mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
mbedtls/tests/suites/test_suite_bignum.function
Gilles Peskine e3a1b81cb9 Switch mpi_random_many test function to testing core 
The test function mpi_random_many() is the main function for testing the
get-random-in-range function. It validates that the random generator's
output is within the desired range, and performs some basic statistical
checks including checking that small ranges are covered exhaustively.

Switch this function from testing mbedtls_mpi_random() to testing
mbedtls_mpi_core_random(). This does not reduce the test coverage of
mbedtls_mpi_random() because the same properties are now validated
indirectly via mpi_random_values() which checks that mbedtls_mpi_random()
and mbedtls_mpi_core_random() produce identical values for identical inputs.

As of this commit, mpi_random_many() still uses some legacy mpi functions
internally because the corresponding functions don't exist yet in core.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00

1673 lines
53 KiB
C
Raw Blame History

/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
#include "mbedtls/entropy.h"
#include "constant_time_internal.h"
#include "bignum_core.h"
#include "test/constant_flow.h"
#if MBEDTLS_MPI_MAX_BITS > 792
#define MPI_MAX_BITS_LARGER_THAN_792
#endif
/* Check the validity of the sign bit in an MPI object. Reject representations
* that are not supported by the rest of the library and indicate a bug when
* constructing the value. */
static int sign_is_valid( const mbedtls_mpi *X )
{
/* Only +1 and -1 are valid sign bits, not e.g. 0 */
if( X->s != 1 && X->s != -1 )
return( 0 );
/* The value 0 must be represented with the sign +1. A "negative zero"
* with s=-1 is an invalid representation. Forbid that. As an exception,
* we sometimes test the robustness of library functions when given
* a negative zero input. If a test case has a negative zero as input,
* we don't mind if the function has a negative zero output. */
if( ! mbedtls_test_case_uses_negative_0 &&
mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
{
return( 0 );
}
return( 1 );
}
typedef struct mbedtls_test_mpi_random
{
data_t *data;
size_t pos;
size_t chunk_len;
} mbedtls_test_mpi_random;
/*
* This function is called by the Miller-Rabin primality test each time it
* chooses a random witness. The witnesses (or non-witnesses as provided by the
* test) are stored in the data member of the state structure. Each number is in
* the format that mbedtls_mpi_read_string understands and is chunk_len long.
*/
int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
unsigned char* buf,
size_t len )
{
mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state;
if( random == NULL || random->data->x == NULL || buf == NULL )
return( -1 );
if( random->pos + random->chunk_len > random->data->len
|| random->chunk_len > len )
{
return( -1 );
}
memset( buf, 0, len );
/* The witness is written to the end of the buffer, since the buffer is
* used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
* Writing the witness to the start of the buffer would result in the
* buffer being 'witness 000...000', which would be treated as
* witness * 2^n for some n. */
memcpy( buf + len - random->chunk_len, &random->data->x[random->pos],
random->chunk_len );
random->pos += random->chunk_len;
return( 0 );
}
/* Random generator that is told how many bytes to return. */
static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len )
{
size_t *bytes_left = state;
size_t i;
for( i = 0; i < len; i++ )
{
if( *bytes_left == 0 )
return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
buf[i] = *bytes_left & 0xff;
--( *bytes_left );
}
return( 0 );
}
/* Test whether bytes represents (in big-endian base 256) a number b that
* is significantly above a power of 2. That is, b must not have a long run
* of unset bits after the most significant bit.
*
* Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}.
* This function returns 1 if, when drawing a number between 0 and b,
* the probability that this number is at least 2^n is not negligible.
* This probability is (b - 2^n) / b and this function checks that this
* number is above some threshold A. The threshold value is heuristic and
* based on the needs of mpi_random_many().
