 399 400 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 401 TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits ); 402 403exit: 404 mbedtls_mpi_free( &X ); 405} 406/* END_CASE */ 407 408/* BEGIN_CASE */ 409void mpi_bitlen( char * input_X, int nr_bits ) 410{ 411 mbedtls_mpi X; 412 mbedtls_mpi_init( &X ); 413 414 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 415 TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits ); 416 417exit: 418 mbedtls_mpi_free( &X ); 419} 420/* END_CASE */ 421 422/* BEGIN_CASE */ 423void mpi_gcd( char * input_X, char * input_Y, 424 char * input_A ) 425{ 426 mbedtls_mpi A, X, Y, Z; 427 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); 428 429 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 430 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 431 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 432 TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 ); 433 TEST_ASSERT( sign_is_valid( &Z ) ); 434 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 435 436exit: 437 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); 438} 439/* END_CASE */ 440 441/* BEGIN_CASE */ 442void mpi_cmp_int( int input_X, int input_A, int result_CMP ) 443{ 444 mbedtls_mpi X; 445 mbedtls_mpi_init( &X ); 446 447 TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0); 448 TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_A ) == result_CMP); 449 450exit: 451 mbedtls_mpi_free( &X ); 452} 453/* END_CASE */ 454 455/* BEGIN_CASE */ 456void mpi_cmp_mpi( char * input_X, char * input_Y, 457 int input_A ) 458{ 459 mbedtls_mpi X, Y; 460 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 461 462 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 463 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 464 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A ); 465 466exit: 467 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 468} 469/* END_CASE */ 470 471/* BEGIN_CASE */ 472void mpi_lt_mpi_ct( int size_X, char * input_X, 473 int size_Y, char * input_Y, 474 int input_ret, int input_err ) 475{ 476 unsigned ret = -1; 477 unsigned input_uret = input_ret; 478 mbedtls_mpi X, Y; 479 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 480 481 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 482 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 483 484 TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 ); 485 TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 ); 486 487 TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err ); 488 if( input_err == 0 ) 489 TEST_ASSERT( ret == input_uret ); 490 491exit: 492 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 493} 494/* END_CASE */ 495 496/* BEGIN_CASE */ 497void mpi_cmp_abs( char * input_X, char * input_Y, 498 int input_A ) 499{ 500 mbedtls_mpi X, Y; 501 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 502 503 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 504 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 505 TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A ); 506 507exit: 508 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 509} 510/* END_CASE */ 511 512/* BEGIN_CASE */ 513void mpi_copy( char *src_hex, char *dst_hex ) 514{ 515 mbedtls_mpi src, dst, ref; 516 mbedtls_mpi_init( &src ); 517 mbedtls_mpi_init( &dst ); 518 mbedtls_mpi_init( &ref ); 519 520 TEST_ASSERT( mbedtls_test_read_mpi( &src, src_hex ) == 0 ); 521 TEST_ASSERT( mbedtls_test_read_mpi( &ref, dst_hex ) == 0 ); 522 523 /* mbedtls_mpi_copy() */ 524 TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 ); 525 TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 ); 526 TEST_ASSERT( sign_is_valid( &dst ) ); 527 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); 528 529 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 530 mbedtls_mpi_free( &dst ); 531 TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 ); 532 TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 ); 533 TEST_ASSERT( sign_is_valid( &dst ) ); 534 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); 535 536 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 537 mbedtls_mpi_free( &dst ); 538 TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 ); 539 TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 ); 540 TEST_ASSERT( sign_is_valid( &dst ) ); 541 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 ); 542 543exit: 544 mbedtls_mpi_free( &src ); 545 mbedtls_mpi_free( &dst ); 546 mbedtls_mpi_free( &ref ); 547} 548/* END_CASE */ 549 550/* BEGIN_CASE */ 551void mpi_copy_self( char *input_X ) 552{ 553 mbedtls_mpi X, A; 554 mbedtls_mpi_init( &A ); 555 mbedtls_mpi_init( &X ); 556 557 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 558 TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 ); 559 560 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_X ) == 0 ); 561 TEST_ASSERT( sign_is_valid( &X ) ); 562 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 563 564exit: 565 mbedtls_mpi_free( &A ); 566 mbedtls_mpi_free( &X ); 567} 568/* END_CASE */ 569 570/* BEGIN_CASE */ 571void