1 1.1 christos /* 2 1.1 christos * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos #include <assert.h> 10 1.1 christos #include <errno.h> 11 1.1 christos #include <stdio.h> 12 1.1 christos #include <string.h> 13 1.1 christos #ifdef __TANDEM 14 1.1.1.2 christos #include <strings.h> /* strcasecmp */ 15 1.1 christos #endif 16 1.1 christos #include <ctype.h> 17 1.1 christos 18 1.1 christos #include <openssl/bn.h> 19 1.1 christos #include <openssl/crypto.h> 20 1.1 christos #include <openssl/err.h> 21 1.1 christos #include <openssl/rand.h> 22 1.1 christos #include "internal/nelem.h" 23 1.1 christos #include "internal/numbers.h" 24 1.1 christos #include "testutil.h" 25 1.1 christos 26 1.1 christos /* 27 1.1 christos * Things in boring, not in openssl. 28 1.1 christos */ 29 1.1 christos #define HAVE_BN_SQRT 0 30 1.1 christos 31 1.1 christos typedef struct filetest_st { 32 1.1 christos const char *name; 33 1.1 christos int (*func)(STANZA *s); 34 1.1 christos } FILETEST; 35 1.1 christos 36 1.1 christos typedef struct mpitest_st { 37 1.1 christos const char *base10; 38 1.1 christos const char *mpi; 39 1.1 christos size_t mpi_len; 40 1.1 christos } MPITEST; 41 1.1 christos 42 1.1.1.2 christos static const int NUM0 = 100; /* number of tests */ 43 1.1.1.2 christos static const int NUM1 = 50; /* additional tests for some functions */ 44 1.1 christos static const int NUM_PRIME_TESTS = 20; 45 1.1 christos static BN_CTX *ctx; 46 1.1 christos 47 1.1 christos /* 48 1.1 christos * Polynomial coefficients used in GFM tests. 49 1.1 christos */ 50 1.1 christos #ifndef OPENSSL_NO_EC2M 51 1.1 christos static int p0[] = { 163, 7, 6, 3, 0, -1 }; 52 1.1 christos static int p1[] = { 193, 15, 0, -1 }; 53 1.1 christos #endif 54 1.1 christos 55 1.1 christos /* 56 1.1 christos * Look for |key| in the stanza and return it or NULL if not found. 57 1.1 christos */ 58 1.1 christos static const char *findattr(STANZA *s, const char *key) 59 1.1 christos { 60 1.1 christos int i = s->numpairs; 61 1.1 christos PAIR *pp = s->pairs; 62 1.1 christos 63 1.1.1.2 christos for (; --i >= 0; pp++) 64 1.1 christos if (OPENSSL_strcasecmp(pp->key, key) == 0) 65 1.1 christos return pp->value; 66 1.1 christos return NULL; 67 1.1 christos } 68 1.1 christos 69 1.1 christos /* 70 1.1 christos * Parse BIGNUM from sparse hex-strings, return |BN_hex2bn| result. 71 1.1 christos */ 72 1.1 christos static int parse_bigBN(BIGNUM **out, const char *bn_strings[]) 73 1.1 christos { 74 1.1 christos char *bigstring = glue_strings(bn_strings, NULL); 75 1.1 christos int ret = BN_hex2bn(out, bigstring); 76 1.1 christos 77 1.1 christos OPENSSL_free(bigstring); 78 1.1 christos return ret; 79 1.1 christos } 80 1.1 christos 81 1.1 christos /* 82 1.1 christos * Parse BIGNUM, return number of bytes parsed. 83 1.1 christos */ 84 1.1 christos static int parseBN(BIGNUM **out, const char *in) 85 1.1 christos { 86 1.1 christos *out = NULL; 87 1.1 christos return BN_hex2bn(out, in); 88 1.1 christos } 89 1.1 christos 90 1.1 christos static int parsedecBN(BIGNUM **out, const char *in) 91 1.1 christos { 92 1.1 christos *out = NULL; 93 1.1 christos return BN_dec2bn(out, in); 94 1.1 christos } 95 1.1 christos 96 1.1 christos static BIGNUM *getBN(STANZA *s, const char *attribute) 97 1.1 christos { 98 1.1 christos const char *hex; 99 1.1 christos BIGNUM *ret = NULL; 100 1.1 christos 101 1.1 christos if ((hex = findattr(s, attribute)) == NULL) { 102 1.1 christos TEST_error("%s:%d: Can't find %s", s->test_file, s->start, attribute); 103 1.1 christos return NULL; 104 1.1 christos } 105 1.1 christos 106 1.1 christos if (parseBN(&ret, hex) != (int)strlen(hex)) { 107 1.1 christos TEST_error("Could not decode '%s'", hex); 108 1.1 christos return NULL; 109 1.1 christos } 110 1.1 christos return ret; 111 1.1 christos } 112 1.1 christos 113 1.1 christos static int getint(STANZA *s, int *out, const char *attribute) 114 1.1 christos { 115 1.1 christos BIGNUM *ret; 116 1.1 christos BN_ULONG word; 117 1.1 christos int st = 0; 118 1.1 christos 119 1.1 christos if (!TEST_ptr(ret = getBN(s, attribute)) 120 1.1.1.2 christos || !TEST_ulong_le(word = BN_get_word(ret), INT_MAX)) 121 1.1 christos goto err; 122 1.1 christos 123 1.1 christos *out = (int)word; 124 1.1 christos st = 1; 125 1.1.1.2 christos err: 126 1.1 christos BN_free(ret); 127 1.1 christos return st; 128 1.1 christos } 129 1.1 christos 130 1.1 christos static int equalBN(const char *op, const BIGNUM *expected, const BIGNUM *actual) 131 1.1 christos { 132 1.1 christos if (BN_cmp(expected, actual) == 0) 133 1.1 christos return 1; 134 1.1 christos 135 1.1 christos TEST_error("unexpected %s value", op); 136 1.1 christos TEST_BN_eq(expected, actual); 137 1.1 christos return 0; 138 1.1 christos } 139 1.1 christos 140 1.1 christos /* 141 1.1 christos * Return a "random" flag for if a BN should be negated. 142 1.1 christos */ 143 1.1 christos static int rand_neg(void) 144 1.1 christos { 145 1.1 christos static unsigned int neg = 0; 146 1.1 christos static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; 147 1.1 christos 148 1.1 christos return sign[(neg++) % 8]; 149 1.1 christos } 150 1.1 christos 151 1.1 christos static int test_swap(void) 152 1.1 christos { 153 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; 154 1.1 christos int top, cond, st = 0; 155 1.1 christos 156 1.1 christos if (!TEST_ptr(a = BN_new()) 157 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 158 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 159 1.1.1.2 christos || !TEST_ptr(d = BN_new())) 160 1.1 christos goto err; 161 1.1 christos 162 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 1024, 1, 0)) 163 1.1 christos && TEST_true(BN_bntest_rand(b, 1024, 1, 0)) 164 1.1 christos && TEST_ptr(BN_copy(c, a)) 165 1.1 christos && TEST_ptr(BN_copy(d, b)))) 166 1.1 christos goto err; 167 1.1 christos top = BN_num_bits(a) / BN_BITS2; 168 1.1 christos 169 1.1 christos /* regular swap */ 170 1.1 christos BN_swap(a, b); 171 1.1 christos if (!equalBN("swap", a, d) 172 1.1.1.2 christos || !equalBN("swap", b, c)) 173 1.1 christos goto err; 174 1.1 christos 175 1.1 christos /* regular swap: same pointer */ 176 1.1 christos BN_swap(a, a); 177 1.1 christos if (!equalBN("swap with same pointer", a, d)) 178 1.1 christos goto err; 179 1.1 christos 180 1.1 christos /* conditional swap: true */ 181 1.1 christos cond = 1; 182 1.1 christos BN_consttime_swap(cond, a, b, top); 183 1.1 christos if (!equalBN("cswap true", a, c) 184 1.1.1.2 christos || !equalBN("cswap true", b, d)) 185 1.1 christos goto err; 186 1.1 christos 187 1.1 christos /* conditional swap: true, same pointer */ 188 1.1 christos BN_consttime_swap(cond, a, a, top); 189 1.1 christos if (!equalBN("cswap true", a, c)) 190 1.1 christos goto err; 191 1.1 christos 192 1.1 christos /* conditional swap: false */ 193 1.1 christos cond = 0; 194 1.1 christos BN_consttime_swap(cond, a, b, top); 195 1.1 christos if (!equalBN("cswap false", a, c) 196 1.1.1.2 christos || !equalBN("cswap false", b, d)) 197 1.1 christos goto err; 198 1.1 christos 199 1.1 christos /* conditional swap: false, same pointer */ 200 1.1 christos BN_consttime_swap(cond, a, a, top); 201 1.1 christos if (!equalBN("cswap false", a, c)) 202 1.1 christos goto err; 203 1.1 christos 204 1.1 christos /* same tests but checking flag swap */ 205 1.1 christos BN_set_flags(a, BN_FLG_CONSTTIME); 206 1.1 christos 207 1.1 christos BN_swap(a, b); 208 1.1 christos if (!equalBN("swap, flags", a, d) 209 1.1.1.2 christos || !equalBN("swap, flags", b, c) 210 1.1.1.2 christos || !TEST_true(BN_get_flags(b, BN_FLG_CONSTTIME)) 211 1.1.1.2 christos || !TEST_false(BN_get_flags(a, BN_FLG_CONSTTIME))) 212 1.1 christos goto err; 213 1.1 christos 214 1.1 christos cond = 1; 215 1.1 christos BN_consttime_swap(cond, a, b, top); 216 1.1 christos if (!equalBN("cswap true, flags", a, c) 217 1.1.1.2 christos || !equalBN("cswap true, flags", b, d) 218 1.1.1.2 christos || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) 219 1.1.1.2 christos || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) 220 1.1 christos goto err; 221 1.1 christos 222 1.1 christos cond = 0; 223 1.1 christos BN_consttime_swap(cond, a, b, top); 224 1.1 christos if (!equalBN("cswap false, flags", a, c) 225 1.1.1.2 christos || !equalBN("cswap false, flags", b, d) 226 1.1.1.2 christos || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) 227 1.1.1.2 christos || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) 228 1.1 christos goto err; 229 1.1 christos 230 1.1 christos st = 1; 231 1.1.1.2 christos err: 232 1.1 christos BN_free(a); 233 1.1 christos BN_free(b); 234 1.1 christos BN_free(c); 235 1.1 christos BN_free(d); 236 1.1 christos return st; 237 1.1 christos } 238 1.1 christos 239 1.1 christos static int test_sub(void) 240 1.1 christos { 241 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL; 242 1.1 christos int i, st = 0; 243 1.1 christos 244 1.1 christos if (!TEST_ptr(a = BN_new()) 245 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 246 1.1.1.2 christos || !TEST_ptr(c = BN_new())) 247 1.1 christos goto err; 248 1.1 christos 249 1.1 christos for (i = 0; i < NUM0 + NUM1; i++) { 250 1.1 christos if (i < NUM1) { 251 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0))) 252 1.1.1.2 christos && TEST_ptr(BN_copy(b, a)) 253 1.1.1.2 christos && TEST_int_ne(BN_set_bit(a, i), 0) 254 1.1.1.2 christos && TEST_true(BN_add_word(b, i))) 255 1.1 christos goto err; 256 1.1 christos } else { 257 1.1 christos if (!TEST_true(BN_bntest_rand(b, 400 + i - NUM1, 0, 0))) 258 1.1 christos goto err; 259 1.1 christos BN_set_negative(a, rand_neg()); 260 1.1 christos BN_set_negative(b, rand_neg()); 261 1.1 christos } 262 1.1 christos if (!(TEST_true(BN_sub(c, a, b)) 263 1.1 christos && TEST_true(BN_add(c, c, b)) 264 1.1 christos && TEST_true(BN_sub(c, c, a)) 265 1.1 christos && TEST_BN_eq_zero(c))) 266 1.1 christos goto err; 267 1.1 christos } 268 1.1 christos st = 1; 269 1.1.1.2 christos err: 270 1.1 christos BN_free(a); 271 1.1 christos BN_free(b); 272 1.1 christos BN_free(c); 273 1.1 christos return st; 274 1.1 christos } 275 1.1 christos 276 1.1 christos static int test_div_recip(void) 277 1.1 christos { 278 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; 279 1.1 christos BN_RECP_CTX *recp = NULL; 280 1.1 christos int st = 0, i; 281 1.1 christos 282 1.1 christos if (!TEST_ptr(a = BN_new()) 283 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 284 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 285 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 286 1.1.1.2 christos || !TEST_ptr(e = BN_new()) 287 1.1.1.2 christos || !TEST_ptr(recp = BN_RECP_CTX_new())) 288 1.1 christos goto err; 289 1.1 christos 290 1.1 christos for (i = 0; i < NUM0 + NUM1; i++) { 291 1.1 christos if (i < NUM1) { 292 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 400, 0, 0)) 293 1.1 christos && TEST_ptr(BN_copy(b, a)) 294 1.1 christos && TEST_true(BN_lshift(a, a, i)) 295 1.1 christos && TEST_true(BN_add_word(a, i)))) 296 1.1 christos goto err; 297 1.1 christos } else { 298 1.1 christos if (!