1/* BEGIN_HEADER */ 2#include "mbedtls/bignum.h" 3#include "mbedtls/entropy.h" 4 5#if MBEDTLS_MPI_MAX_BITS > 792 6#define MPI_MAX_BITS_LARGER_THAN_792 7#endif 8 9/* Check the validity of the sign bit in an MPI object. Reject representations 10 * that are not supported by the rest of the library and indicate a bug when 11 * constructing the value. */ 12static int sign_is_valid(const mbedtls_mpi *X) 13{ 14 /* Only +1 and -1 are valid sign bits, not e.g. 0 */ 15 if (X->s != 1 && X->s != -1) { 16 return 0; 17 } 18 19 /* The value 0 must be represented with the sign +1. A "negative zero" 20 * with s=-1 is an invalid representation. Forbid that. As an exception, 21 * we sometimes test the robustness of library functions when given 22 * a negative zero input. If a test case has a negative zero as input, 23 * we don't mind if the function has a negative zero output. */ 24 if (!mbedtls_test_case_uses_negative_0 && 25 mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { 26 return 0; 27 } 28 29 return 1; 30} 31 32typedef struct mbedtls_test_mpi_random { 33 data_t *data; 34 size_t pos; 35 size_t chunk_len; 36} mbedtls_test_mpi_random; 37 38/* 39 * This function is called by the Miller-Rabin primality test each time it 40 * chooses a random witness. The witnesses (or non-witnesses as provided by the 41 * test) are stored in the data member of the state structure. Each number is in 42 * the format that mbedtls_mpi_read_string understands and is chunk_len long. 43 */ 44int mbedtls_test_mpi_miller_rabin_determinizer(void *state, 45 unsigned char *buf, 46 size_t len) 47{ 48 mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; 49 50 if (random == NULL || random->data->x == NULL || buf == NULL) { 51 return -1; 52 } 53 54 if (random->pos + random->chunk_len > random->data->len 55 || random->chunk_len > len) { 56 return -1; 57 } 58 59 memset(buf, 0, len); 60 61 /* The witness is written to the end of the buffer, since the buffer is 62 * used as big endian, unsigned binary data in mbedtls_mpi_read_binary. 63 * Writing the witness to the start of the buffer would result in the 64 * buffer being 'witness 000...000', which would be treated as 65 * witness * 2^n for some n. */ 66 memcpy(buf + len - random->chunk_len, &random->data->x[random->pos], 67 random->chunk_len); 68 69 random->pos += random->chunk_len; 70 71 return 0; 72} 73 74/* Random generator that is told how many bytes to return. */ 75static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) 76{ 77 size_t *bytes_left = state; 78 size_t i; 79 for (i = 0; i < len; i++) { 80 if (*bytes_left == 0) { 81 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 82 } 83 buf[i] = *bytes_left & 0xff; 84 --(*bytes_left); 85 } 86 return 0; 87} 88 89/* Test whether bytes represents (in big-endian base 256) a number b that 90 * is significantly above a power of 2. That is, b must not have a long run 91 * of unset bits after the most significant bit. 92 * 93 * Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}. 94 * This function returns 1 if, when drawing a number between 0 and b, 95 * the probability that this number is at least 2^n is not negligible. 96 * This probability is (b - 2^n) / b and this function checks that this 97 * number is above some threshold A. The threshold value is heuristic and 98 * based on the needs of mpi_random_many(). 99 */ 100static int is_significantly_above_a_power_of_2(data_t *bytes) 101{ 102 const uint8_t *p = bytes->x; 103 size_t len = bytes->len; 104 unsigned x; 105 106 /* Skip leading null bytes */ 107 while (len > 0 && p[0] == 0) { 108 ++p; 109 --len; 110 } 111 /* 0 is not significantly above a power of 2 */ 112 if (len == 0) { 113 return 0; 114 } 115 /* Extract the (up to) 2 most significant bytes */ 116 if (len == 1) { 117 x = p[0]; 118 } else { 119 x = (p[0] << 8) | p[1]; 120 } 121 122 /* Shift the most significant bit of x to position 8 and mask it out */ 123 while ((x & 0xfe00) != 0) { 124 x >>= 1; 125 } 126 x &= 0x00ff; 127 128 /* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above 129 * a power of 2 iff x is significantly above 0 compared to 2^8. 130 * Testing x >= 2^4 amounts to picking A = 1/16 in the function 131 * description above. */ 132 return x >= 0x10; 133} 134 135/* END_HEADER */ 136 137/* BEGIN_DEPENDENCIES 138 * depends_on:MBEDTLS_BIGNUM_C 139 * END_DEPENDENCIES 140 */ 141 142/* BEGIN_CASE */ 143void mpi_valid_param() 144{ 145 TEST_VALID_PARAM(mbedtls_mpi_free(NULL)); 146} 147/* END_CASE */ 148 149/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 150void mpi_invalid_param() 151{ 152 mbedtls_mpi X; 153 const char *s_in = "00101000101010"; 154 char s_out[16] = { 0 }; 155 unsigned char u_out[16] = { 0 }; 156 unsigned char u_in[16] = { 0 }; 157 size_t olen; 158 mbedtls_mpi_uint mpi_uint; 159 160 TEST_INVALID_PARAM(mbedtls_mpi_init(NULL)); 161 162 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 163 mbedtls_mpi_grow(NULL, 42)); 164 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 165 mbedtls_mpi_copy(NULL, &X)); 166 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 167 mbedtls_mpi_copy(&X, NULL)); 168 169 TEST_INVALID_PARAM(mbedtls_mpi_swap(NULL, &X)); 170 TEST_INVALID_PARAM(mbedtls_mpi_swap(&X, NULL)); 171 172 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 173 mbedtls_mpi_safe_cond_assign(NULL, &X, 0)); 174 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 175 mbedtls_mpi_safe_cond_assign(&X, NULL, 0)); 176 177 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 178 mbedtls_mpi_safe_cond_swap(NULL, &X, 0)); 179 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 180 mbedtls_mpi_safe_cond_swap(&X, NULL, 0)); 181 182 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 183 mbedtls_mpi_lset(NULL, 42)); 184 185 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 186 mbedtls_mpi_get_bit(NULL, 42)); 187 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 188 mbedtls_mpi_set_bit(NULL, 42, 0)); 189 190 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 191 mbedtls_mpi_read_string(NULL, 2, s_in)); 192 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 193 mbedtls_mpi_read_string(&X, 2, NULL)); 194 195 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 196 mbedtls_mpi_write_string(NULL, 2, 197 s_out, sizeof(s_out), 198 &olen)); 199 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 200 mbedtls_mpi_write_string(&X, 2, 201 NULL, sizeof(s_out), 202 &olen)); 203 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 204 mbedtls_mpi_write_string(&X, 2, 205 s_out, sizeof(s_out), 206 NULL)); 207 208#if defined(MBEDTLS_FS_IO) 209 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 210 mbedtls_mpi_read_file(NULL, 2, stdin)); 211 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 212 mbedtls_mpi_read_file(&X, 2, NULL)); 213 214 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 215 mbedtls_mpi_write_file("", NULL, 2, NULL)); 216#endif /* MBEDTLS_FS_IO */ 217 218 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 219 mbedtls_mpi_read_binary(NULL, u_in, 220 sizeof(u_in))); 221 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 222 mbedtls_mpi_read_binary(&X, NULL, 