mpi_swap( char *X_hex, char *Y_hex ) 572{ 573 mbedtls_mpi X, Y, X0, Y0; 574 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 575 mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 ); 576 577 TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 ); 578 TEST_ASSERT( mbedtls_test_read_mpi( &Y0, Y_hex ) == 0 ); 579 580 /* mbedtls_mpi_swap() */ 581 TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 ); 582 TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 ); 583 mbedtls_mpi_swap( &X, &Y ); 584 TEST_ASSERT( sign_is_valid( &X ) ); 585 TEST_ASSERT( sign_is_valid( &Y ) ); 586 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); 587 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); 588 589 /* mbedtls_mpi_safe_cond_swap(), swap done */ 590 mbedtls_mpi_free( &X ); 591 mbedtls_mpi_free( &Y ); 592 TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 ); 593 TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 ); 594 TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 ); 595 TEST_ASSERT( sign_is_valid( &X ) ); 596 TEST_ASSERT( sign_is_valid( &Y ) ); 597 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); 598 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); 599 600 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 601 mbedtls_mpi_free( &X ); 602 mbedtls_mpi_free( &Y ); 603 TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 ); 604 TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 ); 605 TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 ); 606 TEST_ASSERT( sign_is_valid( &X ) ); 607 TEST_ASSERT( sign_is_valid( &Y ) ); 608 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); 609 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 ); 610 611exit: 612 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 613 mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 ); 614} 615/* END_CASE */ 616 617/* BEGIN_CASE */ 618void mpi_swap_self( char *X_hex ) 619{ 620 mbedtls_mpi X, X0; 621 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 ); 622 623 TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 ); 624 TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 ); 625 626 mbedtls_mpi_swap( &X, &X ); 627 TEST_ASSERT( sign_is_valid( &X ) ); 628 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); 629 630exit: 631 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 ); 632} 633/* END_CASE */ 634 635/* BEGIN_CASE */ 636void mpi_shrink( int before, int used, int min, int after ) 637{ 638 mbedtls_mpi X; 639 mbedtls_mpi_init( &X ); 640 641 TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 ); 642 if( used > 0 ) 643 { 644 size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint ); 645 TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 ); 646 } 647 TEST_EQUAL( X.n, (size_t) before ); 648 TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 ); 649 TEST_EQUAL( X.n, (size_t) after ); 650 651exit: 652 mbedtls_mpi_free( &X ); 653} 654/* END_CASE */ 655 656/* BEGIN_CASE */ 657void mpi_add_mpi( char * input_X, char * input_Y, 658 char * input_A ) 659{ 660 mbedtls_mpi X, Y, Z, A; 661 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 662 663 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 664 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 665 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 666 TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 ); 667 TEST_ASSERT( sign_is_valid( &Z ) ); 668 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 669 670 /* result == first operand */ 671 TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 ); 672 TEST_ASSERT( sign_is_valid( &X ) ); 673 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 674 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 675 676 /* result == second operand */ 677 TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 ); 678 TEST_ASSERT( sign_is_valid( &Y ) ); 679 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 680 681exit: 682 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 683} 684/* END_CASE */ 685 686/* BEGIN_CASE */ 687void mpi_add_mpi_inplace( char * input_X, char * input_A ) 688{ 689 mbedtls_mpi X, A; 690 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); 691 692 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 693 694 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 695 TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 ); 696 TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 ); 697 TEST_ASSERT( sign_is_valid( &X ) ); 698 699 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 700 TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 ); 701 TEST_ASSERT( sign_is_valid( &X ) ); 702 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 703 704 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 705 TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); 706 TEST_ASSERT( sign_is_valid( &X ) ); 707 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 708 709exit: 710 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); 711} 712/* END_CASE */ 713 714 715/* BEGIN_CASE */ 716void mpi_add_abs( char * input_X, char * input_Y, 717 char * input_A ) 718{ 719 mbedtls_mpi X, Y, Z, A; 720 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 721 722 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 723 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 724 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 725 TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 ); 726 TEST_ASSERT( sign_is_valid( &Z ) ); 727 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 728 729 /* result == first operand */ 730 TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 ); 731 TEST_ASSERT( sign_is_valid( &X ) ); 732 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 733 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 734 735 /* result == second operand */ 736 TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 ); 737 TEST_ASSERT( sign_is_valid( &Y ) ); 738 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 739 740exit: 741 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 742} 743/* END_CASE */ 744 745/* BEGIN_CASE */ 746void mpi_add_int( char * input_X, int input_Y, 747 char * input_A ) 748{ 749 mbedtls_mpi X, Z, A; 750 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 751 752 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 753 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 754 TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 ); 755 TEST_ASSERT( sign_is_valid( &Z ) ); 756 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 757 758exit: 759 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 760} 761/* END_CASE */ 762 763/* BEGIN_CASE */ 764void mpi_sub_mpi( char * input_X, char * input_Y, 765 char * input_A ) 766{ 767 mbedtls_mpi X, Y, Z, A; 768 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 769 770 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 771 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 772 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 773 TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 ); 774 TEST_ASSERT( sign_is_valid( &Z ) ); 775 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 776 777 /* result == first operand */ 778 TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 ); 779 TEST_ASSERT( sign_is_valid( &X ) ); 780 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 781 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 782 783 /* result == second operand */ 784 TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 ); 785 TEST_ASSERT( sign_is_valid( &Y ) ); 786 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 787 788exit: 789 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 790} 791/* END_CASE */ 792 793/* BEGIN_CASE */ 794void mpi_sub_abs( char * input_X, char * input_Y, 795 char * input_A, int sub_result ) 796{ 797 mbedtls_mpi X, Y, Z, A; 798 int res; 799 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 800 801 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 802 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 803 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 804 805 res = mbedtls_mpi_sub_abs( &Z, &X, &Y ); 806 TEST_ASSERT( res == sub_result ); 807 TEST_ASSERT( sign_is_valid( &Z ) ); 808 if( res == 0 ) 809 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 810 811 /* result == first operand */ 812 TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result ); 813 TEST_ASSERT( sign_is_valid( &X ) ); 814 if( sub_result == 0 ) 815 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 816 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 817 818 /* result == second operand */ 819 TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result ); 820 TEST_ASSERT( sign_is_valid( &Y ) ); 821 if( sub_result == 0 ) 822 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 823 824exit: 825 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 826} 827/* END_CASE */ 828 829/* BEGIN_CASE */ 830void mpi_sub_int( char * input_X, int input_Y, 831 char * input_A ) 832{ 833 mbedtls_mpi X, Z, A; 834 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 835 836 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 837 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 838 TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 ); 839 TEST_ASSERT( sign_is_valid( &Z ) ); 840 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 841 842exit: 843 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 844} 845/* END_CASE */ 846 847/* BEGIN_CASE */ 848void mpi_mul_mpi( char * input_X, char * input_Y, 849 char * input_A ) 850{ 851 mbedtls_mpi X, Y, Z, A; 852 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 853 854 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 855 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 856 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 857 TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 ); 858 TEST_ASSERT( sign_is_valid( &Z ) ); 859 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 860 861exit: 862 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 863} 864/* END_CASE */ 865 866/* BEGIN_CASE */ 867void mpi_mul_int( char * input_X, int input_Y, 868 char * input_A, char * result_comparison ) 869{ 870 mbedtls_mpi X, Z, A; 871 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 872 873 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 874 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 875 TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 ); 876 TEST_ASSERT( sign_is_valid( &Z ) ); 877 if( strcmp( result_comparison, "==" ) == 0 ) 878 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 879 else if( strcmp( result_comparison, "!