(TEST_true(BN_bntest_rand(b, 50 + 3 * (i - NUM1), 0, 0)))) 299 1.1 christos goto err; 300 1.1 christos } 301 1.1 christos BN_set_negative(a, rand_neg()); 302 1.1 christos BN_set_negative(b, rand_neg()); 303 1.1 christos if (!(TEST_true(BN_RECP_CTX_set(recp, b, ctx)) 304 1.1 christos && TEST_true(BN_div_recp(d, c, a, recp, ctx)) 305 1.1 christos && TEST_true(BN_mul(e, d, b, ctx)) 306 1.1 christos && TEST_true(BN_add(d, e, c)) 307 1.1 christos && TEST_true(BN_sub(d, d, a)) 308 1.1 christos && TEST_BN_eq_zero(d))) 309 1.1 christos goto err; 310 1.1 christos } 311 1.1 christos st = 1; 312 1.1.1.2 christos err: 313 1.1 christos BN_free(a); 314 1.1 christos BN_free(b); 315 1.1 christos BN_free(c); 316 1.1 christos BN_free(d); 317 1.1 christos BN_free(e); 318 1.1 christos BN_RECP_CTX_free(recp); 319 1.1 christos return st; 320 1.1 christos } 321 1.1 christos 322 1.1 christos static struct { 323 1.1 christos int n, divisor, result, remainder; 324 1.1 christos } signed_mod_tests[] = { 325 1.1.1.2 christos { 10, 3, 3, 1 }, 326 1.1.1.2 christos { -10, 3, -3, -1 }, 327 1.1.1.2 christos { 10, -3, -3, 1 }, 328 1.1.1.2 christos { -10, -3, 3, -1 }, 329 1.1 christos }; 330 1.1 christos 331 1.1 christos static BIGNUM *set_signed_bn(int value) 332 1.1 christos { 333 1.1 christos BIGNUM *bn = BN_new(); 334 1.1 christos 335 1.1 christos if (bn == NULL) 336 1.1 christos return NULL; 337 1.1 christos if (!BN_set_word(bn, value < 0 ? -value : value)) { 338 1.1 christos BN_free(bn); 339 1.1 christos return NULL; 340 1.1 christos } 341 1.1 christos BN_set_negative(bn, value < 0); 342 1.1 christos return bn; 343 1.1 christos } 344 1.1 christos 345 1.1 christos static int test_signed_mod_replace_ab(int n) 346 1.1 christos { 347 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; 348 1.1 christos int st = 0; 349 1.1 christos 350 1.1 christos if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) 351 1.1.1.2 christos || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) 352 1.1.1.2 christos || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) 353 1.1.1.2 christos || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) 354 1.1 christos goto err; 355 1.1 christos 356 1.1 christos if (TEST_true(BN_div(a, b, a, b, ctx)) 357 1.1.1.2 christos && TEST_BN_eq(a, c) 358 1.1.1.2 christos && TEST_BN_eq(b, d)) 359 1.1 christos st = 1; 360 1.1.1.2 christos err: 361 1.1 christos BN_free(a); 362 1.1 christos BN_free(b); 363 1.1 christos BN_free(c); 364 1.1 christos BN_free(d); 365 1.1 christos return st; 366 1.1 christos } 367 1.1 christos 368 1.1 christos static int test_signed_mod_replace_ba(int n) 369 1.1 christos { 370 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; 371 1.1 christos int st = 0; 372 1.1 christos 373 1.1 christos if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) 374 1.1.1.2 christos || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) 375 1.1.1.2 christos || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) 376 1.1.1.2 christos || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) 377 1.1 christos goto err; 378 1.1 christos 379 1.1 christos if (TEST_true(BN_div(b, a, a, b, ctx)) 380 1.1.1.2 christos && TEST_BN_eq(b, c) 381 1.1.1.2 christos && TEST_BN_eq(a, d)) 382 1.1 christos st = 1; 383 1.1.1.2 christos err: 384 1.1 christos BN_free(a); 385 1.1 christos BN_free(b); 386 1.1 christos BN_free(c); 387 1.1 christos BN_free(d); 388 1.1 christos return st; 389 1.1 christos } 390 1.1 christos 391 1.1 christos static int test_mod(void) 392 1.1 christos { 393 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; 394 1.1 christos int st = 0, i; 395 1.1 christos 396 1.1 christos if (!TEST_ptr(a = BN_new()) 397 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 398 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 399 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 400 1.1.1.2 christos || !TEST_ptr(e = BN_new())) 401 1.1 christos goto err; 402 1.1 christos 403 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0)))) 404 1.1 christos goto err; 405 1.1 christos for (i = 0; i < NUM0; i++) { 406 1.1 christos if (!(TEST_true(BN_bntest_rand(b, 450 + i * 10, 0, 0)))) 407 1.1 christos goto err; 408 1.1 christos BN_set_negative(a, rand_neg()); 409 1.1 christos BN_set_negative(b, rand_neg()); 410 1.1 christos if (!(TEST_true(BN_mod(c, a, b, ctx)) 411 1.1 christos && TEST_true(BN_div(d, e, a, b, ctx)) 412 1.1 christos && TEST_BN_eq(e, c) 413 1.1 christos && TEST_true(BN_mul(c, d, b, ctx)) 414 1.1 christos && TEST_true(BN_add(d, c, e)) 415 1.1 christos && TEST_BN_eq(d, a))) 416 1.1 christos goto err; 417 1.1 christos } 418 1.1 christos st = 1; 419 1.1.1.2 christos err: 420 1.1 christos BN_free(a); 421 1.1 christos BN_free(b); 422 1.1 christos BN_free(c); 423 1.1 christos BN_free(d); 424 1.1 christos BN_free(e); 425 1.1 christos return st; 426 1.1 christos } 427 1.1 christos 428 1.1 christos static const char *bn1strings[] = { 429 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 430 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 431 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 432 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 433 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 434 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 435 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 436 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF00", 437 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 438 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 439 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 440 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 441 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 442 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 443 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 444 1.1 christos "00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFF", 445 1.1 christos NULL 446 1.1 christos }; 447 1.1 christos 448 1.1 christos static const char *bn2strings[] = { 449 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 450 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 451 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 452 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 453 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 454 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 455 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 456 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF0000000000", 457 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 458 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 459 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 460 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 461 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 462 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 463 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000", 464 1.1 christos "000000000000000000000000000000000000000000FFFFFFFFFFFFFF00000000", 465 1.1 christos NULL 466 1.1 christos }; 467 1.1 christos 468 1.1 christos /* 469 1.1 christos * Test constant-time modular exponentiation with 1024-bit inputs, which on 470 1.1 christos * x86_64 cause a different code branch to be taken. 471 1.1 christos */ 472 1.1 christos static int test_modexp_mont5(void) 473 1.1 christos { 474 1.1 christos BIGNUM *a = NULL, *p = NULL, *m = NULL, *d = NULL, *e = NULL; 475 1.1 christos BIGNUM *b = NULL, *n = NULL, *c = NULL; 476 1.1 christos BN_MONT_CTX *mont = NULL; 477 1.1 christos int st = 0; 478 1.1 christos 479 1.1 christos if (!TEST_ptr(a = BN_new()) 480 1.1.1.2 christos || !TEST_ptr(p = BN_new()) 481 1.1.1.2 christos || !TEST_ptr(m = BN_new()) 482 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 483 1.1.1.2 christos || !TEST_ptr(e = BN_new()) 484 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 485 1.1.1.2 christos || !TEST_ptr(n = BN_new()) 486 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 487 1.1.1.2 christos || !TEST_ptr(mont = BN_MONT_CTX_new())) 488 1.1 christos goto err; 489 1.1 christos 490 1.1 christos /* must be odd for montgomery */ 491 1.1 christos if (!(TEST_true(BN_bntest_rand(m, 1024, 0, 1)) 492 1.1 christos /* Zero exponent */ 493 1.1 christos && TEST_true(BN_bntest_rand(a, 1024, 0, 0)))) 494 1.1 christos goto err; 495 1.1 christos BN_zero(p); 496 1.1 christos 497 1.1 christos if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))) 498 1.1 christos goto err; 499 1.1 christos if (!TEST_BN_eq_one(d)) 500 1.1 christos goto err; 501 1.1 christos 502 1.1 christos /* Regression test for carry bug in mulx4x_mont */ 503 1.1 christos if (!(TEST_true(BN_hex2bn(&a, 504 1.1.1.2 christos "7878787878787878787878787878787878787878787878787878787878787878" 505 1.1.1.2 christos "7878787878787878787878787878787878787878787878787878787878787878" 506 1.1.1.2 christos "7878787878787878787878787878787878787878787878787878787878787878" 507 1.1.1.2 christos "7878787878787878787878787878787878787878787878787878787878787878")) 508 1.1.1.2 christos && TEST_true(BN_hex2bn(&b, 509 1.1.1.2 christos "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" 510 1.1.1.2 christos "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" 511 1.1.1.2 christos "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" 512 1.1.1.2 christos "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81")) 513 1.1.1.2 christos && TEST_true(BN_hex2bn(&n, 514 1.1.1.2 christos "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" 515 1.1.1.2 christos "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" 516 1.1.1.2 christos "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" 517 1.1.1.2 christos "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF")))) 518 1.1 christos goto err; 519 1.1 christos 520 1.1 christos if (!(TEST_true(BN_MONT_CTX_set(mont, n, ctx)) 521 1.1 christos && TEST_true(BN_mod_mul_montgomery(c, a, b, mont, ctx)) 522 1.1 christos && TEST_true(BN_mod_mul_montgomery(d, b, a, mont, ctx)) 523 1.1 christos && TEST_BN_eq(c, d))) 524 1.1 christos goto err; 525 1.1 christos 526 1.1 christos /* Regression test for carry bug in sqr[x]8x_mont */ 527 1.1 christos if (!(TEST_true(parse_bigBN(&n, bn1strings)) 528 1.1 christos && TEST_true(parse_bigBN(&a, bn2strings)))) 529 1.1 christos goto err; 530 1.1 christos BN_free(b); 531 1.1 christos if (!