223 sizeof(u_in))); 224 225 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 226 mbedtls_mpi_write_binary(NULL, u_out, 227 sizeof(u_out))); 228 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 229 mbedtls_mpi_write_binary(&X, NULL, 230 sizeof(u_out))); 231 232 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 233 mbedtls_mpi_shift_l(NULL, 42)); 234 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 235 mbedtls_mpi_shift_r(NULL, 42)); 236 237 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 238 mbedtls_mpi_cmp_abs(NULL, &X)); 239 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 240 mbedtls_mpi_cmp_abs(&X, NULL)); 241 242 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 243 mbedtls_mpi_cmp_mpi(NULL, &X)); 244 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 245 mbedtls_mpi_cmp_mpi(&X, NULL)); 246 247 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 248 mbedtls_mpi_cmp_int(NULL, 42)); 249 250 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 251 mbedtls_mpi_add_abs(NULL, &X, &X)); 252 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 253 mbedtls_mpi_add_abs(&X, NULL, &X)); 254 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 255 mbedtls_mpi_add_abs(&X, &X, NULL)); 256 257 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 258 mbedtls_mpi_sub_abs(NULL, &X, &X)); 259 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 260 mbedtls_mpi_sub_abs(&X, NULL, &X)); 261 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 262 mbedtls_mpi_sub_abs(&X, &X, NULL)); 263 264 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 265 mbedtls_mpi_add_mpi(NULL, &X, &X)); 266 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 267 mbedtls_mpi_add_mpi(&X, NULL, &X)); 268 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 269 mbedtls_mpi_add_mpi(&X, &X, NULL)); 270 271 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 272 mbedtls_mpi_sub_mpi(NULL, &X, &X)); 273 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 274 mbedtls_mpi_sub_mpi(&X, NULL, &X)); 275 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 276 mbedtls_mpi_sub_mpi(&X, &X, NULL)); 277 278 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 279 mbedtls_mpi_add_int(NULL, &X, 42)); 280 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 281 mbedtls_mpi_add_int(&X, NULL, 42)); 282 283 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 284 mbedtls_mpi_sub_int(NULL, &X, 42)); 285 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 286 mbedtls_mpi_sub_int(&X, NULL, 42)); 287 288 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 289 mbedtls_mpi_mul_mpi(NULL, &X, &X)); 290 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 291 mbedtls_mpi_mul_mpi(&X, NULL, &X)); 292 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 293 mbedtls_mpi_mul_mpi(&X, &X, NULL)); 294 295 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 296 mbedtls_mpi_mul_int(NULL, &X, 42)); 297 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 298 mbedtls_mpi_mul_int(&X, NULL, 42)); 299 300 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 301 mbedtls_mpi_div_mpi(&X, &X, NULL, &X)); 302 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 303 mbedtls_mpi_div_mpi(&X, &X, &X, NULL)); 304 305 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 306 mbedtls_mpi_div_int(&X, &X, NULL, 42)); 307 308 TEST_INVALID_PARAM_RET(0, mbedtls_mpi_lsb(NULL)); 309 310 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 311 mbedtls_mpi_mod_mpi(NULL, &X, &X)); 312 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 313 mbedtls_mpi_mod_mpi(&X, NULL, &X)); 314 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 315 mbedtls_mpi_mod_mpi(&X, &X, NULL)); 316 317 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 318 mbedtls_mpi_mod_int(NULL, &X, 42)); 319 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 320 mbedtls_mpi_mod_int(&mpi_uint, NULL, 42)); 321 322 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 323 mbedtls_mpi_exp_mod(NULL, &X, &X, &X, NULL)); 324 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 325 mbedtls_mpi_exp_mod(&X, NULL, &X, &X, NULL)); 326 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 327 mbedtls_mpi_exp_mod(&X, &X, NULL, &X, NULL)); 328 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 329 mbedtls_mpi_exp_mod(&X, &X, &X, NULL, NULL)); 330 331 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 332 mbedtls_mpi_fill_random(NULL, 42, 333 mbedtls_test_rnd_std_rand, 334 NULL)); 335 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 336 mbedtls_mpi_fill_random(&X, 42, NULL, NULL)); 337 338 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 339 mbedtls_mpi_gcd(NULL, &X, &X)); 340 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 341 mbedtls_mpi_gcd(&X, NULL, &X)); 342 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 343 mbedtls_mpi_gcd(&X, &X, NULL)); 344 345 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 346 mbedtls_mpi_inv_mod(NULL, &X, &X)); 347 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 348 mbedtls_mpi_inv_mod(&X, NULL, &X)); 349 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA, 350 mbedtls_mpi_inv_mod(&X, &X, NULL)); 351 352exit: 353 return; 354} 355/* END_CASE */ 356 357/* BEGIN_CASE */ 358void mpi_null() 359{ 360 mbedtls_mpi X, Y, Z; 361 362 mbedtls_mpi_init(&X); 363 mbedtls_mpi_init(&Y); 364 mbedtls_mpi_init(&Z); 365 366 TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0); 367 TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0); 368 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0); 369 TEST_ASSERT(mbedtls_mpi_size(&X) == 0); 370 371exit: 372 mbedtls_mpi_free(&X); 373} 374/* END_CASE */ 375 376/* BEGIN_CASE */ 377void mpi_read_write_string(int radix_X, char *input_X, int radix_A, 378 char *input_A, int output_size, int result_read, 379 int result_write) 380{ 381 mbedtls_mpi X; 382 char str[1000]; 383 size_t len; 384 385 mbedtls_mpi_init(&X); 386 387 memset(str, '!', sizeof(str)); 388 389 TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read); 390 if (result_read == 0) { 391 TEST_ASSERT(sign_is_valid(&X)); 392 TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write); 393 if (result_write == 0) { 394 TEST_ASSERT(strcmp(str, input_A) == 0); 395 TEST_ASSERT(str[len] == '!'); 396 } 397 } 398 399exit: 400 mbedtls_mpi_free(&X); 401} 402/* END_CASE */ 403 404/* BEGIN_CASE */ 405void mpi_read_binary(data_t *buf, char *input_A) 406{ 407 mbedtls_mpi X; 408 char str[1000]; 409 size_t len; 410 411 mbedtls_mpi_init(&X); 412 413 414 TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0); 415 TEST_ASSERT(sign_is_valid(&X)); 416 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 417 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 418 419exit: 420 mbedtls_mpi_free(&X); 421} 422/* END_CASE */ 423 424/* BEGIN_CASE */ 425void mpi_read_binary_le(data_t *buf, char *input_A) 426{ 427 mbedtls_mpi X; 428 char str[1000]; 429 size_t len; 430 431 mbedtls_mpi_init(&X); 432 433 434 TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0); 435 TEST_ASSERT(sign_is_valid(&X)); 436 TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0); 