*/
static int is_significantly_above_a_power_of_2( data_t *bytes )
{
const uint8_t *p = bytes->x;
size_t len = bytes->len;
unsigned x;
/* Skip leading null bytes */
while( len > 0 && p[0] == 0 )
{
++p;
--len;
}
/* 0 is not significantly above a power of 2 */
if( len == 0 )
return( 0 );
/* Extract the (up to) 2 most significant bytes */
if( len == 1 )
x = p[0];
else
x = ( p[0] << 8 ) | p[1];
/* Shift the most significant bit of x to position 8 and mask it out */
while( ( x & 0xfe00 ) != 0 )
x >>= 1;
x &= 0x00ff;
/* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above
* a power of 2 iff x is significantly above 0 compared to 2^8.
* Testing x >= 2^4 amounts to picking A = 1/16 in the function
* description above. */
return( x >= 0x10 );
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_BIGNUM_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void mpi_null( )
{
mbedtls_mpi X, Y, Z;
mbedtls_mpi_init( &X );
mbedtls_mpi_init( &Y );
mbedtls_mpi_init( &Z );
TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 );
TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
char * input_A, int output_size, int result_read,
int result_write )
{
mbedtls_mpi X;
char str[1000];
size_t len;
mbedtls_mpi_init( &X );
memset( str, '!', sizeof( str ) );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 )
{
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write );
if( result_write == 0 )
{
TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
TEST_ASSERT( str[len] == '!' );
}
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_read_binary( data_t * buf, char * input_A )
{
mbedtls_mpi X;
char str[1000];
size_t len;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_read_binary_le( data_t * buf, char * input_A )
{
mbedtls_mpi X;
char str[1000];
size_t len;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_write_binary( char * input_X, data_t * input_A,
int output_size, int result )
{
mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
memset( buf, 0x00, 1000 );
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
buflen = (size_t) output_size;
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result );
if( result == 0)
{
TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
buflen, input_A->len ) == 0 );
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_write_binary_le( char * input_X, data_t * input_A,
int output_size, int result )
{
mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
memset( buf, 0x00, 1000 );
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
buflen = (size_t) output_size;
TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
if( result == 0)
{
TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
buflen, input_A->len ) == 0 );
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mpi_read_file( char * input_file, data_t * input_A, int result )
{
mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
FILE *file;
int ret;
memset( buf, 0x00, 1000 );
mbedtls_mpi_init( &X );
file = fopen( input_file, "r" );
TEST_ASSERT( file != NULL );
ret = mbedtls_mpi_read_file( &X, 16, file );
fclose(file);
TEST_ASSERT( ret == result );
if( result == 0 )
{
TEST_ASSERT( sign_is_valid( &X ) );
buflen = mbedtls_mpi_size( &X );
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
buflen, input_A->len ) == 0 );
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mpi_write_file( char * input_X, char * output_file )
{
mbedtls_mpi X, Y;
FILE *file_out, *file_in;
int ret;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
file_out = fopen( output_file, "w" );
TEST_ASSERT( file_out != NULL );
ret = mbedtls_mpi_write_file( NULL, &X, 16, file_out );
fclose(file_out);
TEST_ASSERT( ret == 0 );
file_in = fopen( output_file, "r" );
TEST_ASSERT( file_in != NULL );
ret = mbedtls_mpi_read_file( &Y, 16, file_in );
fclose(file_in);
TEST_ASSERT( ret == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_get_bit( char * input_X, int pos, int val )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_set_bit( char * input_X, int pos, int val,
char * output_Y, int result )
{
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, output_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result );
if( result == 0 )
{
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
}
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_lsb( char * input_X, int nr_bits )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_bitlen( char * input_X, int nr_bits )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_gcd( char * input_X, char * input_Y,
char * input_A )
{
mbedtls_mpi A, X, Y, Z;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_cmp_int( int input_X, int input_A, int result_CMP )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0);
TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_A ) == result_CMP);
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_cmp_mpi( char * input_X, char * input_Y,
int input_A )
{
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_lt_mpi_ct( int size_X, char * input_X,
int size_Y, char * input_Y,
int input_ret, int input_err )
{
unsigned ret = -1;
unsigned input_uret = input_ret;
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
if( input_err == 0 )
TEST_ASSERT( ret == input_uret );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_cmp_abs( char * input_X, char * input_Y,
int input_A )
{
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_copy( char *src_hex, char *dst_hex )
{
mbedtls_mpi src, dst, ref;
mbedtls_mpi_init( &src );
mbedtls_mpi_init( &dst );
mbedtls_mpi_init( &ref );
TEST_ASSERT( mbedtls_test_read_mpi( &src, src_hex ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &ref, dst_hex ) == 0 );
/* mbedtls_mpi_copy() */
TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 );
TEST_ASSERT( sign_is_valid( &dst ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
/* mbedtls_mpi_safe_cond_assign(), assignment done */
mbedtls_mpi_free( &dst );
TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 );
TEST_ASSERT( sign_is_valid( &dst ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
/* mbedtls_mpi_safe_cond_assign(), assignment not done */
mbedtls_mpi_free( &dst );
TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 );
TEST_ASSERT( sign_is_valid( &dst ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 );
exit:
mbedtls_mpi_free( &src );
mbedtls_mpi_free( &dst );
mbedtls_mpi_free( &ref );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_copy_self( char *input_X )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &A );
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_X ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
mbedtls_mpi_free( &A );
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_swap( char *X_hex, char *Y_hex )
{
mbedtls_mpi X, Y, X0, Y0;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y0, Y_hex ) == 0 );
/* mbedtls_mpi_swap() */
TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
mbedtls_mpi_swap( &X, &Y );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
/* mbedtls_mpi_safe_cond_swap(), swap done */
mbedtls_mpi_free( &X );
mbedtls_mpi_free( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
/* mbedtls_mpi_safe_cond_swap(), swap not done */
mbedtls_mpi_free( &X );
mbedtls_mpi_free( &Y );
TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_swap_self( char *X_hex )
{
mbedtls_mpi X, X0;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
mbedtls_mpi_swap( &X, &X );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_shrink( int before, int used, int min, int after )
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 );
if( used > 0 )
{
size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint );
TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 );
}
TEST_EQUAL( X.n, (size_t) before );
TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 );
TEST_EQUAL( X.n, (size_t) after );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_add_mpi( char * input_X, char * input_Y,
char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_add_mpi_inplace( char * input_X, char * input_A )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_add_abs( char * input_X, char * input_Y,
char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_add_int( char * input_X, int input_Y,
char * input_A )
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_sub_mpi( char * input_X, char * input_Y,
char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_sub_abs( char * input_X, char * input_Y,
char * input_A, int sub_result )
{
mbedtls_mpi X, Y, Z, A;
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
res = mbedtls_mpi_sub_abs( &Z, &X, &Y );
TEST_ASSERT( res == sub_result );
TEST_ASSERT( sign_is_valid( &Z ) );
if( res == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
TEST_ASSERT( sign_is_valid( &X ) );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
TEST_ASSERT( sign_is_valid( &Y ) );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_sub_int( char * input_X, int input_Y,
char * input_A )
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_mul_mpi( char * input_X, char * input_Y,
char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_mul_int( char * input_X, int input_Y,
char * input_A, char * result_comparison )
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 );
TEST_ASSERT( sign_is_valid( &Z ) );