=" ) == 0 ) 880 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) != 0 ); 881 else 882 TEST_ASSERT( "unknown operator" == 0 ); 883 884exit: 885 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 886} 887/* END_CASE */ 888 889/* BEGIN_CASE */ 890void mpi_div_mpi( char * input_X, char * input_Y, 891 char * input_A, char * input_B, 892 int div_result ) 893{ 894 mbedtls_mpi X, Y, Q, R, A, B; 895 int res; 896 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); 897 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B ); 898 899 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 900 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 901 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 902 TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 ); 903 res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y ); 904 TEST_ASSERT( res == div_result ); 905 if( res == 0 ) 906 { 907 TEST_ASSERT( sign_is_valid( &Q ) ); 908 TEST_ASSERT( sign_is_valid( &R ) ); 909 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 ); 910 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 ); 911 } 912 913exit: 914 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); 915 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &B ); 916} 917/* END_CASE */ 918 919/* BEGIN_CASE */ 920void mpi_div_int( char * input_X, int input_Y, 921 char * input_A, char * input_B, 922 int div_result ) 923{ 924 mbedtls_mpi X, Q, R, A, B; 925 int res; 926 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A ); 927 mbedtls_mpi_init( &B ); 928 929 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 930 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 931 TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 ); 932 res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y ); 933 TEST_ASSERT( res == div_result ); 934 if( res == 0 ) 935 { 936 TEST_ASSERT( sign_is_valid( &Q ) ); 937 TEST_ASSERT( sign_is_valid( &R ) ); 938 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 ); 939 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 ); 940 } 941 942exit: 943 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &A ); 944 mbedtls_mpi_free( &B ); 945} 946/* END_CASE */ 947 948/* BEGIN_CASE */ 949void mpi_mod_mpi( char * input_X, char * input_Y, 950 char * input_A, int div_result ) 951{ 952 mbedtls_mpi X, Y, A; 953 int res; 954 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A ); 955 956 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 957 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 958 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 959 res = mbedtls_mpi_mod_mpi( &X, &X, &Y ); 960 TEST_ASSERT( res == div_result ); 961 if( res == 0 ) 962 { 963 TEST_ASSERT( sign_is_valid( &X ) ); 964 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 965 } 966 967exit: 968 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A ); 969} 970/* END_CASE */ 971 972/* BEGIN_CASE */ 973void mpi_mod_int( char * input_X, char * input_Y, 974 char * input_A, int mod_result ) 975{ 976 mbedtls_mpi X; 977 mbedtls_mpi Y; 978 mbedtls_mpi A; 979 int res; 980 mbedtls_mpi_uint r; 981 982 mbedtls_mpi_init( &X ); 983 mbedtls_mpi_init( &Y ); 984 mbedtls_mpi_init( &A ); 985 986 /* We use MPIs to read Y and A since the test framework limits us to 987 * ints, so we can't have 64-bit values */ 988 TEST_EQUAL( mbedtls_test_read_mpi( &X, input_X ), 0 ); 989 TEST_EQUAL( mbedtls_test_read_mpi( &Y, input_Y ), 0 ); 990 TEST_EQUAL( mbedtls_test_read_mpi( &A, input_A ), 0 ); 991 992 TEST_EQUAL( Y.n, 1 ); 993 TEST_EQUAL( A.n, 1 ); 994 995 /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */ 996 997 /* Since we're converting sign+magnitude to two's complement, we lose one 998 * bit of value in the output. This means there are some values we can't 999 * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically 1000 * invalid test cases, so could be considered "won't happen", but they are 1001 * easy to test for, and this helps guard against human error. */ 1002 1003 mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0]; 1004 TEST_ASSERT( y >= 0 ); /* If y < 0 here, we can't make negative y */ 1005 if( Y.s == -1 ) 1006 y = -y; 1007 1008 mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0]; 1009 TEST_ASSERT( a >= 0 ); /* Same goes for a */ 1010 if( A.s == -1 ) 1011 a = -a; 1012 1013 res = mbedtls_mpi_mod_int( &r, &X, y ); 1014 TEST_EQUAL( res, mod_result ); 1015 if( res == 0 ) 1016 { 1017 TEST_EQUAL( r, a ); 1018 } 1019 1020exit: 1021 mbedtls_mpi_free( &X ); 1022 mbedtls_mpi_free( &Y ); 