437 TEST_ASSERT(strcmp((char *) str, input_A) == 0); 438 439exit: 440 mbedtls_mpi_free(&X); 441} 442/* END_CASE */ 443 444/* BEGIN_CASE */ 445void mpi_write_binary(char *input_X, data_t *input_A, 446 int output_size, int result) 447{ 448 mbedtls_mpi X; 449 unsigned char buf[1000]; 450 size_t buflen; 451 452 memset(buf, 0x00, 1000); 453 454 mbedtls_mpi_init(&X); 455 456 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 457 458 buflen = mbedtls_mpi_size(&X); 459 if (buflen > (size_t) output_size) { 460 buflen = (size_t) output_size; 461 } 462 463 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result); 464 if (result == 0) { 465 466 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 467 buflen, input_A->len) == 0); 468 } 469 470exit: 471 mbedtls_mpi_free(&X); 472} 473/* END_CASE */ 474 475/* BEGIN_CASE */ 476void mpi_write_binary_le(char *input_X, data_t *input_A, 477 int output_size, int result) 478{ 479 mbedtls_mpi X; 480 unsigned char buf[1000]; 481 size_t buflen; 482 483 memset(buf, 0x00, 1000); 484 485 mbedtls_mpi_init(&X); 486 487 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 488 489 buflen = mbedtls_mpi_size(&X); 490 if (buflen > (size_t) output_size) { 491 buflen = (size_t) output_size; 492 } 493 494 TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result); 495 if (result == 0) { 496 497 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 498 buflen, input_A->len) == 0); 499 } 500 501exit: 502 mbedtls_mpi_free(&X); 503} 504/* END_CASE */ 505 506/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 507void mpi_read_file(char *input_file, data_t *input_A, int result) 508{ 509 mbedtls_mpi X; 510 unsigned char buf[1000]; 511 size_t buflen; 512 FILE *file; 513 int ret; 514 515 memset(buf, 0x00, 1000); 516 517 mbedtls_mpi_init(&X); 518 519 file = fopen(input_file, "r"); 520 TEST_ASSERT(file != NULL); 521 ret = mbedtls_mpi_read_file(&X, 16, file); 522 fclose(file); 523 TEST_ASSERT(ret == result); 524 525 if (result == 0) { 526 TEST_ASSERT(sign_is_valid(&X)); 527 buflen = mbedtls_mpi_size(&X); 528 TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0); 529 530 531 TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x, 532 buflen, input_A->len) == 0); 533 } 534 535exit: 536 mbedtls_mpi_free(&X); 537} 538/* END_CASE */ 539 540/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ 541void mpi_write_file(char *input_X, char *output_file) 542{ 543 mbedtls_mpi X, Y; 544 FILE *file_out, *file_in; 545 int ret; 546 547 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 548 549 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 550 551 file_out = fopen(output_file, "w"); 552 TEST_ASSERT(file_out != NULL); 553 ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out); 554 fclose(file_out); 555 TEST_ASSERT(ret == 0); 556 557 file_in = fopen(output_file, "r"); 558 TEST_ASSERT(file_in != NULL); 559 ret = mbedtls_mpi_read_file(&Y, 16, file_in); 560 fclose(file_in); 561 TEST_ASSERT(ret == 0); 562 563 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 564 565exit: 566 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 567} 568/* END_CASE */ 569 570/* BEGIN_CASE */ 571void mpi_get_bit(char *input_X, int pos, int val) 572{ 573 mbedtls_mpi X; 574 mbedtls_mpi_init(&X); 575 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 576 TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val); 577 578exit: 579 mbedtls_mpi_free(&X); 580} 581/* END_CASE */ 582 583/* BEGIN_CASE */ 584void mpi_set_bit(char *input_X, int pos, int val, 585 char *output_Y, int result) 586{ 587 mbedtls_mpi X, Y; 588 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 589 590 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 591 TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0); 592 TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result); 593 594 if (result == 0) { 595 TEST_ASSERT(sign_is_valid(&X)); 596 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0); 597 } 598 599exit: 600 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 601} 602/* END_CASE */ 603 604/* BEGIN_CASE */ 605void mpi_lsb(char *input_X, int nr_bits) 606{ 607 mbedtls_mpi X; 608 mbedtls_mpi_init(&X); 609 610 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 611 TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits); 612 613exit: 614 mbedtls_mpi_free(&X); 615} 616/* END_CASE */ 617 618/* BEGIN_CASE */ 619void mpi_bitlen(char *input_X, int nr_bits) 620{ 621 mbedtls_mpi X; 622 mbedtls_mpi_init(&X); 623 624 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 625 TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits); 626 627exit: 628 mbedtls_mpi_free(&X); 629} 630/* END_CASE */ 631 632/* BEGIN_CASE */ 633void mpi_gcd(char *input_X, char *input_Y, 634 char *input_A) 635{ 636 mbedtls_mpi A, X, Y, Z; 637 mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 638 639 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 640 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 641 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 642 TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0); 643 TEST_ASSERT(sign_is_valid(&Z)); 644 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 645 646exit: 647 mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 648} 649/* END_CASE */ 650 651/* BEGIN_CASE */ 652void mpi_cmp_int(int input_X, int input_A, int result_CMP) 653{ 654 mbedtls_mpi X; 655 mbedtls_mpi_init(&X); 656 657 TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0); 658 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP); 659 660exit: 661 mbedtls_mpi_free(&X); 662} 663/* END_CASE */ 664 665/* BEGIN_CASE */ 666void mpi_cmp_mpi(char *input_X, char *input_Y, 667 int input_A) 668{ 669 mbedtls_mpi X, Y; 670 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 671 672 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 673 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 674 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A); 675 676exit: 677 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 678} 679/* END_CASE */ 680 681/* BEGIN_CASE */ 682void mpi_lt_mpi_ct(int size_X, char *input_X, 683 int size_Y, char *input_Y, 684 int input_ret, int input_err) 685{ 686 unsigned ret = -1; 687 unsigned input_uret = input_ret; 688 mbedtls_mpi X, Y; 689 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 690 691 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 692 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 693 694 TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0); 695 TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0); 696 697 TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err); 698 if (input_err == 0) { 699 TEST_ASSERT(ret == input_uret); 700 } 701 702exit: 703 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 704} 705/* END_CASE */ 706 707/* BEGIN_CASE */ 708void mpi_cmp_abs(char *input_X, char *input_Y, 709 int input_A) 710{ 711 mbedtls_mpi X, Y; 712 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 713 714 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 715 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 716 TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A); 717 718exit: 719 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 720} 721/* END_CASE */ 722 723/* BEGIN_CASE */ 724void mpi_copy(char *src_hex, char *dst_hex) 725{ 726 mbedtls_mpi src, dst, ref; 727 mbedtls_mpi_init(&src); 728 mbedtls_mpi_init(&dst); 729 mbedtls_mpi_init(&ref); 730 731 TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0); 732 TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0); 733 734 /* mbedtls_mpi_copy() */ 735 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 736 TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0); 737 TEST_ASSERT(sign_is_valid(&dst)); 738 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 739 740 /* mbedtls_mpi_safe_cond_assign(), assignment done */ 741 mbedtls_mpi_free(&dst); 742 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 743 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0); 744 TEST_ASSERT(sign_is_valid(&dst)); 745 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0); 746 747 /* mbedtls_mpi_safe_cond_assign(), assignment not done */ 748 mbedtls_mpi_free(&dst); 749 TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0); 750 TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0); 751 TEST_ASSERT(sign_is_valid(&dst)); 752 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0); 753 754exit: 755 mbedtls_mpi_free(&src); 756 mbedtls_mpi_free(&dst); 757 mbedtls_mpi_free(&ref); 758} 759/* END_CASE */ 760 761/* BEGIN_CASE */ 762void mpi_copy_self(char *input_X) 763{ 764 mbedtls_mpi X, A; 765 mbedtls_mpi_init(&A); 766 mbedtls_mpi_init(&X); 767 768 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 769 TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0); 770 771 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0); 772 TEST_ASSERT(sign_is_valid(&X)); 773 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 774 775exit: 776 mbedtls_mpi_free(&A); 777 mbedtls_mpi_free(&X); 778} 779/* END_CASE */ 780 781/* BEGIN_CASE */ 782void mpi_swap(char *X_hex, char *Y_hex) 783{ 784 mbedtls_mpi X, Y, X0, Y0; 785 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); 786 mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0); 787 788 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 789 TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0); 790 791 /* mbedtls_mpi_swap() */ 792 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 793 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 794 mbedtls_mpi_swap(&X, &Y); 795 TEST_ASSERT(sign_is_valid(&X)); 796 TEST_ASSERT(sign_is_valid(&Y)); 797 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 798 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 799 800 /* mbedtls_mpi_safe_cond_swap(), swap done */ 801 mbedtls_mpi_free(&X); 802 mbedtls_mpi_free(&Y); 803 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 804 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 805 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0); 806 TEST_ASSERT(sign_is_valid(&X)); 807 TEST_ASSERT(sign_is_valid(&Y)); 808 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0); 809 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0); 810 811 /* mbedtls_mpi_safe_cond_swap(), swap not done */ 812 mbedtls_mpi_free(&X); 813 mbedtls_mpi_free(&Y); 814 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 815 TEST_ASSERT(mbedtls_test_read_mpi(&Y, Y_hex) == 0); 816 TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0); 817 TEST_ASSERT(sign_is_valid(&X)); 818 TEST_ASSERT(sign_is_valid(&Y)); 819 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 820 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0); 821 822exit: 823 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); 824 mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0); 825} 826/* END_CASE */ 827 828/* BEGIN_CASE */ 829void mpi_swap_self(char *X_hex) 830{ 831 mbedtls_mpi X, X0; 832 mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0); 833 834 TEST_ASSERT(mbedtls_test_read_mpi(&X, X_hex) == 0); 835 TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0); 836 837 mbedtls_mpi_swap(&X, &X); 838 TEST_ASSERT(sign_is_valid(&X)); 839 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0); 840 841exit: 842 mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0); 843} 844/* END_CASE */ 845 846/* BEGIN_CASE */ 847void mpi_shrink(int before, int used, int min, int after) 848{ 849 mbedtls_mpi X; 850 mbedtls_mpi_init(&X); 851 852 TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0); 853 if (used > 0) { 854 size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint); 855 TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0); 856 } 857 TEST_EQUAL(X.n, (size_t) before); 858 TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0); 859 TEST_EQUAL(X.n, (size_t) after); 860 861exit: 862 mbedtls_mpi_free(&X); 863} 864/* END_CASE */ 865 866/* BEGIN_CASE */ 867void mpi_add_mpi(char *input_X, char *input_Y, 868 char *input_A) 869{ 870 mbedtls_mpi X, Y, Z, A; 871 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 872 873 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 874 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 875 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 876 TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0); 877 TEST_ASSERT(sign_is_valid(&Z)); 878 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 879 880 /* result == first operand */ 881 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0); 882 TEST_ASSERT(sign_is_valid(&X)); 883 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 884 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 885 886 /* result == second operand */ 887 TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0); 888 TEST_ASSERT(sign_is_valid(&Y)); 889 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 890 891exit: 892 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 893} 894/* END_CASE */ 895 896/* BEGIN_CASE */ 897void mpi_add_mpi_inplace(char *input_X, char *input_A) 898{ 899 mbedtls_mpi X, A; 900 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 901 902 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 903 904 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 905 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0); 906 TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0); 907 TEST_ASSERT(sign_is_valid(&X)); 908 909 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 910 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0); 911 TEST_ASSERT(sign_is_valid(&X)); 912 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 913 914 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 915 TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0); 916 TEST_ASSERT(sign_is_valid(&X)); 917 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 918 919exit: 920 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 921} 922/* END_CASE */ 923 924 925/* BEGIN_CASE */ 926void mpi_add_abs(char *input_X, char *input_Y, 927 char *input_A) 928{ 929 mbedtls_mpi X, Y, Z, A; 930 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 931 932 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 