if( strcmp( result_comparison, "==" ) == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
else if( strcmp( result_comparison, "!=" ) == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) != 0 );
else
TEST_ASSERT( "unknown operator" == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_div_mpi( char * input_X, char * input_Y,
char * input_A, char * input_B,
int div_result )
{
mbedtls_mpi X, Y, Q, R, A, B;
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R );
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &Q ) );
TEST_ASSERT( sign_is_valid( &R ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
}
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R );
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &B );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_div_int( char * input_X, int input_Y,
char * input_A, char * input_B,
int div_result )
{
mbedtls_mpi X, Q, R, A, B;
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A );
mbedtls_mpi_init( &B );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &Q ) );
TEST_ASSERT( sign_is_valid( &R ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
}
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &A );
mbedtls_mpi_free( &B );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_mod_mpi( char * input_X, char * input_Y,
char * input_A, int div_result )
{
mbedtls_mpi X, Y, A;
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
res = mbedtls_mpi_mod_mpi( &X, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
}
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_mod_int( char * input_X, char * input_Y,
char * input_A, int mod_result )
{
mbedtls_mpi X;
mbedtls_mpi Y;
mbedtls_mpi A;
int res;
mbedtls_mpi_uint r;
mbedtls_mpi_init( &X );
mbedtls_mpi_init( &Y );
mbedtls_mpi_init( &A );
/* We use MPIs to read Y and A since the test framework limits us to
* ints, so we can't have 64-bit values */
TEST_EQUAL( mbedtls_test_read_mpi( &X, input_X ), 0 );
TEST_EQUAL( mbedtls_test_read_mpi( &Y, input_Y ), 0 );
TEST_EQUAL( mbedtls_test_read_mpi( &A, input_A ), 0 );
TEST_EQUAL( Y.n, 1 );
TEST_EQUAL( A.n, 1 );
/* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */
/* Since we're converting sign+magnitude to two's complement, we lose one
* bit of value in the output. This means there are some values we can't
* represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically
* invalid test cases, so could be considered "won't happen", but they are
* easy to test for, and this helps guard against human error. */
mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
TEST_ASSERT( y >= 0 ); /* If y < 0 here, we can't make negative y */
if( Y.s == -1 )
y = -y;
mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
TEST_ASSERT( a >= 0 ); /* Same goes for a */
if( A.s == -1 )
a = -a;
res = mbedtls_mpi_mod_int( &r, &X, y );
TEST_EQUAL( res, mod_result );
if( res == 0 )
{
TEST_EQUAL( r, a );
}
exit:
mbedtls_mpi_free( &X );
mbedtls_mpi_free( &Y );
mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_exp_mod( char * input_A, char * input_E,
char * input_N, char * input_X,
int exp_result )
{
mbedtls_mpi A, E, N, RR, Z, X;
int res;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL );
TEST_ASSERT( res == exp_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
}
/* Now test again with the speed-up parameter supplied as an output. */
res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
TEST_ASSERT( res == exp_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
}
/* Now test again with the speed-up parameter supplied in calculated form. */
res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
TEST_ASSERT( res == exp_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
}
exit:
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes,
char * input_RR, int exp_result )
{
mbedtls_mpi A, E, N, RR, Z;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z );
/* Set A to 2^(A_bytes - 1) + 1 */
TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 );
/* Set E to 2^(E_bytes - 1) + 1 */
TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 );
/* Set N to 2^(N_bytes - 1) + 1 */
TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
if( strlen( input_RR ) )
TEST_ASSERT( mbedtls_test_read_mpi( &RR, input_RR ) == 0 );
TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
exit:
mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_inv_mod( char * input_X, char * input_Y,
char * input_A, int div_result )
{
mbedtls_mpi X, Y, Z, A;
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
res = mbedtls_mpi_inv_mod( &Z, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
}