(TEST_ptr(b = BN_dup(a)) 532 1.1 christos && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) 533 1.1 christos && TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx)) 534 1.1 christos && TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) 535 1.1 christos && TEST_BN_eq(c, d))) 536 1.1 christos goto err; 537 1.1 christos 538 1.1 christos /* Regression test for carry bug in bn_sqrx8x_internal */ 539 1.1 christos { 540 1.1 christos static const char *ahex[] = { 541 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 542 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 543 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 544 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 545 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FFEADBCFC4DAE7FFF908E92820306B", 546 1.1 christos "9544D954000000006C0000000000000000000000000000000000000000000000", 547 1.1 christos "00000000000000000000FF030202FFFFF8FFEBDBCFC4DAE7FFF908E92820306B", 548 1.1 christos "9544D954000000006C000000FF0302030000000000FFFFFFFFFFFFFFFFFFFFFF", 549 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF01FC00FF02FFFFFFFF", 550 1.1 christos "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FCFD", 551 1.1 christos "FCFFFFFFFFFF000000000000000000FF0302030000000000FFFFFFFFFFFFFFFF", 552 1.1 christos "FF00FCFDFDFF030202FF00000000FFFFFFFFFFFFFFFFFF00FCFDFCFFFFFFFFFF", 553 1.1 christos NULL 554 1.1 christos }; 555 1.1 christos static const char *nhex[] = { 556 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 557 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 558 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 559 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 560 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8F8F8F8000000", 561 1.1 christos "00000010000000006C0000000000000000000000000000000000000000000000", 562 1.1 christos "00000000000000000000000000000000000000FFFFFFFFFFFFF8F8F8F8000000", 563 1.1 christos "00000010000000006C000000000000000000000000FFFFFFFFFFFFFFFFFFFFFF", 564 1.1 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 565 1.1 christos "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 566 1.1 christos "FFFFFFFFFFFF000000000000000000000000000000000000FFFFFFFFFFFFFFFF", 567 1.1 christos "FFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 568 1.1 christos NULL 569 1.1 christos }; 570 1.1 christos 571 1.1 christos if (!(TEST_true(parse_bigBN(&a, ahex)) 572 1.1 christos && TEST_true(parse_bigBN(&n, nhex)))) 573 1.1 christos goto err; 574 1.1 christos } 575 1.1 christos BN_free(b); 576 1.1 christos if (!(TEST_ptr(b = BN_dup(a)) 577 1.1 christos && TEST_true(BN_MONT_CTX_set(mont, n, ctx)))) 578 1.1 christos goto err; 579 1.1 christos 580 1.1 christos if (!TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx)) 581 1.1.1.2 christos || !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) 582 1.1.1.2 christos || !TEST_BN_eq(c, d)) 583 1.1 christos goto err; 584 1.1 christos 585 1.1 christos /* Regression test for bug in BN_from_montgomery_word */ 586 1.1 christos if (!(TEST_true(BN_hex2bn(&a, 587 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 588 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 589 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) 590 1.1.1.2 christos && TEST_true(BN_hex2bn(&n, 591 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 592 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) 593 1.1.1.2 christos && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) 594 1.1.1.2 christos && TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx)))) 595 1.1 christos goto err; 596 1.1 christos 597 1.1 christos /* Regression test for bug in rsaz_1024_mul_avx2 */ 598 1.1 christos if (!(TEST_true(BN_hex2bn(&a, 599 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 600 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 601 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 602 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) 603 1.1.1.2 christos && TEST_true(BN_hex2bn(&b, 604 1.1.1.2 christos "2020202020202020202020202020202020202020202020202020202020202020" 605 1.1.1.2 christos "2020202020202020202020202020202020202020202020202020202020202020" 606 1.1.1.2 christos "20202020202020FF202020202020202020202020202020202020202020202020" 607 1.1.1.2 christos "2020202020202020202020202020202020202020202020202020202020202020")) 608 1.1.1.2 christos && TEST_true(BN_hex2bn(&n, 609 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 610 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 611 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 612 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF")) 613 1.1.1.2 christos && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) 614 1.1.1.2 christos && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)) 615 1.1.1.2 christos && TEST_true(BN_mod_exp_mont(d, a, b, n, ctx, mont)) 616 1.1.1.2 christos && TEST_BN_eq(c, d))) 617 1.1 christos goto err; 618 1.1 christos 619 1.1 christos /* 620 1.1 christos * rsaz_1024_mul_avx2 expects fully-reduced inputs. 621 1.1 christos * BN_mod_exp_mont_consttime should reduce the input first. 622 1.1 christos */ 623 1.1 christos if (!(TEST_true(BN_hex2bn(&a, 624 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 625 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 626 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 627 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) 628 1.1.1.2 christos && TEST_true(BN_hex2bn(&b, 629 1.1.1.2 christos "1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D" 630 1.1.1.2 christos "9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB" 631 1.1.1.2 christos "B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38" 632 1.1.1.2 christos "E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E")) 633 1.1.1.2 christos && TEST_true(BN_hex2bn(&n, 634 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 635 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 636 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" 637 1.1.1.2 christos "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) 638 1.1.1.2 christos && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) 639 1.1.1.2 christos && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)))) 640 1.1 christos goto err; 641 1.1 christos BN_zero(d); 642 1.1 christos if (!TEST_BN_eq(c, d)) 643 1.1 christos goto err; 644 1.1 christos 645 1.1 christos /* 646 1.1 christos * Regression test for overflow bug in bn_sqr_comba4/8 for 647 1.1 christos * mips-linux-gnu and mipsel-linux-gnu 32bit targets. 648 1.1 christos */ 649 1.1 christos { 650 1.1 christos static const char *ehex[] = { 651 1.1 christos "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", 652 1.1 christos "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", 653 1.1 christos "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", 654 1.1 christos "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", 655 1.1 christos "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", 656 1.1 christos "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", 657 1.1 christos "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", 658 1.1 christos "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", 659 1.1.1.2 christos NULL 660 1.1.1.2 christos }; 661 1.1 christos static const char *phex[] = { 662 1.1 christos "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", 663 1.1 christos "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", 664 1.1 christos "2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", 665 1.1 christos "c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439", 666 1.1 christos "dc6fbd55f903aadd307982d3f659207f265e1ec6271b274521b7a5e28e8fd7a5", 667 1.1 christos "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813", 668 1.1 christos "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4", 669 1.1 christos "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5", 670 1.1.1.2 christos NULL 671 1.1.1.2 christos }; 672 1.1 christos static const char *mhex[] = { 673 1.1 christos "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f", 674 1.1 christos "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3", 675 1.1 christos "785866cfbca17cfdbed6060be3629d894f924a89fdc1efc624f80d41a22f1900", 676 1.1 christos "9503fcc3824ef62ccb9208430c26f2d8ceb2c63488ec4c07437aa4c96c43dd8b", 677 1.1 christos "9289ed00a712ff66ee195dc71f5e4ead02172b63c543d69baf495f5fd63ba7bc", 678 1.1 christos "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647", 679 1.1 christos "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c", 680 1.1 christos "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b", 681 1.1.1.2 christos NULL 682 1.1.1.2 christos }; 683 1.1 christos 684 1.1 christos if (!TEST_true(parse_bigBN(&e, ehex)) 685 1.1.1.2 christos || !TEST_true(parse_bigBN(&p, phex)) 686 1.1.1.2 christos || !TEST_true(parse_bigBN(&m, mhex)) 687 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) 688 1.1.1.2 christos || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) 689 1.1.1.2 christos || !TEST_BN_eq(a, d)) 690 1.1 christos goto err; 691 1.1 christos } 692 1.1 christos 693 1.1 christos /* Zero input */ 694 1.1 christos if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0))) 695 1.1 christos goto err; 696 1.1 christos BN_zero(a); 697 1.1 christos if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) 698 1.1.1.2 christos || !TEST_BN_eq_zero(d)) 699 1.1 christos goto err; 700 1.1 christos 701 1.1 christos /* 702 1.1 christos * Craft an input whose Montgomery representation is 1, i.e., shorter 703 1.1 christos * than the modulus m, in order to test the const time precomputation 704 1.1 christos * scattering/gathering. 705 1.1 christos */ 706 1.1 christos if (!(TEST_true(BN_one(a)) 707 1.1 christos && TEST_true(BN_MONT_CTX_set(mont, m, ctx)))) 708 1.1 christos goto err; 709 1.1 christos if (!TEST_true(BN_from_montgomery(e, a, mont, ctx)) 710 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) 711 1.1.1.2 christos || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) 712 1.1.1.2 christos || !TEST_BN_eq(a, d)) 713 1.1 christos goto err; 714 1.1 christos 715 1.1 christos /* Finally, some regular test vectors. */ 716 1.1 christos if (!(TEST_true(BN_bntest_rand(e, 1024, 0, 0)) 717 1.1 christos && TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) 718 1.1 christos && TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) 719 1.1 christos && TEST_BN_eq(a, d))) 720 1.1 christos goto err; 721 1.1 christos 722 1.1 christos st = 1; 723 1.1 christos 724 1.1.1.2 christos err: 725 1.1 christos BN_MONT_CTX_free(mont); 726 1.1 christos BN_free(a); 727 1.1 christos BN_free(p); 728 1.1 christos BN_free(m); 729 1.1 christos BN_free(d); 730 1.1 christos BN_free(e); 731 1.1 christos BN_free(b); 732 1.1 christos BN_free(n); 733 1.1 christos BN_free(c); 734 1.1 christos return st; 735 1.1 christos } 736 1.1 christos 737 1.1 christos #ifndef OPENSSL_NO_EC2M 738 1.1 christos static int test_gf2m_add(void) 739 1.1 christos { 740 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL; 741 1.1 christos int i, st = 0; 742 1.1 christos 743 1.1 christos if (!TEST_ptr(a = BN_new()) 744 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 745 1.1.1.2 christos || !TEST_ptr(c = BN_new())) 746 1.1 christos goto err; 747 1.1 christos 748 1.1 christos for (i = 0; i < NUM0; i++) { 749 1.1 christos if (!(TEST_true(BN_rand(a, 512, 0, 0)) 750 1.1 christos && TEST_ptr(BN_copy(b, BN_value_one())))) 751 1.1 christos goto err; 752 1.1 christos BN_set_negative(a, rand_neg()); 753 1.1 christos BN_set_negative(b, rand_neg()); 754 1.1 christos if (!(TEST_true(BN_GF2m_add(c, a, b)) 755 1.1 christos /* Test that two added values have the correct parity. */ 756 1.1 christos && TEST_false((BN_is_odd(a) && BN_is_odd(c)) 757 1.1.1.2 christos || (!BN_is_odd(a) && !BN_is_odd(c))))) 758 1.1 christos goto err; 759 1.1 christos if (!