933 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 934 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 935 TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0); 936 TEST_ASSERT(sign_is_valid(&Z)); 937 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 938 939 /* result == first operand */ 940 TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0); 941 TEST_ASSERT(sign_is_valid(&X)); 942 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 943 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 944 945 /* result == second operand */ 946 TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0); 947 TEST_ASSERT(sign_is_valid(&Y)); 948 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 949 950exit: 951 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 952} 953/* END_CASE */ 954 955/* BEGIN_CASE */ 956void mpi_add_int(char *input_X, int input_Y, 957 char *input_A) 958{ 959 mbedtls_mpi X, Z, A; 960 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 961 962 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 963 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 964 TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0); 965 TEST_ASSERT(sign_is_valid(&Z)); 966 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 967 968exit: 969 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 970} 971/* END_CASE */ 972 973/* BEGIN_CASE */ 974void mpi_sub_mpi(char *input_X, char *input_Y, 975 char *input_A) 976{ 977 mbedtls_mpi X, Y, Z, A; 978 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 979 980 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 981 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 982 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 983 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0); 984 TEST_ASSERT(sign_is_valid(&Z)); 985 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 986 987 /* result == first operand */ 988 TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0); 989 TEST_ASSERT(sign_is_valid(&X)); 990 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 991 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 992 993 /* result == second operand */ 994 TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0); 995 TEST_ASSERT(sign_is_valid(&Y)); 996 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 997 998exit: 999 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1000} 1001/* END_CASE */ 1002 1003/* BEGIN_CASE */ 1004void mpi_sub_abs(char *input_X, char *input_Y, 1005 char *input_A, int sub_result) 1006{ 1007 mbedtls_mpi X, Y, Z, A; 1008 int res; 1009 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1010 1011 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1012 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1013 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1014 1015 res = mbedtls_mpi_sub_abs(&Z, &X, &Y); 1016 TEST_ASSERT(res == sub_result); 1017 TEST_ASSERT(sign_is_valid(&Z)); 1018 if (res == 0) { 1019 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1020 } 1021 1022 /* result == first operand */ 1023 TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result); 1024 TEST_ASSERT(sign_is_valid(&X)); 1025 if (sub_result == 0) { 1026 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1027 } 1028 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1029 1030 /* result == second operand */ 1031 TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result); 1032 TEST_ASSERT(sign_is_valid(&Y)); 1033 if (sub_result == 0) { 1034 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0); 1035 } 1036 1037exit: 1038 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1039} 1040/* END_CASE */ 1041 1042/* BEGIN_CASE */ 1043void mpi_sub_int(char *input_X, int input_Y, 1044 char *input_A) 1045{ 1046 mbedtls_mpi X, Z, A; 1047 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1048 1049 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1050 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1051 TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0); 1052 TEST_ASSERT(sign_is_valid(&Z)); 1053 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1054 1055exit: 1056 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1057} 1058/* END_CASE */ 1059 1060/* BEGIN_CASE */ 1061void mpi_mul_mpi(char *input_X, char *input_Y, 1062 char *input_A) 1063{ 1064 mbedtls_mpi X, Y, Z, A; 1065 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1066 1067 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1068 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1069 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1070 TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0); 1071 TEST_ASSERT(sign_is_valid(&Z)); 1072 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1073 1074exit: 1075 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1076} 1077/* END_CASE */ 1078 1079/* BEGIN_CASE */ 1080void mpi_mul_int(char *input_X, int input_Y, 1081 char *input_A, char *result_comparison) 1082{ 1083 mbedtls_mpi X, Z, A; 1084 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1085 1086 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1087 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1088 TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0); 1089 TEST_ASSERT(sign_is_valid(&Z)); 1090 if (strcmp(result_comparison, "==") == 0) { 1091 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1092 } else if (strcmp(result_comparison, "!=") == 0) { 1093 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0); 1094 } else { 1095 TEST_ASSERT("unknown operator" == 0); 1096 } 1097 1098exit: 1099 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1100} 1101/* END_CASE */ 1102 1103/* BEGIN_CASE */ 1104void mpi_div_mpi(char *input_X, char *input_Y, 1105 char *input_A, char *input_B, 1106 int div_result) 1107{ 1108 mbedtls_mpi X, Y, Q, R, A, B; 1109 int res; 1110 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); 1111 mbedtls_mpi_init(&A); mbedtls_mpi_init(&B); 1112 1113 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1114 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1115 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1116 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 1117 res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y); 1118 TEST_ASSERT(res == div_result); 1119 if (res == 0) { 1120 TEST_ASSERT(sign_is_valid(&Q)); 1121 TEST_ASSERT(sign_is_valid(&R)); 1122 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 1123 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 1124 } 1125 1126exit: 1127 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); 1128 mbedtls_mpi_free(&A); mbedtls_mpi_free(&B); 1129} 1130/* END_CASE */ 1131 1132/* BEGIN_CASE */ 1133void mpi_div_int(char *input_X, int input_Y, 1134 char *input_A, char *input_B, 1135 int div_result) 1136{ 1137 mbedtls_mpi X, Q, R, A, B; 1138 int res; 1139 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A); 1140 mbedtls_mpi_init(&B); 1141 1142 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1143 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1144 TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0); 