From dc197593273864636bb8cb49b73ed38ea81a7886 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 15 Dec 2022 16:59:40 +0000 Subject: [PATCH] Add tests for mbedtls_mpi_mod_inv() Signed-off-by: Tom Cosgrove --- scripts/mbedtls_dev/bignum_mod.py | 51 ++++++++++ tests/suites/test_suite_bignum_mod.function | 100 +++++++++++++++++++ tests/suites/test_suite_bignum_mod.misc.data | 44 ++++++++ 3 files changed, 195 insertions(+) diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py index a16699a642..9f98131bd6 100644 --- a/scripts/mbedtls_dev/bignum_mod.py +++ b/scripts/mbedtls_dev/bignum_mod.py @@ -18,6 +18,7 @@ from typing import Dict, List from . import test_data_generation from . import bignum_common +from .bignum_data import ONLY_PRIME_MODULI class BignumModTarget(test_data_generation.BaseTarget): #pylint: disable=abstract-method, too-few-public-methods @@ -48,6 +49,56 @@ class BignumModSub(bignum_common.ModOperationCommon, BignumModTarget): # generated cases return [self.format_result(result), "0"] +class BignumModInvNonMont(bignum_common.ModOperationCommon, BignumModTarget): + """Test cases for bignum mpi_mod_inv() - not in Montgomery form.""" + moduli = ONLY_PRIME_MODULI # for now only prime moduli supported + symbol = "^ -1" + test_function = "mpi_mod_inv_non_mont" + test_name = "mbedtls_mpi_mod_inv non-Mont. form" + input_style = "fixed" + arity = 1 + suffix = True + + @property + def is_valid(self) -> bool: + return self.int_a > 0 and self.int_a < self.int_n + + def result(self) -> List[str]: + result = bignum_common.invmod(self.int_a, self.int_n) + if result < 0: + result += self.int_n + # To make negative tests easier, append 0 for success to the + # generated cases + return [self.format_result(result), "0"] + +class BignumModInvMont(bignum_common.ModOperationCommon, BignumModTarget): + """Test cases for bignum mpi_mod_inv() - Montgomery form.""" + moduli = ONLY_PRIME_MODULI # for now only prime moduli supported + symbol = "^ -1" + test_function = "mpi_mod_inv_mont" + test_name = "mbedtls_mpi_mod_inv Mont. form" + input_style = "arch_split" # Mont. form requires arch_split + arity = 1 + suffix = True + + @property + def is_valid(self) -> bool: + return self.int_a > 0 and self.int_a < self.int_n + + @property + def arg_a(self) -> str: + mont_a = self.to_montgomery(self.int_a) + return self.format_arg('{:x}'.format(mont_a)) + + def result(self) -> List[str]: + result = bignum_common.invmod(self.int_a, self.int_n) + if result < 0: + result += self.int_n + mont_result = self.to_montgomery(result) + # To make negative tests easier, append 0 for success to the + # generated cases + return [self.format_result(mont_result), "0"] + # END MERGE SLOT 3 # BEGIN MERGE SLOT 4 diff --git a/tests/suites/test_suite_bignum_mod.function b/tests/suites/test_suite_bignum_mod.function index 507920afd3..4b77a4a7ea 100644 --- a/tests/suites/test_suite_bignum_mod.function +++ b/tests/suites/test_suite_bignum_mod.function @@ -203,6 +203,106 @@ exit: mbedtls_free( X_raw ); } /* END_CASE */ + +/* BEGIN_CASE */ +void mpi_mod_inv_mont( char * input_N, + char * input_A, char * input_I, + int expected_ret ) +{ + mbedtls_mpi_mod_residue a = { NULL, 0 }; /* argument */ + mbedtls_mpi_mod_residue