1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/entropy.h" 4 5#if MBEDTLS_MPI_MAX_BITS > 792 6#define MPI_MAX_BITS_LARGER_THAN_792 7#endif 8 9/* Check the validity of the sign bit in an MPI object. Reject representations 10 * that are not supported by the rest of the library and indicate a bug when 11 * constructing the value. */ 12static int sign_is_valid( const mbedtls_mpi *X ) 13{ 14 if( X->s != 1 && X->s != -1 ) 15 return( 0 ); // invalid sign bit, e.g. 0 16 if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 ) 17 return( 0 ); // negative zero 18 return( 1 ); 19} 20 21typedef struct mbedtls_test_mpi_random 22{ 23 data_t *data; 24 size_t pos; 25 size_t chunk_len; 26} mbedtls_test_mpi_random; 27 28/* 29 * This function is called by the Miller-Rabin primality test each time it 30 * chooses a random witness. The witnesses (or non-witnesses as provided by the 31 * test) are stored in the data member of the state structure. Each number is in 32 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 33 */ 34int mbedtls_test_mpi_miller_rabin_determinizer( void* state, 35 unsigned char* buf, 36 size_t len ) 37{ 38 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state; 39 40 if( random == NULL || random->data->x == NULL || buf == NULL ) 41 return( -1 ); 42 43 if( random->pos + random->chunk_len > random->data->len 44 || random->chunk_len > len ) 45 { 46 return( -1 ); 47 } 48 49 memset( buf, 0, len ); 50 51 /* The witness is written to the end of the buffer, since the buffer is 52 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 53 * Writing the witness to the start of the buffer would result in the 54 * buffer being 'witness 000...000', which would be treated as 55 * witness * 2^n for some n. */ 56 memcpy( buf + len - random->chunk_len, &random->data->x[random->pos], 57 random->chunk_len ); 58 59 random->pos += random->chunk_len; 60 61 return( 0 ); 62} 63 64/* Random generator that is told how many bytes to return. */ 65static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len ) 66{ 67 size_t *bytes_left = state; 68 size_t i; 69 for( i = 0; i < len; i++ ) 70 { 71 if( *bytes_left == 0 ) 72 return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); 73 buf[i] = *bytes_left & 0xff; 74 --( *bytes_left ); 75 } 76 return( 0 ); 77} 78 79/* Test whether bytes represents (in big-endian base 256) a number b that 80 * is significantly above a power of 2. That is, b must not have a long run 81 * of unset bits after the most significant bit. 82 * 83 * Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}. 84 * This function returns 1 if, when drawing a number between 0 and b, 85 * the probability that this number is at least 2^n is not negligible. 86 * This probability is (b - 2^n) / b and this function checks that this 87 * number is above some threshold A. The threshold value is heuristic and 88 * based on the needs of mpi_random_many(). 89 */ 90static int is_significantly_above_a_power_of_2( data_t *bytes ) 91{ 92 const uint8_t *p = bytes->x; 93 size_t len = bytes->len; 94 unsigned x; 95 96 /* Skip leading null bytes */ 97 while( len > 0 && p[0] == 0 ) 98 { 99 ++p; 100 --len; 101 } 102 /* 0 is not significantly above a power of 2 */ 103 if( len == 0 ) 104 return( 0 ); 105 /* Extract the (up to) 2 most significant bytes */ 106 if( len == 1 ) 107 x = p[0]; 108 else 109 x = ( p[0] << 8 ) | p[1]; 110 111 /* Shift the most significant bit of x to position 8 and mask it out */ 112 while( ( x & 0xfe00 ) != 0 ) 113 x >>= 1; 114 x &= 0x00ff; 115 116 /* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above 117 * a power of 2 iff x is significantly above 0 compared to 2^8. 118 * Testing x >= 2^4 amounts to picking A = 1/16 in the function 119 * description above. */ 120 return( x >= 0x10 ); 121} 122 123/* END_HEADER */ 124 125/* BEGIN_DEPENDENCIES 126 * depends_on:MBEDTLS_BIGNUM_C 127 * END_DEPENDENCIES 128 */ 129 130/* BEGIN_CASE */ 131void mpi_valid_param( ) 132{ 133 TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) ); 134} 135/* END_CASE */ 136 137/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 138void mpi_invalid_param( ) 139{ 140 mbedtls_mpi X; 141 const char *s_in = "00101000101010"; 142 char s_out[16] = { 0 }; 143 unsigned char u_out[16] = { 0 }; 144 unsigned char u_in[16] = { 0 }; 145 size_t olen; 146 mbedtls_mpi_uint mpi_uint; 147 148 TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) ); 149 150 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 151 mbedtls_mpi_grow( NULL, 42 ) ); 152 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 153 mbedtls_mpi_copy( NULL, &X ) ); 154 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 155 mbedtls_mpi_copy( &X, NULL ) ); 156 157 TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) ); 158 TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) ); 159 160 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 161 mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) ); 162 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 163 mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) ); 164 165 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 166 mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) ); 167 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 168 mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) ); 169 170 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 171 mbedtls_mpi_lset( NULL, 42 ) ); 172 173 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 174 mbedtls_mpi_get_bit( NULL, 42 ) ); 175 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 176 mbedtls_mpi_set_bit( NULL, 42, 0 ) ); 177 178 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 179 mbedtls_mpi_read_string( NULL, 2, s_in ) ); 180 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 181 mbedtls_mpi_read_string( &X, 2, NULL ) ); 182 183 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 184 mbedtls_mpi_write_string( NULL, 2, 185 s_out, sizeof( s_out ), 186 &olen ) ); 187 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 188 mbedtls_mpi_write_string( &X, 2, 189 NULL, sizeof( s_out ), 190 &olen ) ); 191 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 192 mbedtls_mpi_write_string( &X, 2, 193 s_out, sizeof( s_out ), 194 NULL ) ); 195 196#if defined(MBEDTLS_FS_IO) 197 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 198 mbedtls_mpi_read_file( NULL, 2, stdin ) ); 199 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 200 mbedtls_mpi_read_file( &X, 2, NULL ) ); 201 202 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 203 mbedtls_mpi_write_file( "", NULL, 2, NULL ) ); 204#endif /* MBEDTLS_FS_IO */ 205 206 