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_is_prime( char * input_X, int div_result )
{
mbedtls_mpi X;
int res;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == div_result );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_is_prime_det( data_t * input_X, data_t * witnesses,
int chunk_len, int rounds )
{
mbedtls_mpi X;
int res;
mbedtls_test_mpi_random rand;
mbedtls_mpi_init( &X );
rand.data = witnesses;
rand.pos = 0;
rand.chunk_len = chunk_len;
TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
res = mbedtls_mpi_is_prime_ext( &X, rounds - 1,
mbedtls_test_mpi_miller_rabin_determinizer,
&rand );
TEST_ASSERT( res == 0 );
rand.data = witnesses;
rand.pos = 0;
rand.chunk_len = chunk_len;
res = mbedtls_mpi_is_prime_ext( &X, rounds,
mbedtls_test_mpi_miller_rabin_determinizer,
&rand );
TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_gen_prime( int bits, int flags, int ref_ret )
{
mbedtls_mpi X;
int my_ret;
mbedtls_mpi_init( &X );
my_ret = mbedtls_mpi_gen_prime( &X, bits, flags,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
{
size_t actual_bits = mbedtls_mpi_bitlen( &X );
TEST_ASSERT( actual_bits >= (size_t) bits );
TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
mbedtls_test_rnd_std_rand,
NULL ) == 0 );
if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH )
{
/* X = ( X - 1 ) / 2 */
TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
mbedtls_test_rnd_std_rand,
NULL ) == 0 );
}
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_shift_l( char * input_X, int shift_X,
char * input_A )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_shift_r( char * input_X, int shift_X,
char * input_A )
{
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 );
TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_fill_random( int wanted_bytes, int rng_bytes,
int before, int expected_ret )
{
mbedtls_mpi X;
int ret;
size_t bytes_left = rng_bytes;
mbedtls_mpi_init( &X );
if( before != 0 )
{
/* Set X to sign(before) * 2^(|before|-1) */
TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 );
if( before < 0 )
before = - before;
TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 );
}
ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
f_rng_bytes_left, &bytes_left );
TEST_ASSERT( ret == expected_ret );
if( expected_ret == 0 )
{
/* mbedtls_mpi_fill_random is documented to use bytes from the RNG
* as a big-endian representation of the number. We know when
* our RNG function returns null bytes, so we know how many
* leading zero bytes the number has. */
size_t leading_zeros = 0;
if( wanted_bytes > 0 && rng_bytes % 256 == 0 )
leading_zeros = 1;
TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
(size_t) wanted_bytes );
TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
TEST_ASSERT( sign_is_valid( &X ) );
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_random_values( int min, char *max_hex )
{
mbedtls_test_rnd_pseudo_info rnd_core = {
{'T', 'h', 'i', 's', ' ', 'i', ',', 'a',
's', 'e', 'e', 'd', '!', 0},
0, 0};
mbedtls_test_rnd_pseudo_info rnd_legacy;
memcpy( &rnd_legacy, &rnd_core, sizeof( rnd_core ) );
mbedtls_mpi max_legacy;
mbedtls_mpi_init( &max_legacy );
mbedtls_mpi_uint *R_core = NULL;
mbedtls_mpi R_legacy;
mbedtls_mpi_init( &R_legacy );
TEST_EQUAL( 0, mbedtls_test_read_mpi( &max_legacy, max_hex ) );
size_t limbs = max_legacy.n;
ASSERT_ALLOC( R_core, limbs * ciL );
/* Call the legacy function and the core function with the same random
* stream. */
int core_ret = mbedtls_mpi_core_random( R_core, min, max_legacy.p, limbs,
mbedtls_test_rnd_pseudo_rand,
&rnd_core );
int legacy_ret = mbedtls_mpi_random( &R_legacy, min, &max_legacy,
mbedtls_test_rnd_pseudo_rand,
&rnd_legacy );
/* They must return the same status, and, on success, output the
* same number, with the same limb count. */
TEST_EQUAL( core_ret, legacy_ret );
if( core_ret == 0 )
{
ASSERT_COMPARE( R_core, limbs * ciL,
R_legacy.p, R_legacy.n * ciL );
}
/* Also check that they have consumed the RNG in the same way. */
/* This may theoretically fail on rare platforms with padding in
* the structure! If this is a problem in practice, change to a
* field-by-field comparison. */
ASSERT_COMPARE( &rnd_core, sizeof( rnd_core ),
&rnd_legacy, sizeof( rnd_legacy ) );
exit:
mbedtls_mpi_free( &max_legacy );
mbedtls_free( R_core );
mbedtls_mpi_free( &R_legacy );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_random_many( int min, char *bound_hex, int iterations )
{
/* Generate numbers in the range 1..bound-1. Do it iterations times.
* This function assumes that the value of bound is at least 2 and
* that iterations is large enough that a one-in-2^iterations chance
* effectively never occurs.