i = { NULL, 0 }; /* expected inverse wrt N */ + mbedtls_mpi_mod_residue x = { NULL, 0 }; /* output */ + mbedtls_mpi_uint *X_raw = NULL; + + mbedtls_mpi_mod_modulus N; + mbedtls_mpi_mod_modulus_init( &N ); + + TEST_EQUAL( 0, + test_read_modulus( &N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N ) ); + + /* test_read_residue() normally checks that inputs have the same number of + * limbs as the modulus. For negative testing we can ask it to skip this + * with a non-zero final parameter. */ + TEST_EQUAL( 0, test_read_residue( &a, &N, input_A, expected_ret != 0 ) ); + TEST_EQUAL( 0, test_read_residue( &i, &N, input_I, expected_ret != 0 ) ); + + size_t limbs = N.limbs; + size_t bytes = limbs * sizeof( *X_raw ); + + ASSERT_ALLOC( X_raw, limbs ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &x, &N, X_raw, limbs ) ); + + TEST_EQUAL( expected_ret, mbedtls_mpi_mod_inv( &x, &a, &N ) ); + if( expected_ret == 0 ) + { + TEST_COMPARE_MPI_RESIDUES( x, i ); + + /* a^-1: alias x to a => Correct result */ + memcpy( x.p, a.p, bytes ); + TEST_EQUAL( 0, mbedtls_mpi_mod_inv( &x, &x, &N ) ); + TEST_COMPARE_MPI_RESIDUES( x, i ); + } + +exit: + mbedtls_free( (void *)N.p ); /* mbedtls_mpi_mod_modulus_free() sets N.p = NULL */ + mbedtls_mpi_mod_modulus_free( &N ); + + mbedtls_free( a.p ); + mbedtls_free( i.p ); + mbedtls_free( X_raw ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mpi_mod_inv_non_mont( char * input_N, + char * input_A, char * input_I, + int expected_ret ) +{ + mbedtls_mpi_mod_residue a = { NULL, 0 }; /* argument */ + mbedtls_mpi_mod_residue i = { NULL, 0 }; /* expected inverse wrt N */ + mbedtls_mpi_mod_residue x = { NULL, 0 }; /* output */ + mbedtls_mpi_uint *X_raw = NULL; + + mbedtls_mpi_mod_modulus N; + mbedtls_mpi_mod_modulus_init( &N ); + + TEST_EQUAL( 0, + test_read_modulus( &N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N ) ); + + /* test_read_residue() normally checks that inputs have the same number of + * limbs as the modulus. For negative testing we can ask it to skip this + * with a non-zero final parameter. */ + TEST_EQUAL( 0, test_read_residue( &a, &N, input_A, expected_ret != 0 ) ); + TEST_EQUAL( 0, test_read_residue( &i, &N, input_I, expected_ret != 0 ) ); + + size_t limbs = N.limbs; + size_t bytes = limbs * sizeof( *X_raw ); + + ASSERT_ALLOC( X_raw, limbs ); + + TEST_EQUAL( 0, mbedtls_mpi_mod_residue_setup( &x, &N, X_raw, limbs ) ); + + TEST_EQUAL( expected_ret, mbedtls_mpi_mod_inv( &x, &a, &N ) ); + if( expected_ret == 0 ) + { + TEST_COMPARE_MPI_RESIDUES( x, i ); + + /* a^-1: alias x to a => Correct result */ + memcpy( x.p, a.p, bytes ); + TEST_EQUAL( 0, mbedtls_mpi_mod_inv( &x, &x, &N ) ); + TEST_COMPARE_MPI_RESIDUES( x, i ); + } + +exit: + mbedtls_free( (void *)N.p ); /* mbedtls_mpi_mod_modulus_free() sets N.p = NULL */ + mbedtls_mpi_mod_modulus_free( &N ); + + mbedtls_free( a.p ); + mbedtls_free( i.p ); + mbedtls_free( X_raw ); +} +/* END_CASE */ /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */ diff --git a/tests/suites/test_suite_bignum_mod.misc.data b/tests/suites/test_suite_bignum_mod.misc.data index 7b1c85fb06..6240e214ba 100644 --- a/tests/suites/test_suite_bignum_mod.misc.data +++ b/tests/suites/test_suite_bignum_mod.misc.data @@ -38,6 +38,50 @@ mpi_mod_sub:"014320a022ccb75bdf470ddf25":"a99c71c7":"00033b2e3c9fd0803ce8000f93" mpi_mod_sub with second input too short mpi_mod_sub:"014320a022ccb75bdf470ddf25":"000000025a55a46e5da99c71c7":"e8000f93":"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_mpi_mod_inv non-Mont. form - base case for negative testing (N, A, A^-1) +mpi_mod_inv_non_mont:"000000000000152d02c7e14af67fe0bf":"00000000000000000000000000000038":"000000000000097418193b6f2e0b5fc3":0 + +mbedtls_mpi_mod_inv non-Mont. form - A == 0 +mpi_mod_inv_non_mont:"000000000000152d02c7e14af67fe0bf":"00000000000000000000000000000000":"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv non-Mont. form - A too long +mpi_mod_inv_non_mont:"000000000000152d02c7e14af67fe0bf":"0000000000000000000000000000000000000038":"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv non-Mont. form - A too short +mpi_mod_inv_non_mont:"000000000000152d02c7e14af67fe0bf":"0000000000000038":"000000000000097418193b6f2e0b5fc3":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv 32-bit Mont. form - base case for negative testing, A = 1 (N, mont(A), mont(A^-1)) +depends_on:MBEDTLS_HAVE_INT32 +mpi_mod_inv_mont:"000000000000152d02c7e14af67fe0bf":"0000000000000d71d51539b9c02b7b28":"0000000000000d71d51539b9c02b7b28":0 + +mbedtls_mpi_mod_inv 32-bit Mont. form - A == 0 +depends_on:MBEDTLS_HAVE_INT32 +mpi_mod_inv_mont:"000000000000152d02c7e14af67fe0bf":"00000000000000000000000000000000":"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv 32-bit Mont. form - A too long +depends_on:MBEDTLS_HAVE_INT32 +mpi_mod_inv_mont:"000000000000152d02c7e14af67fe0bf":"000000000000000000000d71d51539b9c02b7b28":"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv 32-bit Mont. form - A too short +depends_on:MBEDTLS_HAVE_INT32 +mpi_mod_inv_mont:"000000000000152d02c7e14af67fe0bf":"00000d71d51539b9c02b7b28":"0000000000000d71d51539b9c02b7b28":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv 64-bit Mont. form - base case for negative testing, A = 1 (N, mont(A), mont(A^-1)) +depends_on:MBEDTLS_HAVE_INT64 +mpi_mod_inv_mont:"0000000000000000000000000000152d02c7e14af67fe0bf":"000000000000000000000000000009545642424381c611fb":"000000000000000000000000000009545642424381c611fb":0 + +mbedtls_mpi_mod_inv 64-bit Mont. form - A == 0 +depends_on:MBEDTLS_HAVE_INT64 +mpi_mod_inv_mont:"0000000000000000000000000000152d02c7e14af67fe0bf":"000000000000000000000000000000000000000000000000":"000000000000000000000000000009545642424381c611fb":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv 64-bit Mont. form - A too long +depends_on:MBEDTLS_HAVE_INT64 +mpi_mod_inv_mont:"0000000000000000000000000000152d02c7e14af67fe0bf":"0000000000000000000000000000000000000000000009545642424381c611fb":"000000000000000000000000000009545642424381c611fb":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +mbedtls_mpi_mod_inv 64-bit Mont. form - A too short +depends_on:MBEDTLS_HAVE_INT64 +mpi_mod_inv_mont:"0000000000000000000000000000152d02c7e14af67fe0bf":"00000000000009545642424381c611fb":"000000000000000000000000000009545642424381c611fb":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + # END MERGE SLOT 3 # BEGIN MERGE SLOT 4