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 207 mbedtls_mpi_read_binary( NULL, u_in, 208 sizeof( u_in ) ) ); 209 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 210 mbedtls_mpi_read_binary( &X, NULL, 211 sizeof( u_in ) ) ); 212 213 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 214 mbedtls_mpi_write_binary( NULL, u_out, 215 sizeof( u_out ) ) ); 216 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 217 mbedtls_mpi_write_binary( &X, NULL, 218 sizeof( u_out ) ) ); 219 220 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 221 mbedtls_mpi_shift_l( NULL, 42 ) ); 222 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 223 mbedtls_mpi_shift_r( NULL, 42 ) ); 224 225 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 226 mbedtls_mpi_cmp_abs( NULL, &X ) ); 227 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 228 mbedtls_mpi_cmp_abs( &X, NULL ) ); 229 230 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 231 mbedtls_mpi_cmp_mpi( NULL, &X ) ); 232 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 233 mbedtls_mpi_cmp_mpi( &X, NULL ) ); 234 235 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 236 mbedtls_mpi_cmp_int( NULL, 42 ) ); 237 238 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 239 mbedtls_mpi_add_abs( NULL, &X, &X ) ); 240 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 241 mbedtls_mpi_add_abs( &X, NULL, &X ) ); 242 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 243 mbedtls_mpi_add_abs( &X, &X, NULL ) ); 244 245 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 246 mbedtls_mpi_sub_abs( NULL, &X, &X ) ); 247 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 248 mbedtls_mpi_sub_abs( &X, NULL, &X ) ); 249 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 250 mbedtls_mpi_sub_abs( &X, &X, NULL ) ); 251 252 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 253 mbedtls_mpi_add_mpi( NULL, &X, &X ) ); 254 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 255 mbedtls_mpi_add_mpi( &X, NULL, &X ) ); 256 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 257 mbedtls_mpi_add_mpi( &X, &X, NULL ) ); 258 259 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 260 mbedtls_mpi_sub_mpi( NULL, &X, &X ) ); 261 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 262 mbedtls_mpi_sub_mpi( &X, NULL, &X ) ); 263 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 264 mbedtls_mpi_sub_mpi( &X, &X, NULL ) ); 265 266 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 267 mbedtls_mpi_add_int( NULL, &X, 42 ) ); 268 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 269 mbedtls_mpi_add_int( &X, NULL, 42 ) ); 270 271 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 272 mbedtls_mpi_sub_int( NULL, &X, 42 ) ); 273 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 274 mbedtls_mpi_sub_int( &X, NULL, 42 ) ); 275 276 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 277 mbedtls_mpi_mul_mpi( NULL, &X, &X ) ); 278 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 279 mbedtls_mpi_mul_mpi( &X, NULL, &X ) ); 280 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 281 mbedtls_mpi_mul_mpi( &X, &X, NULL ) ); 282 283 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 284 mbedtls_mpi_mul_int( NULL, &X, 42 ) ); 285 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 286 mbedtls_mpi_mul_int( &X, NULL, 42 ) ); 287 288 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 289 mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) ); 290 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 291 mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) ); 292 293 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 294 mbedtls_mpi_div_int( &X, &X, NULL, 42 ) ); 295 296 TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) ); 297 298 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 299 mbedtls_mpi_mod_mpi( NULL, &X, &X ) ); 300 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 301 mbedtls_mpi_mod_mpi( &X, NULL, &X ) ); 302 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 303 mbedtls_mpi_mod_mpi( &X, &X, NULL ) ); 304 305 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 306 mbedtls_mpi_mod_int( NULL, &X, 42 ) ); 307 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 308 mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) ); 309 310 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 311 mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) ); 312 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 313 mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) ); 314 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 315 mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) ); 316 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 317 mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); 318 319 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 320 mbedtls_mpi_fill_random( NULL, 42, 321 mbedtls_test_rnd_std_rand, 322 NULL ) ); 323 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 324 mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); 325 326 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 327 mbedtls_mpi_gcd( NULL, &X, &X ) ); 328 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 329 mbedtls_mpi_gcd( &X, NULL, &X ) ); 330 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 331 mbedtls_mpi_gcd( &X, &X, NULL ) ); 332 333 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 334 mbedtls_mpi_inv_mod( NULL, &X, &X ) ); 335 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 336 mbedtls_mpi_inv_mod( &X, NULL, &X ) ); 337 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 338 mbedtls_mpi_inv_mod( &X, &X, NULL ) ); 339 340exit: 341 return; 342} 343/* END_CASE */ 344 345/* BEGIN_CASE */ 346void mpi_null( ) 347{ 348 mbedtls_mpi X, Y, Z; 349 350 mbedtls_mpi_init( &X ); 351 mbedtls_mpi_init( &Y ); 352 mbedtls_mpi_init( &Z ); 353 354 TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 ); 355 TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 ); 356 TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == 0 ); 357 TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 ); 358 359exit: 360 mbedtls_mpi_free( &X ); 361} 362/* END_CASE */ 363 364/* BEGIN_CASE */ 365void mpi_read_write_string( int radix_X, char * input_X, int radix_A, 366 char * input_A, int output_size, int result_read, 367 int result_write ) 368{ 369 mbedtls_mpi X; 370 char str[1000]; 371 size_t len; 372 373 mbedtls_mpi_init( &X ); 374 375 memset( str, '!', sizeof( str ) ); 376 377 TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); 378 if( result_read == 0 ) 379 { 380 TEST_ASSERT( sign_is_valid( &X ) ); 381 TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write ); 382 if( result_write == 0 ) 383 { 384 TEST_ASSERT( strcasecmp( str, input_A ) == 0 ); 385 TEST_ASSERT( str[len] == '!' ); 386 } 387 } 388 389exit: 390 mbedtls_mpi_free( &X ); 391} 392/* END_CASE */ 393 394/* BEGIN_CASE */ 395void mbedtls_mpi_read_binary( data_t * buf, int radix_A, char * input_A ) 396{ 397 mbedtls_mpi X; 398 char str[1000]; 399 size_t len; 400 401 mbedtls_mpi_init( &X ); 402 403 404 TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 ); 405 TEST_ASSERT( sign_is_valid( &X ) ); 406 TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 ); 407 TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 ); 408 409exit: 410 mbedtls_mpi_free( &X ); 411} 412/* END_CASE */ 413 414/* BEGIN_CASE */ 415void mbedtls_mpi_read_binary_le( data_t * buf, int radix_A, char * input_A ) 416{ 417 mbedtls_mpi X; 418 char str[1000]; 419 size_t len; 420 421 mbedtls_mpi_init( &X ); 422 423 424 TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 ); 425 TEST_ASSERT( sign_is_valid( &X ) ); 426 TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 ); 427 TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 ); 428 429exit: 430 mbedtls_mpi_free( &X ); 431} 432/* END_CASE */ 433 434/* BEGIN_CASE */ 435void mbedtls_mpi_write_binary( int radix_X, char * input_X, 436 data_t * input_A, int output_size, 437 int result ) 438{ 439 mbedtls_mpi X; 440 unsigned char buf[1000]; 441 size_t buflen; 442 443 memset( buf, 0x00, 1000 ); 444 445 mbedtls_mpi_init( &X ); 446 447 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 448 449 buflen = mbedtls_mpi_size( &X ); 450 if( buflen > (size_t) output_size ) 451 buflen = (size_t) output_size; 452 453 TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result ); 454 if( result == 0) 455 { 456 457 TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, 458 buflen, input_A->len ) == 0 ); 459 } 460 461exit: 462 mbedtls_mpi_free( &X ); 463} 464/* END_CASE */ 465 466/* BEGIN_CASE */ 467void mbedtls_mpi_write_binary_le( int radix_X, char * input_X, 468 data_t * input_A, int output_size, 469 int result ) 470{ 471 mbedtls_mpi X; 472 unsigned char buf[1000]; 473 size_t buflen; 474 475 memset( buf, 0x00, 1000 ); 476 477 mbedtls_mpi_init( &X ); 478 479 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 480 481 buflen = mbedtls_mpi_size( &X ); 482 if( buflen > (size_t) output_size ) 483 buflen = (size_t) output_size; 484 485 TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result ); 486 if( result == 0) 487 { 488 489 TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, 490 buflen, input_A->len ) == 0 ); 491 } 492 493exit: 494 mbedtls_mpi_free( &X ); 495} 496/* END_CASE */ 497 498/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 499void mbedtls_mpi_read_file( int radix_X, char * input_file, 500 data_t * input_A, int result ) 501{ 502 mbedtls_mpi X; 503 unsigned char buf[1000]; 504 size_t buflen; 505 FILE *file; 506 int ret; 507 508 memset( buf, 0x00, 1000 ); 509 510 mbedtls_mpi_init( &X ); 511 512 file = fopen( input_file, "r" ); 513 TEST_ASSERT( file != NULL ); 514 ret = mbedtls_mpi_read_file( &X, radix_X, file ); 515 fclose(file); 516 TEST_ASSERT( ret == result ); 517 518 if( result == 0 ) 519 { 520 TEST_ASSERT( sign_is_valid( &X ) ); 521 buflen = mbedtls_mpi_size( &X ); 522 TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); 523 524 525 TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, 526 buflen, input_A->len ) == 0 ); 527 } 528 529exit: 530 mbedtls_mpi_free( &X ); 531} 532/* END_CASE */ 533 534/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 535void mbedtls_mpi_write_file( int radix_X, char * input_X, int output_radix, 536 char * output_file ) 537{ 538 mbedtls_mpi X, Y; 539 FILE *file_out, *file_in; 540 int ret; 541 542 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 543 544 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 545 546 file_out = fopen( output_file, "w" ); 547 TEST_ASSERT( file_out != NULL ); 548 ret = mbedtls_mpi_write_file( NULL, &X, output_radix, file_out ); 549 fclose(file_out); 550 TEST_ASSERT( ret == 0 ); 551 552 file_in = fopen( output_file, "r" ); 553 TEST_ASSERT( file_in != NULL ); 554 ret = mbedtls_mpi_read_file( &Y, output_radix, file_in ); 555 fclose(file_in); 556 TEST_ASSERT( ret == 0 ); 557 558 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); 559 560exit: 561 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 562} 563/* END_CASE */ 564 565/* BEGIN_CASE */ 566void mbedtls_mpi_get_bit( int radix_X, char * input_X, int pos, int val ) 567{ 568 mbedtls_mpi X; 569 mbedtls_mpi_init( &X ); 570 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 571 TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val ); 572 573exit: 574 mbedtls_mpi_free( &X ); 575} 576/* END_CASE */ 577 578/* BEGIN_CASE */ 579void mbedtls_mpi_set_bit( int radix_X, char * input_X, int pos, int val, 580 int radix_Y, char * output_Y, int result ) 581{ 582 mbedtls_mpi X, Y; 583 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 584 585 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 586 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, output_Y ) == 0 ); 587 TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result ); 588 589 if( result == 0 ) 590 { 591 TEST_ASSERT( sign_is_valid( &X ) ); 592 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); 593 } 594 595exit: 596 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 597} 598/* END_CASE */ 599 600/* BEGIN_CASE */ 601void mbedtls_mpi_lsb( int radix_X, char * input_X, int nr_bits ) 602{ 603 mbedtls_mpi X; 604 mbedtls_mpi_init( &X ); 605 606 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 607 TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits ); 608 609exit: 610 mbedtls_mpi_free( &X ); 611} 612/* END_CASE */ 613 614/* BEGIN_CASE */ 615void mbedtls_mpi_bitlen( int radix_X, char * input_X, int nr_bits ) 616{ 617 mbedtls_mpi X; 618 mbedtls_mpi_init( &X ); 619 620 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 621 TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits ); 622 623exit: 624 mbedtls_mpi_free( &X ); 625} 626/* END_CASE */ 627 628/* BEGIN_CASE */ 629void mbedtls_mpi_gcd( int radix_X, char * input_X, int radix_Y, 630 char * input_Y, int radix_A, char * input_A ) 631{ 632 mbedtls_mpi A, X, Y, Z; 633 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); 634 635 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 636 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 637 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 638 TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 ); 639 TEST_ASSERT( sign_is_valid( &Z ) ); 640 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 641 642exit: 643 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); 644} 645/* END_CASE */ 646 647/* BEGIN_CASE */ 648void mbedtls_mpi_cmp_int( int input_X, int input_A, int result_CMP ) 649{ 650 mbedtls_mpi X; 651 mbedtls_mpi_init( &X ); 652 653 TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0); 654 TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_A ) == result_CMP); 655 656exit: 657 mbedtls_mpi_free( &X ); 658} 659/* END_CASE */ 660 661/* BEGIN_CASE */ 662void mbedtls_mpi_cmp_mpi( int radix_X, char * input_X, int radix_Y, 663 char * input_Y, int input_A ) 664{ 665 mbedtls_mpi X, Y; 666 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 667 668 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 669 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 670 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A ); 671 672exit: 673 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 674} 675/* END_CASE */ 676 677/* BEGIN_CASE */ 678void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X, 679 int size_Y, char * input_Y, 680 int input_ret, int input_err ) 681{ 682 unsigned ret = -1; 683 unsigned input_uret = input_ret; 684 mbedtls_mpi X, Y; 685 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 686 687 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 ); 688 TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, input_Y ) == 0 ); 689 690 TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 ); 691 TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 ); 692 693 TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err ); 694 if( input_err == 0 ) 695 TEST_ASSERT( ret == input_uret ); 696 697exit: 698 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 699} 700/* END_CASE */ 701 702/* BEGIN_CASE */ 703void mbedtls_mpi_cmp_abs( int radix_X, char * input_X, int radix_Y, 704 char * input_Y, int input_A ) 705{ 706 mbedtls_mpi X, Y; 707 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 708 709 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 710 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 711 TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A ); 712 713exit: 714 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 715} 716/* END_CASE */ 717 718/* BEGIN_CASE */ 719void mbedtls_mpi_copy( char *src_hex, char *dst_hex ) 720{ 721 mbedtls_mpi src, dst, ref; 722 mbedtls_mpi_init( &src ); 723 mbedtls_mpi_init( &dst ); 724 mbedtls_mpi_init( &ref ); 725 726 TEST_ASSERT( mbedtls_test_read_mpi( &src, 16, src_hex ) == 0 ); 727 TEST_ASSERT( mbedtls_test_read_mpi( &ref, 16, dst_hex ) == 0 ); 728 729 /* mbedtls_mpi_copy() */ 730 TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); 731 TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 ); 732 TEST_ASSERT( sign_is_valid( &dst ) ); 733 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); 734 735 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 736 mbedtls_mpi_free( &dst ); 737 TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); 738 TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 ); 739 TEST_ASSERT( sign_is_valid( &dst ) ); 740 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); 741 742 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 743 mbedtls_mpi_free( &dst ); 744 TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); 745 TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 ); 746 TEST_ASSERT( sign_is_valid( &dst ) ); 747 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 ); 748 749exit: 750 mbedtls_mpi_free( &src ); 751 mbedtls_mpi_free( &dst ); 752 mbedtls_mpi_free( &ref ); 753} 754/* END_CASE */ 755 756/* BEGIN_CASE */ 757void mpi_copy_self( char *input_X ) 758{ 759 mbedtls_mpi X, A; 760 mbedtls_mpi_init( &A ); 761 mbedtls_mpi_init( &X ); 762 763 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 ); 764 TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 ); 765 766 TEST_ASSERT( mbedtls_test_read_mpi( &A, 16, input_X ) == 0 ); 767 TEST_ASSERT( sign_is_valid( &X ) ); 768 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 769 770exit: 771 mbedtls_mpi_free( &A ); 772 mbedtls_mpi_free( &X ); 773} 774/* END_CASE */ 775 776/* BEGIN_CASE */ 777void mbedtls_mpi_swap( char *X_hex, char *Y_hex ) 778{ 779 mbedtls_mpi X, Y, X0, Y0; 780 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); 781 mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 ); 782 783 TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 ); 784 TEST_ASSERT( mbedtls_test_read_mpi( &Y0, 16, Y_hex ) == 0 ); 785 786 /* mbedtls_mpi_swap() */ 787 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); 788 TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); 789 mbedtls_mpi_swap( &X, &Y ); 790 TEST_ASSERT( sign_is_valid( &X ) ); 791 TEST_ASSERT( sign_is_valid( &Y ) ); 792 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); 793 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); 794 795 /* mbedtls_mpi_safe_cond_swap(), swap done */ 796 mbedtls_mpi_free( &X ); 797 mbedtls_mpi_free( &Y ); 798 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); 799 TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); 800 TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 ); 801 TEST_ASSERT( sign_is_valid( &X ) ); 802 TEST_ASSERT( sign_is_valid( &Y ) ); 803 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); 804 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); 805 806 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 807 mbedtls_mpi_free( &X ); 808 mbedtls_mpi_free( &Y ); 809 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); 810 TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); 811 TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 ); 812 TEST_ASSERT( sign_is_valid( &X ) ); 813 TEST_ASSERT( sign_is_valid( &Y ) ); 814 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); 815 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 ); 816 817exit: 818 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); 819 mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 ); 820} 821/* END_CASE */ 822 823/* BEGIN_CASE */ 824void mpi_swap_self( char *X_hex ) 825{ 826 mbedtls_mpi X, X0; 827 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 ); 828 829 TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); 830 TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 ); 831 832 mbedtls_mpi_swap( &X, &X ); 833 TEST_ASSERT( sign_is_valid( &X ) ); 834 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); 835 836exit: 837 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 ); 838} 839/* END_CASE */ 840 841/* BEGIN_CASE */ 842void