1023 mbedtls_mpi_free( &A ); 1024} 1025/* END_CASE */ 1026 1027/* BEGIN_CASE */ 1028void mpi_exp_mod( char * input_A, char * input_E, 1029 char * input_N, char * input_X, 1030 int exp_result ) 1031{ 1032 mbedtls_mpi A, E, N, RR, Z, X; 1033 int res; 1034 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); 1035 mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X ); 1036 1037 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 1038 TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 ); 1039 TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 ); 1040 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 1041 1042 res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL ); 1043 TEST_ASSERT( res == exp_result ); 1044 if( res == 0 ) 1045 { 1046 TEST_ASSERT( sign_is_valid( &Z ) ); 1047 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); 1048 } 1049 1050 /* Now test again with the speed-up parameter supplied as an output. */ 1051 res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); 1052 TEST_ASSERT( res == exp_result ); 1053 if( res == 0 ) 1054 { 1055 TEST_ASSERT( sign_is_valid( &Z ) ); 1056 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); 1057 } 1058 1059 /* Now test again with the speed-up parameter supplied in calculated form. */ 1060 res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); 1061 TEST_ASSERT( res == exp_result ); 1062 if( res == 0 ) 1063 { 1064 TEST_ASSERT( sign_is_valid( &Z ) ); 1065 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); 1066 } 1067 1068exit: 1069 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); 1070 mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &X ); 1071} 1072/* END_CASE */ 1073 1074/* BEGIN_CASE */ 1075void mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes, 1076 char * input_RR, int exp_result ) 1077{ 1078 mbedtls_mpi A, E, N, RR, Z; 1079 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); 1080 mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); 1081 1082 /* Set A to 2^(A_bytes - 1) + 1 */ 1083 TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 ); 1084 TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 ); 1085 TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 ); 1086 1087 /* Set E to 2^(E_bytes - 1) + 1 */ 1088 TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 ); 1089 TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 ); 1090 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 ); 1091 1092 /* Set N to 2^(N_bytes - 1) + 1 */ 1093 TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 ); 1094 TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 ); 1095 TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 ); 1096 1097 if( strlen( input_RR ) ) 1098 TEST_ASSERT( mbedtls_test_read_mpi( &RR, input_RR ) == 0 ); 1099 1100 TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result ); 1101 1102exit: 1103 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); 1104 mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); 1105} 1106/* END_CASE */ 1107 1108/* BEGIN_CASE */ 1109void mpi_inv_mod( char * input_X, char * input_Y, 1110 char * input_A, int div_result ) 1111{ 1112 mbedtls_mpi X, Y, Z, A; 1113 int res; 1114 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 1115 1116 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 1117 TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 ); 1118 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 1119 res = mbedtls_mpi_inv_mod( &Z, &X, &Y ); 1120 TEST_ASSERT( res == div_result ); 1121 if( res == 0 ) 1122 { 1123 TEST_ASSERT( sign_is_valid( &Z ) ); 1124 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 1125 } 1126 1127exit: 1128 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 1129} 1130/* END_CASE */ 1131 1132/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1133void mpi_is_prime( char * input_X, int div_result ) 1134{ 1135 mbedtls_mpi X; 1136 int res; 1137 mbedtls_mpi_init( &X ); 1138 1139 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 1140 res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ); 1141 TEST_ASSERT( res == div_result ); 1142 1143exit: 1144 mbedtls_mpi_free( &X ); 1145} 1146/* END_CASE */ 1147 1148/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1149void mpi_is_prime_det( data_t * input_X, data_t * witnesses, 1150 int chunk_len, int rounds ) 1151{ 1152 mbedtls_mpi X; 1153 int res; 1154 mbedtls_test_mpi_random rand; 1155 1156 mbedtls_mpi_init( &X ); 1157 rand.data = witnesses; 1158 rand.pos = 0; 1159 rand.chunk_len = chunk_len; 1160 1161 TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); 1162 res = mbedtls_mpi_is_prime_ext( &X, rounds - 1, 1163 mbedtls_test_mpi_miller_rabin_determinizer, 1164 &rand ); 1165 TEST_ASSERT( res == 0 ); 1166 1167 rand.data = witnesses; 1168 rand.pos = 0; 1169 rand.chunk_len = chunk_len; 1170 1171 res = mbedtls_mpi_is_prime_ext( &X, rounds, 1172 mbedtls_test_mpi_miller_rabin_determinizer, 1173 &rand ); 1174 TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); 1175 1176exit: 1177 mbedtls_mpi_free( &X ); 1178} 1179/* END_CASE */ 1180 