1145 res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y); 1146 TEST_ASSERT(res == div_result); 1147 if (res == 0) { 1148 TEST_ASSERT(sign_is_valid(&Q)); 1149 TEST_ASSERT(sign_is_valid(&R)); 1150 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0); 1151 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0); 1152 } 1153 1154exit: 1155 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A); 1156 mbedtls_mpi_free(&B); 1157} 1158/* END_CASE */ 1159 1160/* BEGIN_CASE */ 1161void mpi_mod_mpi(char *input_X, char *input_Y, 1162 char *input_A, int div_result) 1163{ 1164 mbedtls_mpi X, Y, A; 1165 int res; 1166 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A); 1167 1168 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1169 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1170 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1171 res = mbedtls_mpi_mod_mpi(&X, &X, &Y); 1172 TEST_ASSERT(res == div_result); 1173 if (res == 0) { 1174 TEST_ASSERT(sign_is_valid(&X)); 1175 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1176 } 1177 1178exit: 1179 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A); 1180} 1181/* END_CASE */ 1182 1183/* BEGIN_CASE */ 1184void mpi_mod_int(char *input_X, mbedtls_mpi_sint y, 1185 mbedtls_mpi_sint a, int mod_result) 1186{ 1187 mbedtls_mpi X; 1188 int res; 1189 mbedtls_mpi_uint r; 1190 1191 mbedtls_mpi_init(&X); 1192 1193 TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); 1194 1195 res = mbedtls_mpi_mod_int(&r, &X, y); 1196 TEST_EQUAL(res, mod_result); 1197 if (res == 0) { 1198 TEST_EQUAL(r, a); 1199 } 1200 1201exit: 1202 mbedtls_mpi_free(&X); 1203} 1204/* END_CASE */ 1205 1206/* BEGIN_CASE */ 1207void mpi_exp_mod(char *input_A, char *input_E, 1208 char *input_N, char *input_X, 1209 int exp_result) 1210{ 1211 mbedtls_mpi A, E, N, RR, Z, X; 1212 int res; 1213 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1214 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); 1215 1216 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1217 TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); 1218 TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); 1219 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1220 1221 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL); 1222 TEST_ASSERT(res == exp_result); 1223 if (res == 0) { 1224 TEST_ASSERT(sign_is_valid(&Z)); 1225 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1226 } 1227 1228 /* Now test again with the speed-up parameter supplied as an output. */ 1229 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1230 TEST_ASSERT(res == exp_result); 1231 if (res == 0) { 1232 TEST_ASSERT(sign_is_valid(&Z)); 1233 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1234 } 1235 1236 /* Now test again with the speed-up parameter supplied in calculated form. */ 1237 res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); 1238 TEST_ASSERT(res == exp_result); 1239 if (res == 0) { 1240 TEST_ASSERT(sign_is_valid(&Z)); 1241 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0); 1242 } 1243 1244exit: 1245 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1246 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); 1247} 1248/* END_CASE */ 1249 1250/* BEGIN_CASE */ 1251void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes, 1252 char *input_RR, int exp_result) 1253{ 1254 mbedtls_mpi A, E, N, RR, Z; 1255 mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); 1256 mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); 1257 1258 /* Set A to 2^(A_bytes - 1) + 1 */ 1259 TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0); 1260 TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0); 1261 TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0); 1262 1263 /* Set E to 2^(E_bytes - 1) + 1 */ 1264 TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0); 1265 TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0); 1266 TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0); 1267 1268 /* Set N to 2^(N_bytes - 1) + 1 */ 1269 TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0); 1270 TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0); 1271 TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0); 1272 1273 if (strlen(input_RR)) { 1274 TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0); 1275 } 1276 1277 TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result); 1278 1279exit: 1280 mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); 1281 mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); 1282} 1283/* END_CASE */ 1284 1285/* BEGIN_CASE */ 1286void mpi_inv_mod(char *input_X, char *input_Y, 1287 char *input_A, int div_result) 1288{ 1289 mbedtls_mpi X, Y, Z, A; 1290 int res; 1291 mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); 1292 1293 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1294 TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); 1295 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1296 res = mbedtls_mpi_inv_mod(&Z, &X, &Y); 1297 TEST_ASSERT(res == div_result); 1298 if (res == 0) { 1299 TEST_ASSERT(sign_is_valid(&Z)); 1300 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); 1301 } 1302 1303exit: 1304 mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A); 1305} 1306/* END_CASE */ 1307 1308/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1309void mpi_is_prime(char *input_X, int div_result) 1310{ 1311 mbedtls_mpi X; 1312 int res; 1313 mbedtls_mpi_init(&X); 1314 1315 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1316 res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL); 1317 TEST_ASSERT(res == div_result); 1318 1319exit: 1320 mbedtls_mpi_free(&X); 1321} 1322/* END_CASE */ 1323 1324/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1325void mpi_is_prime_det(data_t *input_X, data_t *witnesses, 1326 int chunk_len, int rounds) 1327{ 1328 mbedtls_mpi X; 1329 int res; 1330 mbedtls_test_mpi_random rand; 1331 1332 mbedtls_mpi_init(&X); 1333 rand.data = witnesses; 1334 rand.pos = 0; 1335 rand.chunk_len = chunk_len; 1336 1337 TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0); 1338 res = mbedtls_mpi_is_prime_ext(&X, rounds - 1, 1339 mbedtls_test_mpi_miller_rabin_determinizer, 1340 &rand); 1341 TEST_ASSERT(res == 0); 1342 1343 rand.data = witnesses; 1344 rand.pos = 0; 1345 rand.chunk_len = chunk_len; 1346 1347 res = mbedtls_mpi_is_prime_ext(&X, rounds, 1348 mbedtls_test_mpi_miller_rabin_determinizer, 1349 &rand); 1350 TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); 1351 1352exit: 1353 mbedtls_mpi_free(&X); 1354} 1355/* END_CASE */ 1356 1357/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ 1358void mpi_gen_prime(int bits, int flags, int ref_ret) 1359{ 1360 mbedtls_mpi X; 1361 int my_ret; 1362 1363 mbedtls_mpi_init(&X); 1364 1365 my_ret = mbedtls_mpi_gen_prime(&X, bits, flags, 1366 mbedtls_test_rnd_std_rand, NULL); 1367 TEST_ASSERT(my_ret == ref_ret); 1368 1369 if (ref_ret == 0) { 1370 size_t actual_bits = mbedtls_mpi_bitlen(&X); 1371 1372 TEST_ASSERT(actual_bits >= (size_t) bits); 1373 TEST_ASSERT(actual_bits <= (size_t) bits + 1); 1374 TEST_ASSERT(sign_is_valid(&X)); 