mbedtls_mpi_shrink( int before, int used, int min, int after ) 843{ 844 mbedtls_mpi X; 845 mbedtls_mpi_init( &X ); 846 847 TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 ); 848 if( used > 0 ) 849 { 850 size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint ); 851 TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 ); 852 } 853 TEST_EQUAL( X.n, (size_t) before ); 854 TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 ); 855 TEST_EQUAL( X.n, (size_t) after ); 856 857exit: 858 mbedtls_mpi_free( &X ); 859} 860/* END_CASE */ 861 862/* BEGIN_CASE */ 863void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y, 864 char * input_Y, int radix_A, char * input_A ) 865{ 866 mbedtls_mpi X, Y, Z, A; 867 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 868 869 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 870 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 871 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 872 TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 ); 873 TEST_ASSERT( sign_is_valid( &Z ) ); 874 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 875 876 /* result == first operand */ 877 TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 ); 878 TEST_ASSERT( sign_is_valid( &X ) ); 879 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 880 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 881 882 /* result == second operand */ 883 TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 ); 884 TEST_ASSERT( sign_is_valid( &Y ) ); 885 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 886 887exit: 888 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 889} 890/* END_CASE */ 891 892/* BEGIN_CASE */ 893void mbedtls_mpi_add_mpi_inplace( int radix_X, char * input_X, int radix_A, 894 char * input_A ) 895{ 896 mbedtls_mpi X, A; 897 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); 898 899 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 900 901 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 902 TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 ); 903 TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 ); 904 TEST_ASSERT( sign_is_valid( &X ) ); 905 906 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 907 TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 ); 908 TEST_ASSERT( sign_is_valid( &X ) ); 909 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 910 911 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 912 TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); 913 TEST_ASSERT( sign_is_valid( &X ) ); 914 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 915 916exit: 917 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); 918} 919/* END_CASE */ 920 921 922/* BEGIN_CASE */ 923void mbedtls_mpi_add_abs( int radix_X, char * input_X, int radix_Y, 924 char * input_Y, int radix_A, char * input_A ) 925{ 926 mbedtls_mpi X, Y, Z, A; 927 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 928 929 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 930 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 931 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 932 TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 ); 933 TEST_ASSERT( sign_is_valid( &Z ) ); 934 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 935 936 /* result == first operand */ 937 TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 ); 938 TEST_ASSERT( sign_is_valid( &X ) ); 939 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 940 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 941 942 /* result == second operand */ 943 TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 ); 944 TEST_ASSERT( sign_is_valid( &Y ) ); 945 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 946 947exit: 948 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 949} 950/* END_CASE */ 951 952/* BEGIN_CASE */ 953void mbedtls_mpi_add_int( int radix_X, char * input_X, int input_Y, 954 int radix_A, char * input_A ) 955{ 956 mbedtls_mpi X, Z, A; 957 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 958 959 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 960 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 961 TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 ); 962 TEST_ASSERT( sign_is_valid( &Z ) ); 963 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 964 965exit: 966 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 967} 968/* END_CASE */ 969 970/* BEGIN_CASE */ 971void mbedtls_mpi_sub_mpi( int radix_X, char * input_X, int radix_Y, 972 char * input_Y, int radix_A, char * input_A ) 973{ 974 mbedtls_mpi X, Y, Z, A; 975 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 976 977 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 978 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 979 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 980 TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 ); 981 TEST_ASSERT( sign_is_valid( &Z ) ); 982 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 983 984 /* result == first operand */ 985 TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 ); 986 TEST_ASSERT( sign_is_valid( &X ) ); 987 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 988 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 989 990 /* result == second operand */ 991 TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 ); 992 TEST_ASSERT( sign_is_valid( &Y ) ); 993 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 994 995exit: 996 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 997} 998/* END_CASE */ 999 1000/* BEGIN_CASE */ 1001void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y, 1002 char * input_Y, int radix_A, char * input_A, 1003 int sub_result ) 1004{ 1005 mbedtls_mpi X, Y, Z, A; 1006 int res; 1007 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 1008 1009 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1010 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 1011 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1012 1013 res = mbedtls_mpi_sub_abs( &Z, &X, &Y ); 1014 TEST_ASSERT( res == sub_result ); 1015 TEST_ASSERT( sign_is_valid( &Z ) ); 1016 if( res == 0 ) 1017 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 1018 1019 /* result == first operand */ 1020 TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result ); 1021 TEST_ASSERT( sign_is_valid( &X ) ); 1022 if( sub_result == 0 ) 1023 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 1024 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1025 1026 /* result == second operand */ 1027 TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result ); 1028 TEST_ASSERT( sign_is_valid( &Y ) ); 1029 if( sub_result == 0 ) 1030 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); 1031 1032exit: 1033 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 1034} 1035/* END_CASE */ 1036 1037/* BEGIN_CASE */ 1038void mbedtls_mpi_sub_int( int radix_X, char * input_X, int input_Y, 1039 int radix_A, char * input_A ) 1040{ 1041 mbedtls_mpi X, Z, A; 1042 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 1043 1044 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1045 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1046 TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 ); 1047 TEST_ASSERT( sign_is_valid( &Z ) ); 1048 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 1049 1050exit: 1051 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 1052} 1053/* END_CASE */ 1054 1055/* BEGIN_CASE */ 1056void mbedtls_mpi_mul_mpi( int radix_X, char * input_X, int radix_Y, 1057 char * input_Y, int radix_A, char * input_A ) 1058{ 1059 mbedtls_mpi X, Y, Z, A; 1060 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 1061 1062 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1063 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 1064 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1065 TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 ); 1066 TEST_ASSERT( sign_is_valid( &Z ) ); 1067 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 1068 1069exit: 1070 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 1071} 1072/* END_CASE */ 1073 1074/* BEGIN_CASE */ 1075void mbedtls_mpi_mul_int( int radix_X, char * input_X, int input_Y, 1076 int radix_A, char * input_A, 1077 char * result_comparison ) 1078{ 1079 mbedtls_mpi X, Z, A; 1080 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 1081 1082 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1083 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1084 TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 ); 1085 TEST_ASSERT( sign_is_valid( &Z ) ); 1086 if( strcmp( result_comparison, "==" ) == 0 ) 1087 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 1088 else if( strcmp( result_comparison, "!=" ) == 0 ) 1089 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) != 0 ); 1090 else 1091 TEST_ASSERT( "unknown operator" == 0 ); 1092 1093exit: 1094 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 1095} 1096/* END_CASE */ 1097 1098/* BEGIN_CASE */ 1099void mbedtls_mpi_div_mpi( int radix_X, char * input_X, int radix_Y, 1100 char * input_Y, int radix_A, char * input_A, 1101 int radix_B, char * input_B, int div_result ) 1102{ 1103 mbedtls_mpi X, Y, Q, R, A, B; 1104 int res; 1105 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); 1106 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B ); 1107 1108 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1109 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 1110 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1111 TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 ); 1112 res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y ); 1113 TEST_ASSERT( res == div_result ); 1114 if( res == 0 ) 1115 { 1116 TEST_ASSERT( sign_is_valid( &Q ) ); 1117 TEST_ASSERT( sign_is_valid( &R ) ); 1118 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 ); 1119 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 ); 1120 } 1121 1122exit: 1123 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); 1124 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &B ); 1125} 1126/* END_CASE */ 1127 1128/* BEGIN_CASE */ 1129void mbedtls_mpi_div_int( int radix_X, char * input_X, int input_Y, 1130 int radix_A, char * input_A, int radix_B, 1131 char * input_B, int div_result ) 1132{ 1133 mbedtls_mpi X, Q, R, A, B; 1134 int res; 1135 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A ); 1136 mbedtls_mpi_init( &B ); 1137 1138 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1139 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1140 TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 ); 1141 res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y ); 1142 TEST_ASSERT( res == div_result ); 1143 if( res == 0 ) 1144 { 1145 TEST_ASSERT( sign_is_valid( &Q ) ); 1146 TEST_ASSERT( sign_is_valid( &R ) ); 1147 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 ); 1148 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 ); 1149 } 1150 1151exit: 1152 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &A ); 1153 mbedtls_mpi_free( &B ); 1154} 1155/* END_CASE */ 1156 1157/* BEGIN_CASE */ 1158void mbedtls_mpi_mod_mpi( int radix_X, char * input_X, int radix_Y, 1159 char * input_Y, int radix_A, char * input_A, 1160 int div_result ) 1161{ 1162 mbedtls_mpi X, Y, A; 1163 int res; 1164 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A ); 1165 1166 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1167 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 1168 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1169 res = mbedtls_mpi_mod_mpi( &X, &X, &Y ); 1170 TEST_ASSERT( res == div_result ); 1171 if( res == 0 ) 1172 { 1173 TEST_ASSERT( sign_is_valid( &X ) ); 1174 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 1175 } 1176 1177exit: 1178 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A ); 1179} 1180/* END_CASE */ 1181 1182/* BEGIN_CASE */ 1183void mbedtls_mpi_mod_int( int radix_X, char * input_X, int input_Y, 1184 int input_A, int div_result ) 1185{ 1186 mbedtls_mpi X; 1187 int res; 1188 mbedtls_mpi_uint r; 1189 mbedtls_mpi_init( &X ); 1190 1191 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1192 res = mbedtls_mpi_mod_int( &r, &X, input_Y ); 1193 TEST_ASSERT( res == div_result ); 1194 if( res == 0 ) 1195 { 1196 TEST_ASSERT( r == (mbedtls_mpi_uint) input_A ); 1197 } 1198 1199exit: 1200 mbedtls_mpi_free( &X ); 1201} 1202/* END_CASE */ 1203 1204/* BEGIN_CASE */ 1205void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, 1206 char * input_E, int radix_N, char * input_N, 1207 int radix_X, char * input_X, int exp_result ) 1208{ 1209 mbedtls_mpi A, E, N, RR, Z, X; 1210 int res; 1211 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); 1212 mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X ); 1213 1214 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1215 TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); 1216 TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); 1217 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1218 1219 res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL ); 1220 TEST_ASSERT( res == exp_result ); 1221 if( res == 0 ) 1222 { 1223 TEST_ASSERT( sign_is_valid( &Z ) ); 1224 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); 