1181/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1182void mpi_gen_prime( int bits, int flags, int ref_ret ) 1183{ 1184 mbedtls_mpi X; 1185 int my_ret; 1186 1187 mbedtls_mpi_init( &X ); 1188 1189 my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, 1190 mbedtls_test_rnd_std_rand, NULL ); 1191 TEST_ASSERT( my_ret == ref_ret ); 1192 1193 if( ref_ret == 0 ) 1194 { 1195 size_t actual_bits = mbedtls_mpi_bitlen( &X ); 1196 1197 TEST_ASSERT( actual_bits >= (size_t) bits ); 1198 TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); 1199 TEST_ASSERT( sign_is_valid( &X ) ); 1200 1201 TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, 1202 mbedtls_test_rnd_std_rand, 1203 NULL ) == 0 ); 1204 if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) 1205 { 1206 /* X = ( X - 1 ) / 2 */ 1207 TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); 1208 TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, 1209 mbedtls_test_rnd_std_rand, 1210 NULL ) == 0 ); 1211 } 1212 } 1213 1214exit: 1215 mbedtls_mpi_free( &X ); 1216} 1217/* END_CASE */ 1218 1219/* BEGIN_CASE */ 1220void mpi_shift_l( char * input_X, int shift_X, 1221 char * input_A ) 1222{ 1223 mbedtls_mpi X, A; 1224 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); 1225 1226 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 1227 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 1228 TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 ); 1229 TEST_ASSERT( sign_is_valid( &X ) ); 1230 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 1231 1232exit: 1233 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); 1234} 1235/* END_CASE */ 1236 1237/* BEGIN_CASE */ 1238void mpi_shift_r( char * input_X, int shift_X, 1239 char * input_A ) 1240{ 1241 mbedtls_mpi X, A; 1242 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); 1243 1244 TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 ); 1245 TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 ); 1246 TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 ); 1247 TEST_ASSERT( sign_is_valid( &X ) ); 1248 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 1249 1250exit: 1251 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); 1252} 1253/* END_CASE */ 1254 1255/* BEGIN_CASE */ 1256void mpi_fill_random( int wanted_bytes, int rng_bytes, 1257 int before, int expected_ret ) 1258{ 1259 mbedtls_mpi X; 1260 int ret; 1261 size_t bytes_left = rng_bytes; 1262 mbedtls_mpi_init( &X ); 1263 1264 if( before != 0 ) 1265 { 1266 /* Set X to sign(before) * 2^(|before|-1) */ 1267 TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 ); 1268 if( before < 0 ) 1269 before = - before; 1270 TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 ); 1271 } 1272 1273 ret = mbedtls_mpi_fill_random( &X, wanted_bytes, 1274 f_rng_bytes_left, &bytes_left ); 1275 TEST_ASSERT( ret == expected_ret ); 1276 1277 if( expected_ret == 0 ) 1278 { 1279 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1280 * as a big-endian representation of the number. We know when 1281 * our RNG function returns null bytes, so we know how many 1282 * leading zero bytes the number has. */ 1283 size_t leading_zeros = 0; 1284 if( wanted_bytes > 0 && rng_bytes % 256 == 0 ) 1285 leading_zeros = 1; 1286 TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros == 1287 (size_t) wanted_bytes ); 1288 TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes ); 1289 TEST_ASSERT( sign_is_valid( &X ) ); 1290 } 1291 1292exit: 1293 mbedtls_mpi_free( &X ); 1294} 1295/* END_CASE */ 1296 1297/* BEGIN_CASE */ 1298void mpi_random_many( int min, data_t *bound_bytes, int iterations ) 1299{ 1300 /* Generate numbers in the range 1..bound-1. Do it iterations times. 1301 * This function assumes that the value of bound is at least 2 and 1302 * that iterations is large enough that a one-in-2^iterations chance 1303 * effectively never occurs. 1304 */ 1305 1306 mbedtls_mpi upper_bound; 1307 size_t n_bits; 1308 mbedtls_mpi result; 1309 size_t b; 1310 /* If upper_bound is small, stats[b] is the number of times the value b 1311 * has been generated. Otherwise stats[b] is the number of times a 1312 * value with bit b set has been generated. */ 1313 size_t *stats = NULL; 1314 size_t stats_len; 1315 int full_stats; 1316 size_t i; 1317 1318 mbedtls_mpi_init( &upper_bound ); 1319 mbedtls_mpi_init( &result ); 1320 1321 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound, 1322 bound_bytes->x, bound_bytes->len ) ); 1323 n_bits = mbedtls_mpi_bitlen( &upper_bound ); 1324 /* Consider a bound "small" if it's less than 2^5. This value is chosen 1325 * to be small enough that the probability of missing one value is 1326 * negligible given the number of iterations. It must be less than 1327 * 256 because some of the code below assumes that "small" values 1328 * fit in a byte. */ 1329 if( n_bits <= 5 ) 1330 { 1331 full_stats = 1; 1332 stats_len = bound_bytes->x[bound_bytes->len - 1]; 1333 } 1334 else 1335 { 1336 full_stats = 0; 1337 stats_len = n_bits; 1338 } 1339 ASSERT_ALLOC( stats, stats_len ); 1340 1341 for( i = 0; i < (size_t) iterations; i++ ) 1342 { 