(TEST_true(BN_GF2m_add(c, c, c)) 760 1.1 christos /* Test that c + c = 0. */ 761 1.1 christos && TEST_BN_eq_zero(c))) 762 1.1 christos goto err; 763 1.1 christos } 764 1.1 christos st = 1; 765 1.1.1.2 christos err: 766 1.1 christos BN_free(a); 767 1.1 christos BN_free(b); 768 1.1 christos BN_free(c); 769 1.1 christos return st; 770 1.1 christos } 771 1.1 christos 772 1.1 christos static int test_gf2m_mod(void) 773 1.1 christos { 774 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL, *e = NULL; 775 1.1 christos int i, j, st = 0; 776 1.1 christos 777 1.1 christos if (!TEST_ptr(a = BN_new()) 778 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 779 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 780 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 781 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 782 1.1.1.2 christos || !TEST_ptr(e = BN_new())) 783 1.1 christos goto err; 784 1.1 christos 785 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 786 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 787 1.1 christos goto err; 788 1.1 christos 789 1.1 christos for (i = 0; i < NUM0; i++) { 790 1.1 christos if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0))) 791 1.1 christos goto err; 792 1.1 christos for (j = 0; j < 2; j++) { 793 1.1 christos if (!(TEST_true(BN_GF2m_mod(c, a, b[j])) 794 1.1 christos && TEST_true(BN_GF2m_add(d, a, c)) 795 1.1 christos && TEST_true(BN_GF2m_mod(e, d, b[j])) 796 1.1 christos /* Test that a + (a mod p) mod p == 0. */ 797 1.1 christos && TEST_BN_eq_zero(e))) 798 1.1 christos goto err; 799 1.1 christos } 800 1.1 christos } 801 1.1 christos st = 1; 802 1.1.1.2 christos err: 803 1.1 christos BN_free(a); 804 1.1 christos BN_free(b[0]); 805 1.1 christos BN_free(b[1]); 806 1.1 christos BN_free(c); 807 1.1 christos BN_free(d); 808 1.1 christos BN_free(e); 809 1.1 christos return st; 810 1.1 christos } 811 1.1 christos 812 1.1 christos static int test_gf2m_mul(void) 813 1.1 christos { 814 1.1.1.2 christos BIGNUM *a, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 815 1.1 christos BIGNUM *e = NULL, *f = NULL, *g = NULL, *h = NULL; 816 1.1 christos int i, j, st = 0; 817 1.1 christos 818 1.1 christos if (!TEST_ptr(a = BN_new()) 819 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 820 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 821 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 822 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 823 1.1.1.2 christos || !TEST_ptr(e = BN_new()) 824 1.1.1.2 christos || !TEST_ptr(f = BN_new()) 825 1.1.1.2 christos || !TEST_ptr(g = BN_new()) 826 1.1.1.2 christos || !TEST_ptr(h = BN_new())) 827 1.1 christos goto err; 828 1.1 christos 829 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 830 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 831 1.1 christos goto err; 832 1.1 christos 833 1.1 christos for (i = 0; i < NUM0; i++) { 834 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0)) 835 1.1 christos && TEST_true(BN_bntest_rand(c, 1024, 0, 0)) 836 1.1 christos && TEST_true(BN_bntest_rand(d, 1024, 0, 0)))) 837 1.1 christos goto err; 838 1.1 christos for (j = 0; j < 2; j++) { 839 1.1 christos if (!(TEST_true(BN_GF2m_mod_mul(e, a, c, b[j], ctx)) 840 1.1 christos && TEST_true(BN_GF2m_add(f, a, d)) 841 1.1 christos && TEST_true(BN_GF2m_mod_mul(g, f, c, b[j], ctx)) 842 1.1 christos && TEST_true(BN_GF2m_mod_mul(h, d, c, b[j], ctx)) 843 1.1 christos && TEST_true(BN_GF2m_add(f, e, g)) 844 1.1 christos && TEST_true(BN_GF2m_add(f, f, h)) 845 1.1 christos /* Test that (a+d)*c = a*c + d*c. */ 846 1.1 christos && TEST_BN_eq_zero(f))) 847 1.1 christos goto err; 848 1.1 christos } 849 1.1 christos } 850 1.1 christos st = 1; 851 1.1 christos 852 1.1.1.2 christos err: 853 1.1 christos BN_free(a); 854 1.1 christos BN_free(b[0]); 855 1.1 christos BN_free(b[1]); 856 1.1 christos BN_free(c); 857 1.1 christos BN_free(d); 858 1.1 christos BN_free(e); 859 1.1 christos BN_free(f); 860 1.1 christos BN_free(g); 861 1.1 christos BN_free(h); 862 1.1 christos return st; 863 1.1 christos } 864 1.1 christos 865 1.1 christos static int test_gf2m_sqr(void) 866 1.1 christos { 867 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 868 1.1 christos int i, j, st = 0; 869 1.1 christos 870 1.1 christos if (!TEST_ptr(a = BN_new()) 871 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 872 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 873 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 874 1.1.1.2 christos || !TEST_ptr(d = BN_new())) 875 1.1 christos goto err; 876 1.1 christos 877 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 878 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 879 1.1 christos goto err; 880 1.1 christos 881 1.1 christos for (i = 0; i < NUM0; i++) { 882 1.1 christos if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0))) 883 1.1.1.2 christos goto err; 884 1.1 christos for (j = 0; j < 2; j++) { 885 1.1 christos if (!(TEST_true(BN_GF2m_mod_sqr(c, a, b[j], ctx)) 886 1.1 christos && TEST_true(BN_copy(d, a)) 887 1.1 christos && TEST_true(BN_GF2m_mod_mul(d, a, d, b[j], ctx)) 888 1.1 christos && TEST_true(BN_GF2m_add(d, c, d)) 889 1.1 christos /* Test that a*a = a^2. */ 890 1.1 christos && TEST_BN_eq_zero(d))) 891 1.1 christos goto err; 892 1.1 christos } 893 1.1 christos } 894 1.1 christos st = 1; 895 1.1.1.2 christos err: 896 1.1 christos BN_free(a); 897 1.1 christos BN_free(b[0]); 898 1.1 christos BN_free(b[1]); 899 1.1 christos BN_free(c); 900 1.1 christos BN_free(d); 901 1.1 christos return st; 902 1.1 christos } 903 1.1 christos 904 1.1 christos static int test_gf2m_modinv(void) 905 1.1 christos { 906 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 907 1.1 christos int i, j, st = 0; 908 1.1 christos 909 1.1 christos if (!TEST_ptr(a = BN_new()) 910 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 911 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 912 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 913 1.1.1.2 christos || !TEST_ptr(d = BN_new())) 914 1.1 christos goto err; 915 1.1 christos 916 1.1 christos /* Test that a non-sensical, too small value causes a failure */ 917 1.1 christos if (!TEST_true(BN_one(b[0]))) 918 1.1 christos goto err; 919 1.1 christos if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) 920 1.1 christos goto err; 921 1.1 christos if (!TEST_false(BN_GF2m_mod_inv(c, a, b[0], ctx))) 922 1.1 christos goto err; 923 1.1 christos 924 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 925 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 926 1.1 christos goto err; 927 1.1 christos 928 1.1 christos for (i = 0; i < NUM0; i++) { 929 1.1 christos if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) 930 1.1 christos goto err; 931 1.1 christos for (j = 0; j < 2; j++) { 932 1.1 christos if (!(TEST_true(BN_GF2m_mod_inv(c, a, b[j], ctx)) 933 1.1 christos && TEST_true(BN_GF2m_mod_mul(d, a, c, b[j], ctx)) 934 1.1 christos /* Test that ((1/a)*a) = 1. */ 935 1.1 christos && TEST_BN_eq_one(d))) 936 1.1 christos goto err; 937 1.1 christos } 938 1.1 christos } 939 1.1 christos st = 1; 940 1.1.1.2 christos err: 941 1.1 christos BN_free(a); 942 1.1 christos BN_free(b[0]); 943 1.1 christos BN_free(b[1]); 944 1.1 christos BN_free(c); 945 1.1 christos BN_free(d); 946 1.1 christos return st; 947 1.1 christos } 948 1.1 christos 949 1.1 christos static int test_gf2m_moddiv(void) 950 1.1 christos { 951 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 952 1.1 christos BIGNUM *e = NULL, *f = NULL; 953 1.1 christos int i, j, st = 0; 954 1.1 christos 955 1.1 christos if (!TEST_ptr(a = BN_new()) 956 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 957 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 958 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 959 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 960 1.1.1.2 christos || !TEST_ptr(e = BN_new()) 961 1.1.1.2 christos || !TEST_ptr(f = BN_new())) 962 1.1 christos goto err; 963 1.1 christos 964 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 965 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 966 1.1 christos goto err; 967 1.1 christos 968 1.1 christos for (i = 0; i < NUM0; i++) { 969 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0)) 970 1.1 christos && TEST_true(BN_bntest_rand(c, 512, 0, 0)))) 971 1.1 christos goto err; 972 1.1 christos for (j = 0; j < 2; j++) { 973 1.1 christos if (!(TEST_true(BN_GF2m_mod_div(d, a, c, b[j], ctx)) 974 1.1 christos && TEST_true(BN_GF2m_mod_mul(e, d, c, b[j], ctx)) 975 1.1 christos && TEST_true(BN_GF2m_mod_div(f, a, e, b[j], ctx)) 976 1.1 christos /* Test that ((a/c)*c)/a = 1. */ 977 1.1 christos && TEST_BN_eq_one(f))) 978 1.1 christos goto err; 979 1.1 christos } 980 1.1 christos } 981 1.1 christos st = 1; 982 1.1.1.2 christos err: 983 1.1 christos BN_free(a); 984 1.1 christos BN_free(b[0]); 985 1.1 christos BN_free(b[1]); 986 1.1 christos BN_free(c); 987 1.1 christos BN_free(d); 988 1.1 christos BN_free(e); 989 1.1 christos BN_free(f); 990 1.1 christos return st; 991 1.1 christos } 992 1.1 christos 993 1.1 christos static int test_gf2m_modexp(void) 994 1.1 christos { 995 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 996 1.1 christos BIGNUM *e = NULL, *f = NULL; 997 1.1 christos int i, j, st = 0; 998 1.1 christos 999 1.1 christos if (!TEST_ptr(a = BN_new()) 1000 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 1001 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 1002 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 1003 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 1004 1.1.1.2 christos || !TEST_ptr(e = BN_new()) 1005 1.1.1.2 christos || !TEST_ptr(f = BN_new())) 1006 1.1 christos goto err; 1007 1.1 christos 1008 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 1009 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 1010 1.1 christos goto err; 1011 1.1 christos 1012 1.1 christos for (i = 0; i < NUM0; i++) { 1013 1.1 christos if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0)) 1014 1.1 christos && TEST_true(BN_bntest_rand(c, 512, 0, 0)) 1015 1.1 christos && TEST_true(BN_bntest_rand(d, 512, 0, 0)))) 1016 1.1 christos goto err; 1017 1.1 christos for (j = 0; j < 2; j++) { 1018 1.1 christos if (!(TEST_true(BN_GF2m_mod_exp(e, a, c, b[j], ctx)) 1019 1.1 christos && TEST_true(BN_GF2m_mod_exp(f, a, d, b[j], ctx)) 1020 1.1 christos && TEST_true(BN_GF2m_mod_mul(e, e, f, b[j], ctx)) 1021 1.1 christos && TEST_true(BN_add(f, c, d)) 1022 1.1 christos && TEST_true(BN_GF2m_mod_exp(f, a, f, b[j], ctx)) 1023 1.1 christos && TEST_true(BN_GF2m_add(f, e, f)) 1024 1.1 christos /* Test that a^(c+d)=a^c*a^d. */ 1025 1.1 christos && TEST_BN_eq_zero(f))) 1026 1.1 christos goto err; 1027 1.1 christos } 1028 1.1 christos } 1029 1.1 christos st = 1; 1030 1.1.1.2 christos err: 1031 1.1 christos BN_free(a); 1032 1.1 christos BN_free(b[0]); 1033 1.1 christos BN_free(b[1]); 1034 1.1 christos BN_free(c); 1035 1.1 christos BN_free(d); 1036 1.1 christos BN_free(e); 1037 1.1 christos BN_free(f); 1038 1.1 christos return st; 1039 1.1 christos } 1040 1.1 christos 1041 1.1 christos static int test_gf2m_modsqrt(void) 1042 1.1 christos { 1043 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 1044 1.1 christos BIGNUM *e = NULL, *f = NULL; 1045 1.1 christos int i, j, st = 0; 1046 1.1 christos 1047 1.1 christos if (!TEST_ptr(a = BN_new()) 1048 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 1049 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 1050 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 1051 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 1052 1.1.1.2 christos || !TEST_ptr(e = BN_new()) 1053 1.1.1.2 christos || !TEST_ptr(f = BN_new())) 1054 1.1 christos goto err; 1055 1.1 christos 1056 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 1057 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 1058 1.1 christos goto err; 1059 1.1 christos 1060 1.1 christos for (i = 0; i < NUM0; i++) { 1061 1.1 christos if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) 1062 1.1 christos goto err; 1063 1.1 christos 1064 1.1 christos for (j = 0; j < 2; j++) { 1065 1.1 christos if (!