1225 } 1226 1227 /* Now test again with the speed-up parameter supplied as an output. */ 1228 res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); 1229 TEST_ASSERT( res == exp_result ); 1230 if( res == 0 ) 1231 { 1232 TEST_ASSERT( sign_is_valid( &Z ) ); 1233 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); 1234 } 1235 1236 /* Now test again with the speed-up parameter supplied in calculated form. */ 1237 res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); 1238 TEST_ASSERT( res == exp_result ); 1239 if( res == 0 ) 1240 { 1241 TEST_ASSERT( sign_is_valid( &Z ) ); 1242 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); 1243 } 1244 1245exit: 1246 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); 1247 mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &X ); 1248} 1249/* END_CASE */ 1250 1251/* BEGIN_CASE */ 1252void mbedtls_mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes, 1253 int radix_RR, char * input_RR, int exp_result ) 1254{ 1255 mbedtls_mpi A, E, N, RR, Z; 1256 mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); 1257 mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); 1258 1259 /* Set A to 2^(A_bytes - 1) + 1 */ 1260 TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 ); 1261 TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 ); 1262 TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 ); 1263 1264 /* Set E to 2^(E_bytes - 1) + 1 */ 1265 TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 ); 1266 TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 ); 1267 TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 ); 1268 1269 /* Set N to 2^(N_bytes - 1) + 1 */ 1270 TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 ); 1271 TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 ); 1272 TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 ); 1273 1274 if( strlen( input_RR ) ) 1275 TEST_ASSERT( mbedtls_test_read_mpi( &RR, radix_RR, input_RR ) == 0 ); 1276 1277 TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result ); 1278 1279exit: 1280 mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); 1281 mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); 1282} 1283/* END_CASE */ 1284 1285/* BEGIN_CASE */ 1286void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y, 1287 char * input_Y, int radix_A, char * input_A, 1288 int div_result ) 1289{ 1290 mbedtls_mpi X, Y, Z, A; 1291 int res; 1292 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); 1293 1294 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1295 TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); 1296 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1297 res = mbedtls_mpi_inv_mod( &Z, &X, &Y ); 1298 TEST_ASSERT( res == div_result ); 1299 if( res == 0 ) 1300 { 1301 TEST_ASSERT( sign_is_valid( &Z ) ); 1302 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); 1303 } 1304 1305exit: 1306 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A ); 1307} 1308/* END_CASE */ 1309 1310/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1311void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result ) 1312{ 1313 mbedtls_mpi X; 1314 int res; 1315 mbedtls_mpi_init( &X ); 1316 1317 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1318 res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ); 1319 TEST_ASSERT( res == div_result ); 1320 1321exit: 1322 mbedtls_mpi_free( &X ); 1323} 1324/* END_CASE */ 1325 1326/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1327void mbedtls_mpi_is_prime_det( data_t * input_X, data_t * witnesses, 1328 int chunk_len, int rounds ) 1329{ 1330 mbedtls_mpi X; 1331 int res; 1332 mbedtls_test_mpi_random rand; 1333 1334 mbedtls_mpi_init( &X ); 1335 rand.data = witnesses; 1336 rand.pos = 0; 1337 rand.chunk_len = chunk_len; 1338 1339 TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); 1340 res = mbedtls_mpi_is_prime_ext( &X, rounds - 1, 1341 mbedtls_test_mpi_miller_rabin_determinizer, 1342 &rand ); 1343 TEST_ASSERT( res == 0 ); 1344 1345 rand.data = witnesses; 1346 rand.pos = 0; 1347 rand.chunk_len = chunk_len; 1348 1349 res = mbedtls_mpi_is_prime_ext( &X, rounds, 1350 mbedtls_test_mpi_miller_rabin_determinizer, 1351 &rand ); 1352 TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); 1353 1354exit: 1355 mbedtls_mpi_free( &X ); 1356} 1357/* END_CASE */ 1358 1359/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1360void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) 1361{ 1362 mbedtls_mpi X; 1363 int my_ret; 1364 1365 mbedtls_mpi_init( &X ); 1366 1367 my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, 1368 mbedtls_test_rnd_std_rand, NULL ); 1369 TEST_ASSERT( my_ret == ref_ret ); 1370 1371 if( ref_ret == 0 ) 1372 { 1373 size_t actual_bits = mbedtls_mpi_bitlen( &X ); 1374 1375 TEST_ASSERT( actual_bits >= (size_t) bits ); 1376 TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); 1377 TEST_ASSERT( sign_is_valid( &X ) ); 1378 1379 TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, 1380 mbedtls_test_rnd_std_rand, 1381 NULL ) == 0 ); 1382 if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) 1383 { 1384 /* X = ( X - 1 ) / 2 */ 1385 TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); 1386 TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, 1387 mbedtls_test_rnd_std_rand, 1388 NULL ) == 0 ); 1389 } 1390 } 1391 1392exit: 1393 mbedtls_mpi_free( &X ); 1394} 1395/* END_CASE */ 1396 1397/* BEGIN_CASE */ 1398void mbedtls_mpi_shift_l( int radix_X, char * input_X, int shift_X, 1399 int radix_A, char * input_A ) 1400{ 1401 mbedtls_mpi X, A; 1402 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); 1403 1404 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1405 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1406 TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 ); 1407 TEST_ASSERT( sign_is_valid( &X ) ); 1408 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 1409 1410exit: 1411 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); 1412} 1413/* END_CASE */ 1414 1415/* BEGIN_CASE */ 1416void mbedtls_mpi_shift_r( int radix_X, char * input_X, int shift_X, 1417 int radix_A, char * input_A ) 1418{ 1419 mbedtls_mpi X, A; 1420 mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); 1421 1422 TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); 1423 TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); 1424 TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 ); 1425 TEST_ASSERT( sign_is_valid( &X ) ); 1426 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); 1427 1428exit: 1429 mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A ); 1430} 1431/* END_CASE */ 1432 1433/* BEGIN_CASE */ 