*/
data_t bound_bytes = {NULL, 0};
mbedtls_mpi_uint *upper_bound = NULL;
size_t limbs;
size_t n_bits;
mbedtls_mpi_uint *result = NULL;
size_t b;
/* If upper_bound is small, stats[b] is the number of times the value b
* has been generated. Otherwise stats[b] is the number of times a
* value with bit b set has been generated. */
size_t *stats = NULL;
size_t stats_len;
int full_stats;
size_t i;
TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &upper_bound, &limbs,
bound_hex ) );
ASSERT_ALLOC( result, limbs * ciL );
n_bits = mbedtls_mpi_core_bitlen( upper_bound, limbs );
/* Consider a bound "small" if it's less than 2^5. This value is chosen
* to be small enough that the probability of missing one value is
* negligible given the number of iterations. It must be less than
* 256 because some of the code below assumes that "small" values
* fit in a byte. */
if( n_bits <= 5 )
{
full_stats = 1;
stats_len = (uint8_t) upper_bound[0];
}
else
{
full_stats = 0;
stats_len = n_bits;
}
ASSERT_ALLOC( stats, stats_len );
for( i = 0; i < (size_t) iterations; i++ )
{
mbedtls_test_set_step( i );
TEST_EQUAL( 0, mbedtls_mpi_core_random( result,
min, upper_bound, limbs,
mbedtls_test_rnd_std_rand, NULL ) );
/* Temporarily use a legacy MPI for analysis, because the
* necessary auxiliary functions don't exist yet in core. */
mbedtls_mpi B = {1, limbs, upper_bound};
mbedtls_mpi R = {1, limbs, result};
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) < 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &R, min ) >= 0 );
if( full_stats )
{
uint8_t value;
TEST_EQUAL( 0, mbedtls_mpi_write_binary( &R, &value, 1 ) );
TEST_ASSERT( value < stats_len );
++stats[value];
}
else
{
for( b = 0; b < n_bits; b++ )
stats[b] += mbedtls_mpi_get_bit( &R, b );
}
}
if( full_stats )
{
for( b = min; b < stats_len; b++ )
{
mbedtls_test_set_step( 1000000 + b );
/* Assert that each value has been reached at least once.
* This is almost guaranteed if the iteration count is large
* enough. This is a very crude way of checking the distribution.
*/
TEST_ASSERT( stats[b] > 0 );
}
}
else
{
bound_bytes.len = limbs * sizeof( mbedtls_mpi_uint );
ASSERT_ALLOC( bound_bytes.x, bound_bytes.len );
mbedtls_mpi_core_write_be( upper_bound, limbs,
bound_bytes.x, bound_bytes.len );
int statistically_safe_all_the_way =
is_significantly_above_a_power_of_2( &bound_bytes );
for( b = 0; b < n_bits; b++ )
{
mbedtls_test_set_step( 1000000 + b );
/* Assert that each bit has been set in at least one result and
* clear in at least one result. Provided that iterations is not
* too small, it would be extremely unlikely for this not to be
* the case if the results are uniformly distributed.
*
* As an exception, the top bit may legitimately never be set
* if bound is a power of 2 or only slightly above.
*/
if( statistically_safe_all_the_way || b != n_bits - 1 )
{
TEST_ASSERT( stats[b] > 0 );
}
TEST_ASSERT( stats[b] < (size_t) iterations );
}
}
exit:
mbedtls_free( bound_bytes.x );
mbedtls_free( upper_bound );
mbedtls_free( result );
mbedtls_free( stats );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before )
{
mbedtls_mpi upper_bound;
mbedtls_mpi result;
mbedtls_mpi_init( &upper_bound );
mbedtls_mpi_init( &result );
if( before != 0 )
{
/* Set result to sign(before) * 2^(|before|-1) */
TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 );
if( before < 0 )
before = - before;
TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 );
}
TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
bound_bytes->x, bound_bytes->len ) );
TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
mbedtls_test_rnd_std_rand, NULL ) );
TEST_ASSERT( sign_is_valid( &result ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
exit:
mbedtls_mpi_free( &upper_bound );
mbedtls_mpi_free( &result );
}
/* END_CASE */
/* BEGIN_CASE */
void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret )
{
mbedtls_mpi upper_bound;
mbedtls_mpi result;
int actual_ret;
mbedtls_mpi_init( &upper_bound );
mbedtls_mpi_init( &result );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
bound_bytes->x, bound_bytes->len ) );
actual_ret = mbedtls_mpi_random( &result, min, &upper_bound,
mbedtls_test_rnd_std_rand, NULL );
TEST_EQUAL( expected_ret, actual_ret );
exit:
mbedtls_mpi_free( &upper_bound );
mbedtls_mpi_free( &result );
}
/* END_CASE */
/* BEGIN_CASE */
void most_negative_mpi_sint( )
{
/* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We
* guarantee that mbedtls_mpi_sint is a two's complement type, so this
* is a valid value. However, negating it (`-n`) has undefined behavior
* (although in practice `-n` evaluates to the value n).