(TEST_true(BN_GF2m_mod(c, a, b[j])) 1066 1.1 christos && TEST_true(BN_GF2m_mod_sqrt(d, a, b[j], ctx)) 1067 1.1 christos && TEST_true(BN_GF2m_mod_sqr(e, d, b[j], ctx)) 1068 1.1 christos && TEST_true(BN_GF2m_add(f, c, e)) 1069 1.1 christos /* Test that d^2 = a, where d = sqrt(a). */ 1070 1.1 christos && TEST_BN_eq_zero(f))) 1071 1.1 christos goto err; 1072 1.1 christos } 1073 1.1 christos } 1074 1.1 christos st = 1; 1075 1.1.1.2 christos err: 1076 1.1 christos BN_free(a); 1077 1.1 christos BN_free(b[0]); 1078 1.1 christos BN_free(b[1]); 1079 1.1 christos BN_free(c); 1080 1.1 christos BN_free(d); 1081 1.1 christos BN_free(e); 1082 1.1 christos BN_free(f); 1083 1.1 christos return st; 1084 1.1 christos } 1085 1.1 christos 1086 1.1 christos static int test_gf2m_modsolvequad(void) 1087 1.1 christos { 1088 1.1.1.2 christos BIGNUM *a = NULL, *b[2] = { NULL, NULL }, *c = NULL, *d = NULL; 1089 1.1 christos BIGNUM *e = NULL; 1090 1.1 christos int i, j, s = 0, t, st = 0; 1091 1.1 christos 1092 1.1 christos if (!TEST_ptr(a = BN_new()) 1093 1.1.1.2 christos || !TEST_ptr(b[0] = BN_new()) 1094 1.1.1.2 christos || !TEST_ptr(b[1] = BN_new()) 1095 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 1096 1.1.1.2 christos || !TEST_ptr(d = BN_new()) 1097 1.1.1.2 christos || !TEST_ptr(e = BN_new())) 1098 1.1 christos goto err; 1099 1.1 christos 1100 1.1 christos if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) 1101 1.1 christos && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) 1102 1.1 christos goto err; 1103 1.1 christos 1104 1.1 christos for (i = 0; i < NUM0; i++) { 1105 1.1 christos if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) 1106 1.1 christos goto err; 1107 1.1 christos for (j = 0; j < 2; j++) { 1108 1.1 christos t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); 1109 1.1 christos if (t) { 1110 1.1 christos s++; 1111 1.1 christos if (!(TEST_true(BN_GF2m_mod_sqr(d, c, b[j], ctx)) 1112 1.1 christos && TEST_true(BN_GF2m_add(d, c, d)) 1113 1.1 christos && TEST_true(BN_GF2m_mod(e, a, b[j])) 1114 1.1 christos && TEST_true(BN_GF2m_add(e, e, d)) 1115 1.1 christos /* 1116 1.1 christos * Test that solution of quadratic c 1117 1.1 christos * satisfies c^2 + c = a. 1118 1.1 christos */ 1119 1.1 christos && TEST_BN_eq_zero(e))) 1120 1.1 christos goto err; 1121 1.1 christos } 1122 1.1 christos } 1123 1.1 christos } 1124 1.1 christos if (!TEST_int_ge(s, 0)) { 1125 1.1 christos TEST_info("%d tests found no roots; probably an error", NUM0); 1126 1.1 christos goto err; 1127 1.1 christos } 1128 1.1 christos st = 1; 1129 1.1.1.2 christos err: 1130 1.1 christos BN_free(a); 1131 1.1 christos BN_free(b[0]); 1132 1.1 christos BN_free(b[1]); 1133 1.1 christos BN_free(c); 1134 1.1 christos BN_free(d); 1135 1.1 christos BN_free(e); 1136 1.1 christos return st; 1137 1.1 christos } 1138 1.1 christos #endif 1139 1.1 christos 1140 1.1 christos static int test_kronecker(void) 1141 1.1 christos { 1142 1.1 christos BIGNUM *a = NULL, *b = NULL, *r = NULL, *t = NULL; 1143 1.1 christos int i, legendre, kronecker, st = 0; 1144 1.1 christos 1145 1.1 christos if (!TEST_ptr(a = BN_new()) 1146 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 1147 1.1.1.2 christos || !TEST_ptr(r = BN_new()) 1148 1.1.1.2 christos || !TEST_ptr(t = BN_new())) 1149 1.1 christos goto err; 1150 1.1 christos 1151 1.1 christos /* 1152 1.1 christos * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In 1153 1.1 christos * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is 1154 1.1 christos * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we 1155 1.1 christos * generate a random prime b and compare these values for a number of 1156 1.1 christos * random a's. (That is, we run the Solovay-Strassen primality test to 1157 1.1 christos * confirm that b is prime, except that we don't want to test whether b 1158 1.1 christos * is prime but whether BN_kronecker works.) 1159 1.1 christos */ 1160 1.1 christos 1161 1.1 christos if (!TEST_true(BN_generate_prime_ex(b, 512, 0, NULL, NULL, NULL))) 1162 1.1 christos goto err; 1163 1.1 christos BN_set_negative(b, rand_neg()); 1164 1.1 christos 1165 1.1 christos for (i = 0; i < NUM0; i++) { 1166 1.1 christos if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) 1167 1.1 christos goto err; 1168 1.1 christos BN_set_negative(a, rand_neg()); 1169 1.1 christos 1170 1.1 christos /* t := (|b|-1)/2 (note that b is odd) */ 1171 1.1 christos if (!TEST_true(BN_copy(t, b))) 1172 1.1 christos goto err; 1173 1.1 christos BN_set_negative(t, 0); 1174 1.1 christos if (!TEST_true(BN_sub_word(t, 1))) 1175 1.1 christos goto err; 1176 1.1 christos if (!TEST_true(BN_rshift1(t, t))) 1177 1.1 christos goto err; 1178 1.1 christos /* r := a^t mod b */ 1179 1.1 christos BN_set_negative(b, 0); 1180 1.1 christos 1181 1.1 christos if (!TEST_true(BN_mod_exp_recp(r, a, t, b, ctx))) 1182 1.1 christos goto err; 1183 1.1 christos BN_set_negative(b, 1); 1184 1.1 christos 1185 1.1 christos if (BN_is_word(r, 1)) 1186 1.1 christos legendre = 1; 1187 1.1 christos else if (BN_is_zero(r)) 1188 1.1 christos legendre = 0; 1189 1.1 christos else { 1190 1.1 christos if (!TEST_true(BN_add_word(r, 1))) 1191 1.1 christos goto err; 1192 1.1 christos if (!TEST_int_eq(BN_ucmp(r, b), 0)) { 1193 1.1 christos TEST_info("Legendre symbol computation failed"); 1194 1.1 christos goto err; 1195 1.1 christos } 1196 1.1 christos legendre = -1; 1197 1.1 christos } 1198 1.1 christos 1199 1.1 christos if (!TEST_int_ge(kronecker = BN_kronecker(a, b, ctx), -1)) 1200 1.1 christos goto err; 1201 1.1 christos /* we actually need BN_kronecker(a, |b|) */ 1202 1.1 christos if (BN_is_negative(a) && BN_is_negative(b)) 1203 1.1 christos kronecker = -kronecker; 1204 1.1 christos 1205 1.1 christos if (!TEST_int_eq(legendre, kronecker)) 1206 1.1 christos goto err; 1207 1.1 christos } 1208 1.1 christos 1209 1.1 christos st = 1; 1210 1.1.1.2 christos err: 1211 1.1 christos BN_free(a); 1212 1.1 christos BN_free(b); 1213 1.1 christos BN_free(r); 1214 1.1 christos BN_free(t); 1215 1.1 christos return st; 1216 1.1 christos } 1217 1.1 christos 1218 1.1 christos static int file_sum(STANZA *s) 1219 1.1 christos { 1220 1.1 christos BIGNUM *a = NULL, *b = NULL, *sum = NULL, *ret = NULL; 1221 1.1 christos BN_ULONG b_word; 1222 1.1 christos int st = 0; 1223 1.1 christos 1224 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1225 1.1.1.2 christos || !TEST_ptr(b = getBN(s, "B")) 1226 1.1.1.2 christos || !TEST_ptr(sum = getBN(s, "Sum")) 1227 1.1.1.2 christos || !TEST_ptr(ret = BN_new())) 1228 1.1 christos goto err; 1229 1.1 christos 1230 1.1 christos if (!TEST_true(BN_add(ret, a, b)) 1231 1.1.1.2 christos || !equalBN("A + B", sum, ret) 1232 1.1.1.2 christos || !TEST_true(BN_sub(ret, sum, a)) 1233 1.1.1.2 christos || !equalBN("Sum - A", b, ret) 1234 1.1.1.2 christos || !TEST_true(BN_sub(ret, sum, b)) 1235 1.1.1.2 christos || !equalBN("Sum - B", a, ret)) 1236 1.1 christos goto err; 1237 1.1 christos 1238 1.1 christos /* 1239 1.1 christos * Test that the functions work when |r| and |a| point to the same BIGNUM, 1240 1.1 christos * or when |r| and |b| point to the same BIGNUM. 1241 1.1 christos * There is no test for all of |r|, |a|, and |b| pointint to the same BIGNUM. 1242 1.1 christos */ 1243 1.1 christos if (!TEST_true(BN_copy(ret, a)) 1244 1.1.1.2 christos || !TEST_true(BN_add(ret, ret, b)) 1245 1.1.1.2 christos || !equalBN("A + B (r is a)", sum, ret) 1246 1.1.1.2 christos || !TEST_true(BN_copy(ret, b)) 1247 1.1.1.2 christos || !TEST_true(BN_add(ret, a, ret)) 1248 1.1.1.2 christos || !equalBN("A + B (r is b)", sum, ret) 1249 1.1.1.2 christos || !TEST_true(BN_copy(ret, sum)) 1250 1.1.1.2 christos || !TEST_true(BN_sub(ret, ret, a)) 1251 1.1.1.2 christos || !equalBN("Sum - A (r is a)", b, ret) 1252 1.1.1.2 christos || !TEST_true(BN_copy(ret, a)) 1253 1.1.1.2 christos || !TEST_true(BN_sub(ret, sum, ret)) 1254 1.1.1.2 christos || !equalBN("Sum - A (r is b)", b, ret) 1255 1.1.1.2 christos || !TEST_true(BN_copy(ret, sum)) 1256 1.1.1.2 christos || !TEST_true(BN_sub(ret, ret, b)) 1257 1.1.1.2 christos || !equalBN("Sum - B (r is a)", a, ret) 1258 1.1.1.2 christos || !TEST_true(BN_copy(ret, b)) 1259 1.1.1.2 christos || !TEST_true(BN_sub(ret, sum, ret)) 1260 1.1.1.2 christos || !equalBN("Sum - B (r is b)", a, ret)) 1261 1.1 christos goto err; 1262 1.1 christos 1263 1.1 christos /* 1264 1.1 christos * Test BN_uadd() and BN_usub() with the prerequisites they are 1265 1.1 christos * documented as having. Note that these functions are frequently used 1266 1.1 christos * when the prerequisites don't hold. In those cases, they are supposed 1267 1.1 christos * to work as if the prerequisite hold, but we don't test that yet. 1268 1.1 christos */ 1269 1.1 christos if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) { 1270 1.1 christos if (!TEST_true(BN_uadd(ret, a, b)) 1271 1.1.1.2 christos || !equalBN("A +u B", sum, ret) 1272 1.1.1.2 christos || !TEST_true(BN_usub(ret, sum, a)) 1273 1.1.1.2 christos || !equalBN("Sum -u A", b, ret) 1274 1.1.1.2 christos || !TEST_true(BN_usub(ret, sum, b)) 1275 1.1.1.2 christos || !equalBN("Sum -u B", a, ret)) 1276 1.1 christos goto err; 1277 1.1 christos /* 1278 1.1 christos * Test that the functions work when |r| and |a| point to the same 1279 1.1 christos * BIGNUM, or when |r| and |b| point to the same BIGNUM. 1280 1.1 christos * There is no test for all of |r|, |a|, and |b| pointint to the same 1281 1.1 christos * BIGNUM. 1282 1.1 christos */ 1283 1.1 christos if (!TEST_true(BN_copy(ret, a)) 1284 1.1.1.2 christos || !TEST_true(BN_uadd(ret, ret, b)) 1285 1.1.1.2 christos || !equalBN("A +u B (r is a)", sum, ret) 1286 1.1.1.2 christos || !TEST_true(BN_copy(ret, b)) 1287 1.1.1.2 christos || !TEST_true(BN_uadd(ret, a, ret)) 1288 1.1.1.2 christos || !equalBN("A +u B (r is b)", sum, ret) 1289 1.1.1.2 christos || !TEST_true(BN_copy(ret, sum)) 1290 1.1.1.2 christos || !TEST_true(BN_usub(ret, ret, a)) 1291 1.1.1.2 christos || !equalBN("Sum -u A (r is a)", b, ret) 1292 1.1.1.2 christos || !TEST_true(BN_copy(ret, a)) 1293 1.1.1.2 christos || !TEST_true(BN_usub(ret, sum, ret)) 1294 1.1.1.2 christos || !equalBN("Sum -u A (r is b)", b, ret) 1295 1.1.1.2 christos || !TEST_true(BN_copy(ret, sum)) 1296 1.1.1.2 christos || !TEST_true(BN_usub(ret, ret, b)) 1297 1.1.1.2 christos || !equalBN("Sum -u B (r is a)", a, ret) 1298 1.1.1.2 christos || !TEST_true(BN_copy(ret, b)) 1299 1.1.1.2 christos || !TEST_true(BN_usub(ret, sum, ret)) 1300 1.1.1.2 christos || !equalBN("Sum -u B (r is b)", a, ret)) 1301 1.1 christos goto err; 1302 1.1 christos } 1303 1.1 christos 1304 1.1 christos /* 1305 1.1 christos * Test with BN_add_word() and BN_sub_word() if |b| is small enough. 