1375 1376 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1377 mbedtls_test_rnd_std_rand, 1378 NULL) == 0); 1379 if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) { 1380 /* X = ( X - 1 ) / 2 */ 1381 TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0); 1382 TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40, 1383 mbedtls_test_rnd_std_rand, 1384 NULL) == 0); 1385 } 1386 } 1387 1388exit: 1389 mbedtls_mpi_free(&X); 1390} 1391/* END_CASE */ 1392 1393/* BEGIN_CASE */ 1394void mpi_shift_l(char *input_X, int shift_X, 1395 char *input_A) 1396{ 1397 mbedtls_mpi X, A; 1398 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1399 1400 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1401 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1402 TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0); 1403 TEST_ASSERT(sign_is_valid(&X)); 1404 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1405 1406exit: 1407 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1408} 1409/* END_CASE */ 1410 1411/* BEGIN_CASE */ 1412void mpi_shift_r(char *input_X, int shift_X, 1413 char *input_A) 1414{ 1415 mbedtls_mpi X, A; 1416 mbedtls_mpi_init(&X); mbedtls_mpi_init(&A); 1417 1418 TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); 1419 TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); 1420 TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0); 1421 TEST_ASSERT(sign_is_valid(&X)); 1422 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0); 1423 1424exit: 1425 mbedtls_mpi_free(&X); mbedtls_mpi_free(&A); 1426} 1427/* END_CASE */ 1428 1429/* BEGIN_CASE */ 1430void mpi_fill_random(int wanted_bytes, int rng_bytes, 1431 int before, int expected_ret) 1432{ 1433 mbedtls_mpi X; 1434 int ret; 1435 size_t bytes_left = rng_bytes; 1436 mbedtls_mpi_init(&X); 1437 1438 if (before != 0) { 1439 /* Set X to sign(before) * 2^(|before|-1) */ 1440 TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0); 1441 if (before < 0) { 1442 before = -before; 1443 } 1444 TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0); 1445 } 1446 1447 ret = mbedtls_mpi_fill_random(&X, wanted_bytes, 1448 f_rng_bytes_left, &bytes_left); 1449 TEST_ASSERT(ret == expected_ret); 1450 1451 if (expected_ret == 0) { 1452 /* mbedtls_mpi_fill_random is documented to use bytes from the RNG 1453 * as a big-endian representation of the number. We know when 1454 * our RNG function returns null bytes, so we know how many 1455 * leading zero bytes the number has. */ 1456 size_t leading_zeros = 0; 1457 if (wanted_bytes > 0 && rng_bytes % 256 == 0) { 1458 leading_zeros = 1; 1459 } 1460 TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros == 1461 (size_t) wanted_bytes); 1462 TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes); 1463 TEST_ASSERT(sign_is_valid(&X)); 1464 } 1465 1466exit: 1467 mbedtls_mpi_free(&X); 1468} 1469/* END_CASE */ 1470 1471/* BEGIN_CASE */ 1472void mpi_random_many(int min, data_t *bound_bytes, int iterations) 1473{ 1474 /* Generate numbers in the range 1..bound-1. Do it iterations times. 1475 * This function assumes that the value of bound is at least 2 and 1476 * that iterations is large enough that a one-in-2^iterations chance 1477 * effectively never occurs. 1478 */ 1479 1480 mbedtls_mpi upper_bound; 1481 size_t n_bits; 1482 mbedtls_mpi result; 1483 size_t b; 1484 /* If upper_bound is small, stats[b] is the number of times the value b 1485 * has been generated. Otherwise stats[b] is the number of times a 1486 * value with bit b set has been generated. */ 1487 size_t *stats = NULL; 1488 size_t stats_len; 1489 int full_stats; 1490 size_t i; 1491 1492 mbedtls_mpi_init(&upper_bound); 1493 mbedtls_mpi_init(&result); 1494 1495 TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound, 1496 bound_bytes->x, bound_bytes->len)); 1497 n_bits = mbedtls_mpi_bitlen(&upper_bound); 1498 /* Consider a bound "small" if it's less than 2^5. This value is chosen 1499 * to be small enough that the probability of missing one value is 1500 * negligible given the number of iterations. It must be less than 1501 * 256 because some of the code below assumes that "small" values 1502 * fit in a byte. */ 1503 if (n_bits <= 5) { 1504 full_stats = 1; 1505 stats_len = bound_bytes->x[bound_bytes->len - 1]; 1506 } else { 1507 full_stats = 0; 1508 stats_len = n_bits; 1509 } 1510 TEST_CALLOC(stats, stats_len); 1511 1512 for (i = 0; i < (size_t) iterations; i++) { 1513 mbedtls_test_set_step(i); 1514 TEST_EQUAL(0, mbedtls_mpi_random(&result, min, &upper_bound, 1515 mbedtls_test_rnd_std_rand, NULL)); 1516 1517 TEST_ASSERT(sign_is_valid(&result)); 1518 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&result, &upper_bound) < 0); 1519 TEST_ASSERT(mbedtls_mpi_cmp_int(&result, min) >= 0); 1520 if (full_stats) { 1521 uint8_t value; 1522 TEST_EQUAL(0, mbedtls_mpi_write_binary(&result, &value, 1)); 1523 TEST_ASSERT(value < stats_len); 1524 ++stats[value]; 1525 } else { 1526 for (b = 0; b < n_bits; b++) { 1527 stats[b] += mbedtls_mpi_get_bit(&result, b); 1528 } 1529 } 1530 } 1531 1532 if (full_stats) { 1533 for (b = min; b < stats_len; b++) { 1534 mbedtls_test_set_step(1000000 + b); 1535 /* Assert that each value has been reached at least once. 1536 * This is almost guaranteed if the iteration count is large 1537 * enough. This is a very crude way of checking the distribution. 1538 */ 1539 TEST_ASSERT(stats[b] > 0); 1540 } 1541 } else { 1542 int statistically_safe_all_the_way = 1543 is_significantly_above_a_power_of_2(bound_bytes); 1544 for (b = 0; b < n_bits; b++) { 1545 mbedtls_test_set_step(1000000 + b); 1546 /* Assert that each bit has been set in at least one result and 1547 * clear in at least one result. Provided that iterations is not 1548 * too small, it would be extremely unlikely for this not to be 1549 * the case if the results are uniformly distributed. 1550 * 1551 * As an exception, the top bit may legitimately never be set 1552 * if bound is a power of 2 or only slightly above. 1553 */ 1554 if (statistically_safe_all_the_way || b != n_bits - 1) { 1555 TEST_ASSERT(stats[b] > 0); 1556 } 1557 TEST_ASSERT(stats[b] < (size_t) iterations); 1558 } 1559 } 1560 1561exit: 1562 mbedtls_mpi_free(&upper_bound); 1563 mbedtls_mpi_free(&result); 1564 mbedtls_free(stats); 1565} 1566/* END_CASE */ 1567 1568/* BEGIN_CASE */ 1569void mpi_random_sizes(int min, data_t *bound_bytes, int nlimbs, int before) 1570{ 1571 mbedtls_mpi upper_bound; 1572 mbedtls_mpi result; 1573 1574 mbedtls_mpi_init(&upper_bound); 1575 mbedtls_mpi_init(&result); 1576 1577 if (before != 0) { 1578 /* Set result to sign(before) * 2^(|before|-1) */ 1579 TEST_ASSERT(mbedtls_mpi_lset(&result, before > 0 ? 