*
* This function has ad hoc tests for this value. It's separated from other
* functions because the test framework makes it hard to pass this value
* into test cases.
*
* In the comments here:
* - biL = number of bits in limbs
* - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range)
* - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range)
*/
mbedtls_mpi A, R, X;
mbedtls_mpi_init( &A );
mbedtls_mpi_init( &R );
mbedtls_mpi_init( &X );
mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << ( biL - 1 );
const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1;
const mbedtls_mpi_sint most_negative = - most_positive - 1;
TEST_EQUAL( (mbedtls_mpi_uint) most_negative,
(mbedtls_mpi_uint) 1 << ( biL - 1 ) );
TEST_EQUAL( (mbedtls_mpi_uint) most_negative << 1, 0 );
/* Test mbedtls_mpi_lset() */
TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
TEST_EQUAL( A.s, -1 );
TEST_EQUAL( A.n, 1 );
TEST_EQUAL( A.p[0], most_positive_plus_1 );
/* Test mbedtls_mpi_cmp_int(): -p == -p */
TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 0 );
/* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */
A.p[0] = most_positive_plus_1 + 1;
TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), -1 );
/* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */
A.p[0] = most_positive_plus_1 - 1;
TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 1 );
/* Test mbedtls_mpi_add_int(): (p-1) + (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
/* Test mbedtls_mpi_add_int(): (0) + (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, most_negative ), 0 );
/* Test mbedtls_mpi_add_int(): (-p) + (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
TEST_EQUAL( X.s, -1 );
TEST_EQUAL( X.n, 2 );
TEST_EQUAL( X.p[0], 0 );
TEST_EQUAL( X.p[1], 1 );
/* Test mbedtls_mpi_sub_int(): (p) - (-p) */
mbedtls_mpi_free( &X );
TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
TEST_EQUAL( X.s, 1 );
TEST_EQUAL( X.n, 1 );
TEST_EQUAL( X.p[0], ~(mbedtls_mpi_uint)0 );
/* Test mbedtls_mpi_sub_int(): (0) - (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
TEST_EQUAL( X.s, 1 );
TEST_EQUAL( X.n, 1 );
TEST_EQUAL( X.p[0], most_positive_plus_1 );
/* Test mbedtls_mpi_sub_int(): (-p) - (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
/* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, -most_positive ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );
/* Test mbedtls_mpi_div_int(): (-p) / (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
/* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */
TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 2 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
/* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */
TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );
/* Test mbedtls_mpi_div_int(): (p-1) / (-p) */
TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, most_positive ), 0 );
/* Test mbedtls_mpi_div_int(): (p) / (-p) */
TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
/* Test mbedtls_mpi_div_int(): (2*p) / (-p) */
TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -2 ), 0 );
TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );
/* Test mbedtls_mpi_mod_int(): never valid */
TEST_EQUAL( mbedtls_mpi_mod_int( X.p, &A, most_negative ),
MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
/* Test mbedtls_mpi_random(): never valid */
TEST_EQUAL( mbedtls_mpi_random( &X, most_negative, &A,
mbedtls_test_rnd_std_rand, NULL ),
MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
exit:
mbedtls_mpi_free( &A );
mbedtls_mpi_free( &R );
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mpi_selftest( )
{
TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 );
}
/* END_CASE */
Reference in New Issue View Git Blame Copy Permalink