1306 1.1 christos */ 1307 1.1 christos b_word = BN_get_word(b); 1308 1.1 christos if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { 1309 1.1 christos if (!TEST_true(BN_copy(ret, a)) 1310 1.1.1.2 christos || !TEST_true(BN_add_word(ret, b_word)) 1311 1.1.1.2 christos || !equalBN("A + B (word)", sum, ret) 1312 1.1.1.2 christos || !TEST_true(BN_copy(ret, sum)) 1313 1.1.1.2 christos || !TEST_true(BN_sub_word(ret, b_word)) 1314 1.1.1.2 christos || !equalBN("Sum - B (word)", a, ret)) 1315 1.1 christos goto err; 1316 1.1 christos } 1317 1.1 christos st = 1; 1318 1.1 christos 1319 1.1.1.2 christos err: 1320 1.1 christos BN_free(a); 1321 1.1 christos BN_free(b); 1322 1.1 christos BN_free(sum); 1323 1.1 christos BN_free(ret); 1324 1.1 christos return st; 1325 1.1 christos } 1326 1.1 christos 1327 1.1 christos static int file_lshift1(STANZA *s) 1328 1.1 christos { 1329 1.1 christos BIGNUM *a = NULL, *lshift1 = NULL, *zero = NULL, *ret = NULL; 1330 1.1 christos BIGNUM *two = NULL, *remainder = NULL; 1331 1.1 christos int st = 0; 1332 1.1 christos 1333 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1334 1.1.1.2 christos || !TEST_ptr(lshift1 = getBN(s, "LShift1")) 1335 1.1.1.2 christos || !TEST_ptr(zero = BN_new()) 1336 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1337 1.1.1.2 christos || !TEST_ptr(two = BN_new()) 1338 1.1.1.2 christos || !TEST_ptr(remainder = BN_new())) 1339 1.1 christos goto err; 1340 1.1 christos 1341 1.1 christos BN_zero(zero); 1342 1.1 christos 1343 1.1 christos if (!TEST_true(BN_set_word(two, 2)) 1344 1.1.1.2 christos || !TEST_true(BN_add(ret, a, a)) 1345 1.1.1.2 christos || !equalBN("A + A", lshift1, ret) 1346 1.1.1.2 christos || !TEST_true(BN_mul(ret, a, two, ctx)) 1347 1.1.1.2 christos || !equalBN("A * 2", lshift1, ret) 1348 1.1.1.2 christos || !TEST_true(BN_div(ret, remainder, lshift1, two, ctx)) 1349 1.1.1.2 christos || !equalBN("LShift1 / 2", a, ret) 1350 1.1.1.2 christos || !equalBN("LShift1 % 2", zero, remainder) 1351 1.1.1.2 christos || !TEST_true(BN_lshift1(ret, a)) 1352 1.1.1.2 christos || !equalBN("A << 1", lshift1, ret) 1353 1.1.1.2 christos || !TEST_true(BN_rshift1(ret, lshift1)) 1354 1.1.1.2 christos || !equalBN("LShift >> 1", a, ret) 1355 1.1.1.2 christos || !TEST_true(BN_rshift1(ret, lshift1)) 1356 1.1.1.2 christos || !equalBN("LShift >> 1", a, ret)) 1357 1.1 christos goto err; 1358 1.1 christos 1359 1.1 christos /* Set the LSB to 1 and test rshift1 again. */ 1360 1.1 christos if (!TEST_true(BN_set_bit(lshift1, 0)) 1361 1.1.1.2 christos || !TEST_true(BN_div(ret, NULL /* rem */, lshift1, two, ctx)) 1362 1.1.1.2 christos || !equalBN("(LShift1 | 1) / 2", a, ret) 1363 1.1.1.2 christos || !TEST_true(BN_rshift1(ret, lshift1)) 1364 1.1.1.2 christos || !equalBN("(LShift | 1) >> 1", a, ret)) 1365 1.1 christos goto err; 1366 1.1 christos 1367 1.1 christos st = 1; 1368 1.1.1.2 christos err: 1369 1.1 christos BN_free(a); 1370 1.1 christos BN_free(lshift1); 1371 1.1 christos BN_free(zero); 1372 1.1 christos BN_free(ret); 1373 1.1 christos BN_free(two); 1374 1.1 christos BN_free(remainder); 1375 1.1 christos 1376 1.1 christos return st; 1377 1.1 christos } 1378 1.1 christos 1379 1.1 christos static int file_lshift(STANZA *s) 1380 1.1 christos { 1381 1.1 christos BIGNUM *a = NULL, *lshift = NULL, *ret = NULL; 1382 1.1 christos int n = 0, st = 0; 1383 1.1 christos 1384 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1385 1.1.1.2 christos || !TEST_ptr(lshift = getBN(s, "LShift")) 1386 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1387 1.1.1.2 christos || !getint(s, &n, "N")) 1388 1.1 christos goto err; 1389 1.1 christos 1390 1.1 christos if (!TEST_true(BN_lshift(ret, a, n)) 1391 1.1.1.2 christos || !equalBN("A << N", lshift, ret) 1392 1.1.1.2 christos || !TEST_true(BN_rshift(ret, lshift, n)) 1393 1.1.1.2 christos || !equalBN("A >> N", a, ret)) 1394 1.1 christos goto err; 1395 1.1 christos 1396 1.1 christos st = 1; 1397 1.1.1.2 christos err: 1398 1.1 christos BN_free(a); 1399 1.1 christos BN_free(lshift); 1400 1.1 christos BN_free(ret); 1401 1.1 christos return st; 1402 1.1 christos } 1403 1.1 christos 1404 1.1 christos static int file_rshift(STANZA *s) 1405 1.1 christos { 1406 1.1 christos BIGNUM *a = NULL, *rshift = NULL, *ret = NULL; 1407 1.1 christos int n = 0, st = 0; 1408 1.1 christos 1409 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1410 1.1.1.2 christos || !TEST_ptr(rshift = getBN(s, "RShift")) 1411 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1412 1.1.1.2 christos || !getint(s, &n, "N")) 1413 1.1 christos goto err; 1414 1.1 christos 1415 1.1 christos if (!TEST_true(BN_rshift(ret, a, n)) 1416 1.1.1.2 christos || !equalBN("A >> N", rshift, ret)) 1417 1.1 christos goto err; 1418 1.1 christos 1419 1.1 christos /* If N == 1, try with rshift1 as well */ 1420 1.1 christos if (n == 1) { 1421 1.1 christos if (!TEST_true(BN_rshift1(ret, a)) 1422 1.1.1.2 christos || !equalBN("A >> 1 (rshift1)", rshift, ret)) 1423 1.1 christos goto err; 1424 1.1 christos } 1425 1.1 christos st = 1; 1426 1.1 christos 1427 1.1.1.2 christos err: 1428 1.1 christos BN_free(a); 1429 1.1 christos BN_free(rshift); 1430 1.1 christos BN_free(ret); 1431 1.1 christos return st; 1432 1.1 christos } 1433 1.1 christos 1434 1.1 christos static int file_square(STANZA *s) 1435 1.1 christos { 1436 1.1 christos BIGNUM *a = NULL, *square = NULL, *zero = NULL, *ret = NULL; 1437 1.1 christos BIGNUM *remainder = NULL, *tmp = NULL; 1438 1.1 christos int st = 0; 1439 1.1 christos 1440 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1441 1.1.1.2 christos || !TEST_ptr(square = getBN(s, "Square")) 1442 1.1.1.2 christos || !TEST_ptr(zero = BN_new()) 1443 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1444 1.1.1.2 christos || !TEST_ptr(remainder = BN_new())) 1445 1.1 christos goto err; 1446 1.1 christos 1447 1.1 christos BN_zero(zero); 1448 1.1 christos if (!TEST_true(BN_sqr(ret, a, ctx)) 1449 1.1.1.2 christos || !equalBN("A^2", square, ret) 1450 1.1.1.2 christos || !TEST_true(BN_mul(ret, a, a, ctx)) 1451 1.1.1.2 christos || !equalBN("A * A", square, ret) 1452 1.1.1.2 christos || !TEST_true(BN_div(ret, remainder, square, a, ctx)) 1453 1.1.1.2 christos || !equalBN("Square / A", a, ret) 1454 1.1.1.2 christos || !equalBN("Square % A", zero, remainder)) 1455 1.1 christos goto err; 1456 1.1 christos 1457 1.1 christos #if HAVE_BN_SQRT 1458 1.1 christos BN_set_negative(a, 0); 1459 1.1 christos if (!TEST_true(BN_sqrt(ret, square, ctx)) 1460 1.1.1.2 christos || !equalBN("sqrt(Square)", a, ret)) 1461 1.1 christos goto err; 1462 1.1 christos 1463 1.1 christos /* BN_sqrt should fail on non-squares and negative numbers. */ 1464 1.1 christos if (!TEST_BN_eq_zero(square)) { 1465 1.1 christos if (!TEST_ptr(tmp = BN_new()) 1466 1.1.1.2 christos || !TEST_true(BN_copy(tmp, square))) 1467 1.1 christos goto err; 1468 1.1 christos BN_set_negative(tmp, 1); 1469 1.1 christos 1470 1.1 christos if (!TEST_int_eq(BN_sqrt(ret, tmp, ctx), 0)) 1471 1.1 christos goto err; 1472 1.1 christos ERR_clear_error(); 1473 1.1 christos 1474 1.1 christos BN_set_negative(tmp, 0); 1475 1.1 christos if (BN_add(tmp, tmp, BN_value_one())) 1476 1.1 christos goto err; 1477 1.1 christos if (!TEST_int_eq(BN_sqrt(ret, tmp, ctx))) 1478 1.1 christos goto err; 1479 1.1 christos ERR_clear_error(); 1480 1.1 christos } 1481 1.1 christos #endif 1482 1.1 christos 1483 1.1 christos st = 1; 1484 1.1.1.2 christos err: 1485 1.1 christos BN_free(a); 1486 1.1 christos BN_free(square); 1487 1.1 christos BN_free(zero); 1488 1.1 christos BN_free(ret); 1489 1.1 christos BN_free(remainder); 1490 1.1 christos BN_free(tmp); 1491 1.1 christos return st; 1492 1.1 christos } 1493 1.1 christos 1494 1.1 christos static int file_product(STANZA *s) 1495 1.1 christos { 1496 1.1 christos BIGNUM *a = NULL, *b = NULL, *product = NULL, *ret = NULL; 1497 1.1 christos BIGNUM *remainder = NULL, *zero = NULL; 1498 1.1 christos int st = 0; 1499 1.1 christos 1500 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1501 1.1.1.2 christos || !TEST_ptr(b = getBN(s, "B")) 1502 1.1.1.2 christos || !TEST_ptr(product = getBN(s, "Product")) 1503 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1504 1.1.1.2 christos || !TEST_ptr(remainder = BN_new()) 1505 1.1.1.2 christos || !TEST_ptr(zero = BN_new())) 1506 1.1 christos goto err; 1507 1.1 christos 1508 1.1 christos BN_zero(zero); 1509 1.1 christos 1510 1.1 christos if (!TEST_true(BN_mul(ret, a, b, ctx)) 1511 1.1.1.2 christos || !equalBN("A * B", product, ret) 1512 1.1.1.2 christos || !TEST_true(BN_div(ret, remainder, product, a, ctx)) 1513 1.1.1.2 christos || !equalBN("Product / A", b, ret) 1514 1.1.1.2 christos || !equalBN("Product % A", zero, remainder) 1515 1.1.1.2 christos || !TEST_true(BN_div(ret, remainder, product, b, ctx)) 1516 1.1.1.2 christos || !equalBN("Product / B", a, ret) 1517 1.1.1.2 christos || !equalBN("Product % B", zero, remainder)) 1518 1.1 christos goto err; 1519 1.1 christos 1520 1.1 christos st = 1; 1521 1.1.1.2 christos err: 1522 1.1 christos BN_free(a); 1523 1.1 christos BN_free(b); 1524 1.1 christos BN_free(product); 1525 1.1 christos BN_free(ret); 1526 1.1 christos BN_free(remainder); 1527 1.1 christos BN_free(zero); 1528 1.1 christos return st; 1529 1.1 christos } 1530 1.1 christos 1531 1.1 christos static int file_quotient(STANZA *s) 1532 1.1 christos { 1533 1.1 christos BIGNUM *a = NULL, *b = NULL, *quotient = NULL, *remainder = NULL; 1534 1.1 christos BIGNUM *ret = NULL, *ret2 = NULL, *nnmod = NULL; 1535 1.1 christos BN_ULONG b_word, ret_word; 1536 1.1 christos int st = 0; 1537 1.1 christos 1538 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1539 1.1.1.2 christos || !TEST_ptr(b = getBN(s, "B")) 1540 1.1.1.2 christos || !TEST_ptr(quotient = getBN(s, "Quotient")) 1541 1.1.1.2 christos || !TEST_ptr(remainder = getBN(s, "Remainder")) 1542 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1543 1.1.1.2 christos || !TEST_ptr(ret2 = BN_new()) 1544 1.1.1.2 christos || !TEST_ptr(nnmod = BN_new())) 1545 1.1 christos goto err; 1546 1.1 christos 1547 1.1 christos if (!TEST_true(BN_div(ret, ret2, a, b, ctx)) 1548 1.1.1.2 christos || !equalBN("A / B", quotient, ret) 1549 1.1.1.2 christos || !equalBN("A % B", remainder, ret2) 1550 1.1.1.2 christos || !TEST_true(BN_mul(ret, quotient, b, ctx)) 1551 1.1.1.2 christos || !TEST_true(BN_add(ret, ret, remainder)) 1552 1.1.1.2 christos || !equalBN("Quotient * B + Remainder", a, ret)) 1553 1.1 christos goto err; 1554 1.1 christos 1555 1.1 christos /* 1556 1.1 christos * Test with BN_mod_word() and BN_div_word() if the divisor is 1557 1.1 christos * small enough. 