1 : -1) == 0); 1580 if (before < 0) { 1581 before = -before; 1582 } 1583 TEST_ASSERT(mbedtls_mpi_shift_l(&result, before - 1) == 0); 1584 } 1585 1586 TEST_EQUAL(0, mbedtls_mpi_grow(&result, nlimbs)); 1587 TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound, 1588 bound_bytes->x, bound_bytes->len)); 1589 TEST_EQUAL(0, mbedtls_mpi_random(&result, min, &upper_bound, 1590 mbedtls_test_rnd_std_rand, NULL)); 1591 TEST_ASSERT(sign_is_valid(&result)); 1592 TEST_ASSERT(mbedtls_mpi_cmp_mpi(&result, &upper_bound) < 0); 1593 TEST_ASSERT(mbedtls_mpi_cmp_int(&result, min) >= 0); 1594 1595exit: 1596 mbedtls_mpi_free(&upper_bound); 1597 mbedtls_mpi_free(&result); 1598} 1599/* END_CASE */ 1600 1601/* BEGIN_CASE */ 1602void mpi_random_fail(int min, data_t *bound_bytes, int expected_ret) 1603{ 1604 mbedtls_mpi upper_bound; 1605 mbedtls_mpi result; 1606 int actual_ret; 1607 1608 mbedtls_mpi_init(&upper_bound); 1609 mbedtls_mpi_init(&result); 1610 1611 TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound, 1612 bound_bytes->x, bound_bytes->len)); 1613 actual_ret = mbedtls_mpi_random(&result, min, &upper_bound, 1614 mbedtls_test_rnd_std_rand, NULL); 1615 TEST_EQUAL(expected_ret, actual_ret); 1616 1617exit: 1618 mbedtls_mpi_free(&upper_bound); 1619 mbedtls_mpi_free(&result); 1620} 1621/* END_CASE */ 1622 1623/* BEGIN_CASE */ 1624void most_negative_mpi_sint() 1625{ 1626 /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We 1627 * guarantee that mbedtls_mpi_sint is a two's complement type, so this 1628 * is a valid value. However, negating it (`-n`) has undefined behavior 1629 * (although in practice `-n` evaluates to the value n). 1630 * 1631 * This function has ad hoc tests for this value. It's separated from other 1632 * functions because the test framework makes it hard to pass this value 1633 * into test cases. 1634 * 1635 * In the comments here: 1636 * - biL = number of bits in limbs 1637 * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range) 1638 * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range) 1639 */ 1640 1641 mbedtls_mpi A, R, X; 1642 mbedtls_mpi_init(&A); 1643 mbedtls_mpi_init(&R); 1644 mbedtls_mpi_init(&X); 1645 1646 const size_t biL = 8 * sizeof(mbedtls_mpi_sint); 1647 mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1); 1648 const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1; 1649 const mbedtls_mpi_sint most_negative = -most_positive - 1; 1650 TEST_EQUAL((mbedtls_mpi_uint) most_negative, 1651 (mbedtls_mpi_uint) 1 << (biL - 1)); 1652 TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0); 1653 1654 /* Test mbedtls_mpi_lset() */ 1655 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1656 TEST_EQUAL(A.s, -1); 1657 TEST_EQUAL(A.n, 1); 1658 TEST_EQUAL(A.p[0], most_positive_plus_1); 1659 1660 /* Test mbedtls_mpi_cmp_int(): -p == -p */ 1661 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0); 1662 1663 /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */ 1664 A.p[0] = most_positive_plus_1 + 1; 1665 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1); 1666 1667 /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */ 1668 A.p[0] = most_positive_plus_1 - 1; 1669 TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1); 1670 1671 /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */ 1672 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1673 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1674 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1675 1676 /* Test mbedtls_mpi_add_int(): (0) + (-p) */ 1677 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1678 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1679 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0); 1680 1681 /* Test mbedtls_mpi_add_int(): (-p) + (-p) */ 1682 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1683 TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0); 1684 TEST_EQUAL(X.s, -1); 1685 TEST_EQUAL(X.n, 2); 1686 TEST_EQUAL(X.p[0], 0); 1687 TEST_EQUAL(X.p[1], 1); 1688 1689 /* Test mbedtls_mpi_sub_int(): (p) - (-p) */ 1690 mbedtls_mpi_free(&X); 1691 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1692 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1693 TEST_EQUAL(X.s, 1); 1694 TEST_EQUAL(X.n, 1); 1695 TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0); 1696 1697 /* Test mbedtls_mpi_sub_int(): (0) - (-p) */ 1698 TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0); 1699 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1700 TEST_EQUAL(X.s, 1); 1701 TEST_EQUAL(X.n, 1); 1702 TEST_EQUAL(X.p[0], most_positive_plus_1); 1703 1704 /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */ 1705 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1706 TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0); 1707 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1708 1709 /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */ 1710 TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0); 1711 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1712 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1713 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1714 1715 /* Test mbedtls_mpi_div_int(): (-p) / (-p) */ 1716 TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0); 1717 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1718 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1719 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1720 1721 /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */ 1722 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1723 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1724 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0); 1725 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1726 1727 /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */ 1728 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1729 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1730 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0); 1731 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0); 1732 1733 /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */ 1734 TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0); 1735 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1736 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0); 1737 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0); 1738 1739 /* Test mbedtls_mpi_div_int(): (p) / (-p) */ 1740 TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0); 1741 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1742 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0); 1743 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1744 1745 /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */ 1746 TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0); 1747 TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0); 1748 TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0); 1749 TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0); 1750 1751 /* Test mbedtls_mpi_mod_int(): never valid */ 1752 TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative), 1753 MBEDTLS_ERR_MPI_NEGATIVE_VALUE); 1754 1755 /* Test mbedtls_mpi_random(): never valid */ 1756 TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A, 1757 mbedtls_test_rnd_std_rand, NULL), 1758 MBEDTLS_ERR_MPI_BAD_INPUT_DATA); 1759 1760exit: 1761 mbedtls_mpi_free(&A); 1762 mbedtls_mpi_free(&R); 1763 mbedtls_mpi_free(&X); 1764} 1765/* END_CASE */ 1766 1767/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 1768void mpi_selftest() 1769{ 1770 TEST_ASSERT(mbedtls_mpi_self_test(1) == 0); 1771} 1772/* END_CASE */ 1773