1434void mpi_fill_random( int wanted_bytes, int rng_bytes, 1435 int before, int expected_ret ) 1436{ 1437 mbedtls_mpi X; 1438 int ret; 1439 size_t bytes_left = rng_bytes; 1440 mbedtls_mpi_init( &X ); 1441 1442 if( before != 0 ) 1443 { 1444 /* Set X to sign(before) * 2^(|before|-1) */ 1445 TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 ); 1446 if( before < 0 ) 1447 before = - before; 1448 TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 ); 1449 } 1450 1451 ret = mbedtls_mpi_fill_random( &X, wanted_bytes, 1452 f_rng_bytes_left, &bytes_left ); 1453 TEST_ASSERT( ret == expected_ret ); 1454 1455 if( expected_ret == 0 ) 1456 { 1457 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1458 * as a big-endian representation of the number. We know when 1459 * our RNG function returns null bytes, so we know how many 1460 * leading zero bytes the number has. */ 1461 size_t leading_zeros = 0; 1462 if( wanted_bytes > 0 && rng_bytes % 256 == 0 ) 1463 leading_zeros = 1; 1464 TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros == 1465 (size_t) wanted_bytes ); 1466 TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes ); 1467 TEST_ASSERT( sign_is_valid( &X ) ); 1468 } 1469 1470exit: 1471 mbedtls_mpi_free( &X ); 1472} 1473/* END_CASE */ 1474 1475/* BEGIN_CASE */ 1476void mpi_random_many( int min, data_t *bound_bytes, int iterations ) 1477{ 1478 /* Generate numbers in the range 1..bound-1. Do it iterations times. 1479 * This function assumes that the value of bound is at least 2 and 1480 * that iterations is large enough that a one-in-2^iterations chance 1481 * effectively never occurs. 1482 */ 1483 1484 mbedtls_mpi upper_bound; 1485 size_t n_bits; 1486 mbedtls_mpi result; 1487 size_t b; 1488 /* If upper_bound is small, stats[b] is the number of times the value b 1489 * has been generated. Otherwise stats[b] is the number of times a 1490 * value with bit b set has been generated. */ 1491 size_t *stats = NULL; 1492 size_t stats_len; 1493 int full_stats; 1494 size_t i; 1495 1496 mbedtls_mpi_init( &upper_bound ); 1497 mbedtls_mpi_init( &result ); 1498 1499 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound, 1500 bound_bytes->x, bound_bytes->len ) ); 1501 n_bits = mbedtls_mpi_bitlen( &upper_bound ); 1502 /* Consider a bound "small" if it's less than 2^5. This value is chosen 1503 * to be small enough that the probability of missing one value is 1504 * negligible given the number of iterations. It must be less than 1505 * 256 because some of the code below assumes that "small" values 1506 * fit in a byte. */ 1507 if( n_bits <= 5 ) 1508 { 1509 full_stats = 1; 1510 stats_len = bound_bytes->x[bound_bytes->len - 1]; 1511 } 1512 else 1513 { 1514 full_stats = 0; 1515 stats_len = n_bits; 1516 } 1517 ASSERT_ALLOC( stats, stats_len ); 1518 1519 for( i = 0; i < (size_t) iterations; i++ ) 1520 { 1521 mbedtls_test_set_step( i ); 1522 TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound, 1523 mbedtls_test_rnd_std_rand, NULL ) ); 1524 1525 TEST_ASSERT( sign_is_valid( &result ) ); 1526 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 ); 1527 TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 ); 1528 if( full_stats ) 1529 { 1530 uint8_t value; 1531 TEST_EQUAL( 0, mbedtls_mpi_write_binary( &result, &value, 1 ) ); 1532 TEST_ASSERT( value < stats_len ); 1533 ++stats[value]; 1534 } 1535 else 1536 { 1537 for( b = 0; b < n_bits; b++ ) 1538 stats[b] += mbedtls_mpi_get_bit( &result, b ); 1539 } 1540 } 1541 1542 if( full_stats ) 1543 { 1544 for( b = min; b < stats_len; b++ ) 1545 { 1546 mbedtls_test_set_step( 1000000 + b ); 1547 /* Assert that each value has been reached at least once. 1548 * This is almost guaranteed if the iteration count is large 1549 * enough. This is a very crude way of checking the distribution. 1550 */ 1551 TEST_ASSERT( stats[b] > 0 ); 1552 } 1553 } 1554 else 1555 { 1556 int statistically_safe_all_the_way = 1557 is_significantly_above_a_power_of_2( bound_bytes ); 1558 for( b = 0; b < n_bits; b++ ) 1559 { 1560 mbedtls_test_set_step( 1000000 + b ); 1561 /* Assert that each bit has been set in at least one result and 1562 * clear in at least one result. Provided that iterations is not 1563 * too small, it would be extremely unlikely for this not to be 1564 * the case if the results are uniformly distributed. 1565 * 1566 * As an exception, the top bit may legitimately never be set 1567 * if bound is a power of 2 or only slightly above. 1568 */ 1569 if( statistically_safe_all_the_way || b != n_bits - 1 ) 1570 { 1571 TEST_ASSERT( stats[b] > 0 ); 1572 } 1573 TEST_ASSERT( stats[b] < (size_t) iterations ); 1574 } 1575 } 1576 1577exit: 1578 mbedtls_mpi_free( &upper_bound ); 1579 mbedtls_mpi_free( &result ); 1580 mbedtls_free( stats ); 1581} 1582/* END_CASE */ 1583 1584/* BEGIN_CASE */ 1585void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before ) 1586{ 1587 mbedtls_mpi upper_bound; 1588 mbedtls_mpi result; 1589 1590 mbedtls_mpi_init( &upper_bound ); 1591 mbedtls_mpi_init( &result ); 1592 1593 if( before != 0 ) 1594 { 1595 /* Set result to sign(before) * 2^(|before|-1) */ 1596 TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 ); 1597 if( before < 0 ) 1598 before = - before; 1599 TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 ); 1600 } 1601 1602 TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) ); 1603 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound, 1604 bound_bytes->x, bound_bytes->len ) ); 1605 TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound, 1606 mbedtls_test_rnd_std_rand, NULL ) ); 1607 TEST_ASSERT( sign_is_valid( &result ) ); 1608 TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 ); 1609 TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 ); 1610 1611exit: 1612 mbedtls_mpi_free( &upper_bound ); 1613 mbedtls_mpi_free( &result ); 1614} 1615/* END_CASE */ 1616 1617/* BEGIN_CASE */ 1618void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret ) 1619{ 1620 mbedtls_mpi upper_bound; 1621 mbedtls_mpi result; 1622 int actual_ret; 1623 1624 mbedtls_mpi_init( &upper_bound ); 1625 mbedtls_mpi_init( &result ); 1626 1627 TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound, 1628 bound_bytes->x, bound_bytes->len ) ); 1629 actual_ret = mbedtls_mpi_random( &result, min, &upper_bound, 1630 mbedtls_test_rnd_std_rand, NULL ); 1631 TEST_EQUAL( expected_ret, actual_ret ); 1632 1633exit: 1634 mbedtls_mpi_free( &upper_bound ); 1635 mbedtls_mpi_free( &result ); 1636} 1637/* END_CASE */ 1638 1639/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1640void mpi_selftest( ) 1641{ 1642 TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 ); 1643} 1644/* END_CASE */ 1645