1558 1.1 christos */ 1559 1.1 christos b_word = BN_get_word(b); 1560 1.1 christos if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { 1561 1.1 christos BN_ULONG remainder_word = BN_get_word(remainder); 1562 1.1 christos 1563 1.1 christos assert(remainder_word != (BN_ULONG)-1); 1564 1.1 christos if (!TEST_ptr(BN_copy(ret, a))) 1565 1.1 christos goto err; 1566 1.1 christos ret_word = BN_div_word(ret, b_word); 1567 1.1 christos if (ret_word != remainder_word) { 1568 1.1 christos #ifdef BN_DEC_FMT1 1569 1.1 christos TEST_error( 1570 1.1.1.2 christos "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1, 1571 1.1.1.2 christos ret_word, remainder_word); 1572 1.1 christos #else 1573 1.1 christos TEST_error("Got A %% B (word) mismatch"); 1574 1.1 christos #endif 1575 1.1 christos goto err; 1576 1.1 christos } 1577 1.1.1.2 christos if (!equalBN("A / B (word)", quotient, ret)) 1578 1.1 christos goto err; 1579 1.1 christos 1580 1.1 christos ret_word = BN_mod_word(a, b_word); 1581 1.1 christos if (ret_word != remainder_word) { 1582 1.1 christos #ifdef BN_DEC_FMT1 1583 1.1 christos TEST_error( 1584 1.1.1.2 christos "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1 "", 1585 1.1.1.2 christos ret_word, remainder_word); 1586 1.1 christos #else 1587 1.1 christos TEST_error("Got A %% B (word) mismatch"); 1588 1.1 christos #endif 1589 1.1 christos goto err; 1590 1.1 christos } 1591 1.1 christos } 1592 1.1 christos 1593 1.1 christos /* Test BN_nnmod. */ 1594 1.1 christos if (!BN_is_negative(b)) { 1595 1.1 christos if (!TEST_true(BN_copy(nnmod, remainder)) 1596 1.1.1.2 christos || (BN_is_negative(nnmod) 1597 1.1.1.2 christos && !TEST_true(BN_add(nnmod, nnmod, b))) 1598 1.1.1.2 christos || !TEST_true(BN_nnmod(ret, a, b, ctx)) 1599 1.1.1.2 christos || !equalBN("A % B (non-negative)", nnmod, ret)) 1600 1.1 christos goto err; 1601 1.1 christos } 1602 1.1 christos 1603 1.1 christos st = 1; 1604 1.1.1.2 christos err: 1605 1.1 christos BN_free(a); 1606 1.1 christos BN_free(b); 1607 1.1 christos BN_free(quotient); 1608 1.1 christos BN_free(remainder); 1609 1.1 christos BN_free(ret); 1610 1.1 christos BN_free(ret2); 1611 1.1 christos BN_free(nnmod); 1612 1.1 christos return st; 1613 1.1 christos } 1614 1.1 christos 1615 1.1 christos static int file_modmul(STANZA *s) 1616 1.1 christos { 1617 1.1 christos BIGNUM *a = NULL, *b = NULL, *m = NULL, *mod_mul = NULL, *ret = NULL; 1618 1.1 christos int st = 0; 1619 1.1 christos 1620 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1621 1.1.1.2 christos || !TEST_ptr(b = getBN(s, "B")) 1622 1.1.1.2 christos || !TEST_ptr(m = getBN(s, "M")) 1623 1.1.1.2 christos || !TEST_ptr(mod_mul = getBN(s, "ModMul")) 1624 1.1.1.2 christos || !TEST_ptr(ret = BN_new())) 1625 1.1 christos goto err; 1626 1.1 christos 1627 1.1 christos if (!TEST_true(BN_mod_mul(ret, a, b, m, ctx)) 1628 1.1.1.2 christos || !equalBN("A * B (mod M)", mod_mul, ret)) 1629 1.1 christos goto err; 1630 1.1 christos 1631 1.1 christos if (BN_is_odd(m)) { 1632 1.1 christos /* Reduce |a| and |b| and test the Montgomery version. */ 1633 1.1 christos BN_MONT_CTX *mont = BN_MONT_CTX_new(); 1634 1.1 christos BIGNUM *a_tmp = BN_new(); 1635 1.1 christos BIGNUM *b_tmp = BN_new(); 1636 1.1 christos 1637 1.1 christos if (mont == NULL || a_tmp == NULL || b_tmp == NULL 1638 1.1.1.2 christos || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) 1639 1.1.1.2 christos || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) 1640 1.1.1.2 christos || !TEST_true(BN_nnmod(b_tmp, b, m, ctx)) 1641 1.1.1.2 christos || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) 1642 1.1.1.2 christos || !TEST_true(BN_to_montgomery(b_tmp, b_tmp, mont, ctx)) 1643 1.1.1.2 christos || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, b_tmp, 1644 1.1.1.2 christos mont, ctx)) 1645 1.1.1.2 christos || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) 1646 1.1.1.2 christos || !equalBN("A * B (mod M) (mont)", mod_mul, ret)) 1647 1.1 christos st = 0; 1648 1.1 christos else 1649 1.1 christos st = 1; 1650 1.1 christos BN_MONT_CTX_free(mont); 1651 1.1 christos BN_free(a_tmp); 1652 1.1 christos BN_free(b_tmp); 1653 1.1 christos if (st == 0) 1654 1.1 christos goto err; 1655 1.1 christos } 1656 1.1 christos 1657 1.1 christos st = 1; 1658 1.1.1.2 christos err: 1659 1.1 christos BN_free(a); 1660 1.1 christos BN_free(b); 1661 1.1 christos BN_free(m); 1662 1.1 christos BN_free(mod_mul); 1663 1.1 christos BN_free(ret); 1664 1.1 christos return st; 1665 1.1 christos } 1666 1.1 christos 1667 1.1 christos static int file_modexp(STANZA *s) 1668 1.1 christos { 1669 1.1 christos BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL; 1670 1.1 christos BIGNUM *b = NULL, *c = NULL, *d = NULL; 1671 1.1 christos int st = 0; 1672 1.1 christos 1673 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1674 1.1.1.2 christos || !TEST_ptr(e = getBN(s, "E")) 1675 1.1.1.2 christos || !TEST_ptr(m = getBN(s, "M")) 1676 1.1.1.2 christos || !TEST_ptr(mod_exp = getBN(s, "ModExp")) 1677 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1678 1.1.1.2 christos || !TEST_ptr(d = BN_new())) 1679 1.1 christos goto err; 1680 1.1 christos 1681 1.1 christos if (!TEST_true(BN_mod_exp(ret, a, e, m, ctx)) 1682 1.1.1.2 christos || !equalBN("A ^ E (mod M)", mod_exp, ret)) 1683 1.1 christos goto err; 1684 1.1 christos 1685 1.1 christos if (BN_is_odd(m)) { 1686 1.1 christos if (!TEST_true(BN_mod_exp_mont(ret, a, e, m, ctx, NULL)) 1687 1.1.1.2 christos || !equalBN("A ^ E (mod M) (mont)", mod_exp, ret) 1688 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_consttime(ret, a, e, m, 1689 1.1.1.2 christos ctx, NULL)) 1690 1.1.1.2 christos || !equalBN("A ^ E (mod M) (mont const", mod_exp, ret)) 1691 1.1 christos goto err; 1692 1.1 christos } 1693 1.1 christos 1694 1.1 christos /* Regression test for carry propagation bug in sqr8x_reduction */ 1695 1.1 christos BN_hex2bn(&a, "050505050505"); 1696 1.1 christos BN_hex2bn(&b, "02"); 1697 1.1 christos BN_hex2bn(&c, 1698 1.1 christos "4141414141414141414141274141414141414141414141414141414141414141" 1699 1.1 christos "4141414141414141414141414141414141414141414141414141414141414141" 1700 1.1 christos "4141414141414141414141800000000000000000000000000000000000000000" 1701 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000" 1702 1.1 christos "0000000000000000000000000000000000000000000000000000000000000000" 1703 1.1 christos "0000000000000000000000000000000000000000000000000000000001"); 1704 1.1 christos if (!TEST_true(BN_mod_exp(d, a, b, c, ctx)) 1705 1.1 christos || !TEST_true(BN_mul(e, a, a, ctx)) 1706 1.1 christos || !TEST_BN_eq(d, e)) 1707 1.1 christos goto err; 1708 1.1 christos 1709 1.1 christos st = 1; 1710 1.1.1.2 christos err: 1711 1.1 christos BN_free(a); 1712 1.1 christos BN_free(b); 1713 1.1 christos BN_free(c); 1714 1.1 christos BN_free(d); 1715 1.1 christos BN_free(e); 1716 1.1 christos BN_free(m); 1717 1.1 christos BN_free(mod_exp); 1718 1.1 christos BN_free(ret); 1719 1.1 christos return st; 1720 1.1 christos } 1721 1.1 christos 1722 1.1 christos static int file_exp(STANZA *s) 1723 1.1 christos { 1724 1.1 christos BIGNUM *a = NULL, *e = NULL, *exp = NULL, *ret = NULL; 1725 1.1 christos int st = 0; 1726 1.1 christos 1727 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1728 1.1.1.2 christos || !TEST_ptr(e = getBN(s, "E")) 1729 1.1.1.2 christos || !TEST_ptr(exp = getBN(s, "Exp")) 1730 1.1.1.2 christos || !TEST_ptr(ret = BN_new())) 1731 1.1 christos goto err; 1732 1.1 christos 1733 1.1 christos if (!TEST_true(BN_exp(ret, a, e, ctx)) 1734 1.1.1.2 christos || !equalBN("A ^ E", exp, ret)) 1735 1.1 christos goto err; 1736 1.1 christos 1737 1.1 christos st = 1; 1738 1.1.1.2 christos err: 1739 1.1 christos BN_free(a); 1740 1.1 christos BN_free(e); 1741 1.1 christos BN_free(exp); 1742 1.1 christos BN_free(ret); 1743 1.1 christos return st; 1744 1.1 christos } 1745 1.1 christos 1746 1.1 christos static int file_modsqrt(STANZA *s) 1747 1.1 christos { 1748 1.1 christos BIGNUM *a = NULL, *p = NULL, *mod_sqrt = NULL, *ret = NULL, *ret2 = NULL; 1749 1.1 christos int st = 0; 1750 1.1 christos 1751 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1752 1.1.1.2 christos || !TEST_ptr(p = getBN(s, "P")) 1753 1.1.1.2 christos || !TEST_ptr(mod_sqrt = getBN(s, "ModSqrt")) 1754 1.1.1.2 christos || !TEST_ptr(ret = BN_new()) 1755 1.1.1.2 christos || !TEST_ptr(ret2 = BN_new())) 1756 1.1 christos goto err; 1757 1.1 christos 1758 1.1 christos if (BN_is_negative(mod_sqrt)) { 1759 1.1 christos /* A negative testcase */ 1760 1.1 christos if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) 1761 1.1 christos goto err; 1762 1.1 christos 1763 1.1 christos st = 1; 1764 1.1 christos goto err; 1765 1.1 christos } 1766 1.1 christos 1767 1.1 christos /* There are two possible answers. */ 1768 1.1 christos if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) 1769 1.1.1.2 christos || !TEST_true(BN_sub(ret2, p, ret))) 1770 1.1 christos goto err; 1771 1.1 christos 1772 1.1 christos /* The first condition should NOT be a test. */ 1773 1.1 christos if (BN_cmp(ret2, mod_sqrt) != 0 1774 1.1.1.2 christos && !equalBN("sqrt(A) (mod P)", mod_sqrt, ret)) 1775 1.1 christos goto err; 1776 1.1 christos 1777 1.1 christos st = 1; 1778 1.1.1.2 christos err: 1779 1.1 christos BN_free(a); 1780 1.1 christos BN_free(p); 1781 1.1 christos BN_free(mod_sqrt); 1782 1.1 christos BN_free(ret); 1783 1.1 christos BN_free(ret2); 1784 1.1 christos return st; 1785 1.1 christos } 1786 1.1 christos 1787 1.1 christos static int file_gcd(STANZA *s) 1788 1.1 christos { 1789 1.1 christos BIGNUM *a = NULL, *b = NULL, *gcd = NULL, *ret = NULL; 1790 1.1 christos int st = 0; 1791 1.1 christos 1792 1.1 christos if (!TEST_ptr(a = getBN(s, "A")) 1793 1.1.1.2 christos || !TEST_ptr(b = getBN(s, "B")) 1794 1.1.1.2 christos || !TEST_ptr(gcd = getBN(s, "GCD")) 1795 1.1.1.2 christos || !TEST_ptr(ret = BN_new())) 1796 1.1 christos goto err; 1797 1.1 christos 1798 1.1 christos if (!TEST_true(BN_gcd(ret, a, b, ctx)) 1799 1.1.1.2 christos || !equalBN("gcd(A,B)", gcd, ret)) 1800 1.1 christos goto err; 1801 1.1 christos 1802 1.1 christos st = 1; 1803 1.1.1.2 christos err: 1804 1.1 christos BN_free(a); 1805 1.1 christos BN_free(b); 1806 1.1 christos BN_free(gcd); 1807 1.1 christos BN_free(ret); 1808 1.1 christos return st; 1809 1.1 christos } 1810 1.1 christos 1811 1.1 christos static int test_bn2padded(void) 1812 1.1 christos { 1813 1.1 christos uint8_t zeros[256], out[256], reference[128]; 1814 1.1 christos size_t bytes; 1815 1.1 christos BIGNUM *n; 1816 1.1 christos int st = 0; 1817 1.1 christos 1818 1.1 christos /* Test edge case at 0. */ 1819 1.1 christos if (!TEST_ptr((n = BN_new()))) 1820 1.1 christos goto err; 1821 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), 0)) 1822 1.1 christos goto err; 1823 1.1 christos memset(out, -1, sizeof(out)); 1824 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out))) 1825 1.1 christos goto err; 1826 1.1 christos memset(zeros, 0, sizeof(zeros)); 1827 1.1 christos if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out))) 1828 1.1 christos goto err; 1829 1.1 christos 1830 1.1 christos /* Test a random numbers at various byte lengths. */ 1831 1.1 christos for (bytes = 128 - 7; bytes <= 128; bytes++) { 1832 1.1.1.2 christos #define TOP_BIT_ON 0 1833 1.1.1.2 christos #define BOTTOM_BIT_NOTOUCH 0 1834 1.1 christos if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH))) 1835 1.1 christos goto err; 1836 1.1 christos if (!TEST_int_eq(BN_num_bytes(n), bytes) 