1343 mbedtls_test_set_step( i ); 1344 TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound, 1345 mbedtls_test_rnd_std_rand, NULL ) ); 1346 1347 TEST_ASSERT( sign_is_valid( &result ) ); 1348 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 ); 1349 TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 ); 1350 if( full_stats ) 1351 { 1352 uint8_t value; 1353 TEST_EQUAL( 0, mbedtls_mpi_write_binary( &result, &value, 1 ) ); 1354 TEST_ASSERT( value < stats_len ); 1355 ++stats[value]; 1356 } 1357 else 1358 { 1359 for( b = 0; b < n_bits; b++ ) 1360 stats[b] += mbedtls_mpi_get_bit( &result, b ); 1361 } 1362 } 1363 1364 if( full_stats ) 1365 { 1366 for( b = min; b < stats_len; b++ ) 1367 { 1368 mbedtls_test_set_step( 1000000 + b ); 1369 /* Assert that each value has been reached at least once. 1370 * This is almost guaranteed if the iteration count is large 1371 * enough. This is a very crude way of checking the distribution. 1372 */ 1373 TEST_ASSERT( stats[b] > 0 ); 1374 } 1375 } 1376 else 1377 { 1378 int statistically_safe_all_the_way = 1379 is_significantly_above_a_power_of_2( bound_bytes ); 1380 for( b = 0; b < n_bits; b++ ) 1381 { 1382 mbedtls_test_set_step( 1000000 + b ); 1383 /* Assert that each bit has been set in at least one result and 1384 * clear in at least one result. Provided that iterations is not 1385 * too small, it would be extremely unlikely for this not to be 1386 * the case if the results are uniformly distributed. 1387 * 1388 * As an exception, the top bit may legitimately never be set 1389 * if bound is a power of 2 or only slightly above. 1390 */ 1391 if( statistically_safe_all_the_way || b != n_bits - 1 ) 1392 { 1393 TEST_ASSERT( stats[b] > 0 ); 1394 } 1395 TEST_ASSERT( stats[b] < (size_t) iterations ); 1396 } 1397 } 1398 1399exit: 1400 mbedtls_mpi_free( &upper_bound ); 1401 mbedtls_mpi_free( &result ); 1402 mbedtls_free( stats ); 1403} 1404/* END_CASE */ 1405 1406/* BEGIN_CASE */ 1407void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before ) 1408{ 1409 mbedtls_mpi upper_bound; 1410 mbedtls_mpi result; 1411 1412 mbedtls_mpi_init( &upper_bound ); 1413 mbedtls_mpi_init( &result ); 1414 1415 if( before != 0 ) 1416 { 1417 /* Set result to sign(before) * 2^(|before|-1) */ 1418 TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 ); 1419 if( before < 0 ) 1420 before = - before; 1421 TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 ); 1422 } 1423 1424 TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) ); 1425 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound, 1426 bound_bytes->x, bound_bytes->len ) ); 1427 TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound, 1428 mbedtls_test_rnd_std_rand, NULL ) ); 1429 TEST_ASSERT( sign_is_valid( &result ) ); 1430 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 ); 1431 TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 ); 1432 1433exit: 1434 mbedtls_mpi_free( &upper_bound ); 1435 mbedtls_mpi_free( &result ); 1436} 1437/* END_CASE */ 1438 1439/* BEGIN_CASE */ 1440void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret ) 1441{ 1442 mbedtls_mpi upper_bound; 1443 mbedtls_mpi result; 1444 int actual_ret; 1445 1446 mbedtls_mpi_init( &upper_bound ); 1447 mbedtls_mpi_init( &result ); 1448 1449 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound, 1450 bound_bytes->x, bound_bytes->len ) ); 1451 actual_ret = mbedtls_mpi_random( &result, min, &upper_bound, 1452 mbedtls_test_rnd_std_rand, NULL ); 1453 TEST_EQUAL( expected_ret, actual_ret ); 1454 1455exit: 1456 mbedtls_mpi_free( &upper_bound ); 1457 mbedtls_mpi_free( &result ); 1458} 1459/* END_CASE */ 1460 1461/* BEGIN_CASE */ 1462void most_negative_mpi_sint( ) 1463{ 1464 /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We 1465 * guarantee that mbedtls_mpi_sint is a two's complement type, so this 1466 * is a valid value. However, negating it (`-n`) has undefined behavior 1467 * (although in practice `-n` evaluates to the value n). 1468 * 1469 * This function has ad hoc tests for this value. It's separated from other 1470 * functions because the test framework makes it hard to pass this value 1471 * into test cases. 1472 * 1473 * In the comments here: 1474 * - biL = number of bits in limbs 1475 * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) 1476 * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) 1477 */ 1478 1479 mbedtls_mpi A, R, X; 1480 mbedtls_mpi_init( &A ); 1481 mbedtls_mpi_init( &R ); 1482 mbedtls_mpi_init( &X ); 1483 1484 const size_t biL = 8 * sizeof( mbedtls_mpi_sint ); 1485 mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << ( biL - 1 ); 1486 const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; 1487 const mbedtls_mpi_sint most_negative = - most_positive - 1; 1488 TEST_EQUAL( (mbedtls_mpi_uint) most_negative, 1489 (mbedtls_mpi_uint) 1 << ( biL - 1 ) ); 1490 TEST_EQUAL( (mbedtls_mpi_uint) most_negative << 1, 0 ); 1491 1492 /* Test mbedtls_mpi_lset() */ 1493 TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); 1494 TEST_EQUAL( A.s, -1 ); 1495 TEST_EQUAL( A.n, 1 ); 1496 TEST_EQUAL( A.p[0], most_positive_plus_1 ); 1497 1498 /* Test mbedtls_mpi_cmp_int(): -p == -p */ 1499 TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 0 ); 1500 1501 /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ 1502 A.p[0] = most_positive_plus_1 + 1; 1503 TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), -1 ); 1504 1505 /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ 1506 A.p[0] = most_positive_plus_1 - 1; 1507 TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 1 ); 1508 1509 /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ 1510 TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 ); 1511 TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 ); 1512 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 ); 1513 1514 /* Test mbedtls_mpi_add_int(): (0) + (-p) */ 1515 TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 ); 1516 TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 ); 1517 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, most_negative ), 0 ); 1518 1519 /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ 1520 TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); 1521 TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 ); 1522 TEST_EQUAL( X.s, -1 ); 1523 TEST_EQUAL( X.n, 2 ); 1524 TEST_EQUAL( X.p[0], 0 ); 1525 TEST_EQUAL( X.p[1], 1 ); 1526 1527 /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ 1528 mbedtls_mpi_free( &X ); 1529 TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 ); 1530 TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 ); 1531 TEST_EQUAL( X.s, 1 ); 1532 TEST_EQUAL( X.n, 1 ); 1533 TEST_EQUAL( X.p[0], ~(mbedtls_mpi_uint)0 ); 1534 1535 /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ 1536 TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 ); 1537 TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 ); 1538 TEST_EQUAL( X.s, 1 ); 1539 TEST_EQUAL( X.n, 1 ); 1540 TEST_EQUAL( X.p[0], most_positive_plus_1 ); 1541 1542 /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ 1543 TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); 1544 TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 ); 1545 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 ); 1546 1547 /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ 1548 TEST_EQUAL( mbedtls_mpi_lset( &A, -most_positive ), 0 ); 1549 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1550 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 ); 1551 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 ); 1552 1553 /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ 1554 TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 ); 1555 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1556 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 ); 1557 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); 1558 1559 /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ 1560 TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 ); 1561 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1562 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 2 ), 0 ); 1563 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); 1564 1565 /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ 1566 TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 ); 1567 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1568 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 ); 1569 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 ); 1570 1571 /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ 1572 TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 ); 1573 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1574 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 ); 1575 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, most_positive ), 0 ); 1576 1577 /* Test mbedtls_mpi_div_int(): (p) / (-p) */ 1578 TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 ); 1579 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1580 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 ); 1581 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); 1582 1583 /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ 1584 TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 ); 1585 TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 ); 1586 TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -2 ), 0 ); 1587 TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 ); 1588 1589 /* Test mbedtls_mpi_mod_int(): never valid */ 1590 TEST_EQUAL( mbedtls_mpi_mod_int( X.p, &A, most_negative ), 1591 MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); 1592 1593 /* Test mbedtls_mpi_random(): never valid */ 1594 TEST_EQUAL( mbedtls_mpi_random( &X, most_negative, &A, 1595 mbedtls_test_rnd_std_rand, NULL ), 1596 MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); 1597 1598exit: 1599 mbedtls_mpi_free( &A ); 1600 mbedtls_mpi_free( &R ); 1601 mbedtls_mpi_free( &X ); 1602} 1603/* END_CASE */ 1604 1605/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1606void mpi_selftest( ) 1607{ 1608 TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 ); 1609} 1610/* END_CASE */ 1611