1837 1.1.1.2 christos || !TEST_int_eq(BN_bn2bin(n, reference), bytes)) 1838 1.1 christos goto err; 1839 1.1 christos /* Empty buffer should fail. */ 1840 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1)) 1841 1.1 christos goto err; 1842 1.1 christos /* One byte short should fail. */ 1843 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, out, bytes - 1), -1)) 1844 1.1 christos goto err; 1845 1.1 christos /* Exactly right size should encode. */ 1846 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes) 1847 1.1.1.2 christos || !TEST_mem_eq(out, bytes, reference, bytes)) 1848 1.1 christos goto err; 1849 1.1 christos /* Pad up one byte extra. */ 1850 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1) 1851 1.1.1.2 christos || !TEST_mem_eq(out + 1, bytes, reference, bytes) 1852 1.1.1.2 christos || !TEST_mem_eq(out, 1, zeros, 1)) 1853 1.1 christos goto err; 1854 1.1 christos /* Pad up to 256. */ 1855 1.1 christos if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)) 1856 1.1.1.2 christos || !TEST_mem_eq(out + sizeof(out) - bytes, bytes, 1857 1.1.1.2 christos reference, bytes) 1858 1.1.1.2 christos || !TEST_mem_eq(out, sizeof(out) - bytes, 1859 1.1.1.2 christos zeros, sizeof(out) - bytes)) 1860 1.1 christos goto err; 1861 1.1 christos } 1862 1.1 christos 1863 1.1 christos st = 1; 1864 1.1.1.2 christos err: 1865 1.1 christos BN_free(n); 1866 1.1 christos return st; 1867 1.1 christos } 1868 1.1 christos 1869 1.1 christos static const MPITEST kSignedTests_BE[] = { 1870 1.1.1.2 christos { "-1", "\xff", 1 }, 1871 1.1.1.2 christos { "0", "", 0 }, 1872 1.1.1.2 christos { "1", "\x01", 1 }, 1873 1.1 christos /* 1874 1.1 christos * The above cover the basics, now let's go for possible bignum 1875 1.1 christos * chunk edges and other word edges (for a broad definition of 1876 1.1 christos * "word", i.e. 1 byte included). 1877 1.1 christos */ 1878 1.1 christos /* 1 byte edge */ 1879 1.1.1.2 christos { "127", "\x7f", 1 }, 1880 1.1.1.2 christos { "-127", "\x81", 1 }, 1881 1.1.1.2 christos { "128", "\x00\x80", 2 }, 1882 1.1.1.2 christos { "-128", "\x80", 1 }, 1883 1.1.1.2 christos { "129", "\x00\x81", 2 }, 1884 1.1.1.2 christos { "-129", "\xff\x7f", 2 }, 1885 1.1.1.2 christos { "255", "\x00\xff", 2 }, 1886 1.1.1.2 christos { "-255", "\xff\x01", 2 }, 1887 1.1.1.2 christos { "256", "\x01\x00", 2 }, 1888 1.1.1.2 christos { "-256", "\xff\x00", 2 }, 1889 1.1 christos /* 2 byte edge */ 1890 1.1.1.2 christos { "32767", "\x7f\xff", 2 }, 1891 1.1.1.2 christos { "-32767", "\x80\x01", 2 }, 1892 1.1.1.2 christos { "32768", "\x00\x80\x00", 3 }, 1893 1.1.1.2 christos { "-32768", "\x80\x00", 2 }, 1894 1.1.1.2 christos { "32769", "\x00\x80\x01", 3 }, 1895 1.1.1.2 christos { "-32769", "\xff\x7f\xff", 3 }, 1896 1.1.1.2 christos { "65535", "\x00\xff\xff", 3 }, 1897 1.1.1.2 christos { "-65535", "\xff\x00\x01", 3 }, 1898 1.1.1.2 christos { "65536", "\x01\x00\x00", 3 }, 1899 1.1.1.2 christos { "-65536", "\xff\x00\x00", 3 }, 1900 1.1 christos /* 4 byte edge */ 1901 1.1.1.2 christos { "2147483647", "\x7f\xff\xff\xff", 4 }, 1902 1.1.1.2 christos { "-2147483647", "\x80\x00\x00\x01", 4 }, 1903 1.1.1.2 christos { "2147483648", "\x00\x80\x00\x00\x00", 5 }, 1904 1.1.1.2 christos { "-2147483648", "\x80\x00\x00\x00", 4 }, 1905 1.1.1.2 christos { "2147483649", "\x00\x80\x00\x00\x01", 5 }, 1906 1.1.1.2 christos { "-2147483649", "\xff\x7f\xff\xff\xff", 5 }, 1907 1.1.1.2 christos { "4294967295", "\x00\xff\xff\xff\xff", 5 }, 1908 1.1.1.2 christos { "-4294967295", "\xff\x00\x00\x00\x01", 5 }, 1909 1.1.1.2 christos { "4294967296", "\x01\x00\x00\x00\x00", 5 }, 1910 1.1.1.2 christos { "-4294967296", "\xff\x00\x00\x00\x00", 5 }, 1911 1.1 christos /* 8 byte edge */ 1912 1.1.1.2 christos { "9223372036854775807", "\x7f\xff\xff\xff\xff\xff\xff\xff", 8 }, 1913 1.1.1.2 christos { "-9223372036854775807", "\x80\x00\x00\x00\x00\x00\x00\x01", 8 }, 1914 1.1.1.2 christos { "9223372036854775808", "\x00\x80\x00\x00\x00\x00\x00\x00\x00", 9 }, 1915 1.1.1.2 christos { "-9223372036854775808", "\x80\x00\x00\x00\x00\x00\x00\x00", 8 }, 1916 1.1.1.2 christos { "9223372036854775809", "\x00\x80\x00\x00\x00\x00\x00\x00\x01", 9 }, 1917 1.1.1.2 christos { "-9223372036854775809", "\xff\x7f\xff\xff\xff\xff\xff\xff\xff", 9 }, 1918 1.1.1.2 christos { "18446744073709551615", "\x00\xff\xff\xff\xff\xff\xff\xff\xff", 9 }, 1919 1.1.1.2 christos { "-18446744073709551615", "\xff\x00\x00\x00\x00\x00\x00\x00\x01", 9 }, 1920 1.1.1.2 christos { "18446744073709551616", "\x01\x00\x00\x00\x00\x00\x00\x00\x00", 9 }, 1921 1.1.1.2 christos { "-18446744073709551616", "\xff\x00\x00\x00\x00\x00\x00\x00\x00", 9 }, 1922 1.1 christos }; 1923 1.1 christos 1924 1.1 christos static int copy_reversed(uint8_t *dst, uint8_t *src, size_t len) 1925 1.1 christos { 1926 1.1 christos for (dst += len - 1; len > 0; src++, dst--, len--) 1927 1.1 christos *dst = *src; 1928 1.1 christos return 1; 1929 1.1 christos } 1930 1.1 christos 1931 1.1 christos static int test_bn2signed(int i) 1932 1.1 christos { 1933 1.1 christos uint8_t scratch[10], reversed[10]; 1934 1.1 christos const MPITEST *test = &kSignedTests_BE[i]; 1935 1.1 christos BIGNUM *bn = NULL, *bn2 = NULL; 1936 1.1 christos int st = 0; 1937 1.1 christos 1938 1.1 christos if (!TEST_ptr(bn = BN_new()) 1939 1.1 christos || !TEST_true(BN_asc2bn(&bn, test->base10))) 1940 1.1 christos goto err; 1941 1.1 christos 1942 1.1 christos /* 1943 1.1 christos * Check BN_signed_bn2bin() / BN_signed_bin2bn() 1944 1.1 christos * The interesting stuff happens in the last bytes of the buffers, 1945 1.1 christos * the beginning is just padding (i.e. sign extension). 1946 1.1 christos */ 1947 1.1 christos i = sizeof(scratch) - test->mpi_len; 1948 1.1 christos if (!TEST_int_eq(BN_signed_bn2bin(bn, scratch, sizeof(scratch)), 1949 1.1.1.2 christos sizeof(scratch)) 1950 1.1 christos || !TEST_true(copy_reversed(reversed, scratch, sizeof(scratch))) 1951 1.1 christos || !TEST_mem_eq(test->mpi, test->mpi_len, scratch + i, test->mpi_len)) 1952 1.1 christos goto err; 1953 1.1 christos 1954 1.1 christos if (!TEST_ptr(bn2 = BN_signed_bin2bn(scratch, sizeof(scratch), NULL)) 1955 1.1 christos || !TEST_BN_eq(bn, bn2)) 1956 1.1 christos goto err; 1957 1.1 christos 1958 1.1 christos BN_free(bn2); 1959 1.1 christos bn2 = NULL; 1960 1.1 christos 1961 1.1 christos /* Check that a parse of the reversed buffer works too */ 1962 1.1 christos if (!TEST_ptr(bn2 = BN_signed_lebin2bn(reversed, sizeof(reversed), NULL)) 1963 1.1 christos || !TEST_BN_eq(bn, bn2)) 1964 1.1 christos goto err; 1965 1.1 christos 1966 1.1 christos BN_free(bn2); 1967 1.1 christos bn2 = NULL; 1968 1.1 christos 1969 1.1 christos /* 1970 1.1 christos * Check BN_signed_bn2lebin() / BN_signed_lebin2bn() 1971 1.1 christos * The interesting stuff happens in the first bytes of the buffers, 1972 1.1 christos * the end is just padding (i.e. sign extension). 1973 1.1 christos */ 1974 1.1 christos i = sizeof(reversed) - test->mpi_len; 1975 1.1 christos if (!TEST_int_eq(BN_signed_bn2lebin(bn, scratch, sizeof(scratch)), 1976 1.1.1.2 christos sizeof(scratch)) 1977 1.1 christos || !TEST_true(copy_reversed(reversed, scratch, sizeof(scratch))) 1978 1.1 christos || !TEST_mem_eq(test->mpi, test->mpi_len, reversed + i, test->mpi_len)) 1979 1.1 christos goto err; 1980 1.1 christos 1981 1.1 christos if (!TEST_ptr(bn2 = BN_signed_lebin2bn(scratch, sizeof(scratch), NULL)) 1982 1.1 christos || !TEST_BN_eq(bn, bn2)) 1983 1.1 christos goto err; 1984 1.1 christos 1985 1.1 christos BN_free(bn2); 1986 1.1 christos bn2 = NULL; 1987 1.1 christos 1988 1.1 christos /* Check that a parse of the reversed buffer works too */ 1989 1.1 christos if (!TEST_ptr(bn2 = BN_signed_bin2bn(reversed, sizeof(reversed), NULL)) 1990 1.1 christos || !TEST_BN_eq(bn, bn2)) 1991 1.1 christos goto err; 1992 1.1 christos 1993 1.1 christos st = 1; 1994 1.1.1.2 christos err: 1995 1.1 christos BN_free(bn2); 1996 1.1 christos BN_free(bn); 1997 1.1 christos return st; 1998 1.1 christos } 1999 1.1 christos 2000 1.1 christos static int test_dec2bn(void) 2001 1.1 christos { 2002 1.1 christos BIGNUM *bn = NULL; 2003 1.1 christos int st = 0; 2004 1.1 christos 2005 1.1 christos if (!TEST_int_eq(parsedecBN(&bn, "0"), 1) 2006 1.1.1.2 christos || !TEST_BN_eq_word(bn, 0) 2007 1.1.1.2 christos || !TEST_BN_eq_zero(bn) 2008 1.1.1.2 christos || !TEST_BN_le_zero(bn) 2009 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2010 1.1.1.2 christos || !TEST_BN_even(bn)) 2011 1.1 christos goto err; 2012 1.1 christos BN_free(bn); 2013 1.1 christos bn = NULL; 2014 1.1 christos 2015 1.1 christos if (!TEST_int_eq(parsedecBN(&bn, "256"), 3) 2016 1.1.1.2 christos || !TEST_BN_eq_word(bn, 256) 2017 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2018 1.1.1.2 christos || !TEST_BN_gt_zero(bn) 2019 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2020 1.1.1.2 christos || !TEST_BN_even(bn)) 2021 1.1 christos goto err; 2022 1.1 christos BN_free(bn); 2023 1.1 christos bn = NULL; 2024 1.1 christos 2025 1.1 christos if (!TEST_int_eq(parsedecBN(&bn, "-42"), 3) 2026 1.1.1.2 christos || !TEST_BN_abs_eq_word(bn, 42) 2027 1.1.1.2 christos || !TEST_BN_lt_zero(bn) 2028 1.1.1.2 christos || !TEST_BN_le_zero(bn) 2029 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2030 1.1.1.2 christos || !TEST_BN_even(bn)) 2031 1.1 christos goto err; 2032 1.1 christos BN_free(bn); 2033 1.1 christos bn = NULL; 2034 1.1 christos 2035 1.1 christos if (!TEST_int_eq(parsedecBN(&bn, "1"), 1) 2036 1.1.1.2 christos || !TEST_BN_eq_word(bn, 1) 2037 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2038 1.1.1.2 christos || !TEST_BN_gt_zero(bn) 2039 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2040 1.1.1.2 christos || !TEST_BN_eq_one(bn) 2041 1.1.1.2 christos || !TEST_BN_odd(bn)) 2042 1.1 christos goto err; 2043 1.1 christos BN_free(bn); 2044 1.1 christos bn = NULL; 2045 1.1 christos 2046 1.1 christos if (!TEST_int_eq(parsedecBN(&bn, "-0"), 2) 2047 1.1.1.2 christos || !TEST_BN_eq_zero(bn) 2048 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2049 1.1.1.2 christos || !TEST_BN_le_zero(bn) 2050 1.1.1.2 christos || !TEST_BN_even(bn)) 2051 1.1 christos goto err; 2052 1.1 christos BN_free(bn); 2053 1.1 christos bn = NULL; 2054 1.1 christos 2055 1.1 christos if (!TEST_int_eq(parsedecBN(&bn, "42trailing garbage is ignored"), 2) 2056 1.1.1.2 christos || !TEST_BN_abs_eq_word(bn, 42) 2057 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2058 1.1.1.2 christos || !TEST_BN_gt_zero(bn) 2059 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2060 1.1.1.2 christos || !TEST_BN_even(bn)) 2061 1.1 christos goto err; 2062 1.1 christos 2063 1.1 christos st = 1; 2064 1.1.1.2 christos err: 2065 1.1 christos BN_free(bn); 2066 1.1 christos return st; 2067 1.1 christos } 2068 1.1 christos 2069 1.1 christos static int test_hex2bn(void) 2070 1.1 christos { 2071 1.1 christos BIGNUM *bn = NULL; 2072 1.1 christos int st = 0; 2073 1.1 christos 2074 1.1 christos if (!TEST_int_eq(parseBN(&bn, "0"), 1) 2075 1.1.1.2 christos || !TEST_BN_eq_zero(bn) 2076 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2077 1.1.1.2 christos || !TEST_BN_even(bn)) 2078 1.1 christos goto err; 2079 1.1 christos BN_free(bn); 2080 1.1 christos bn = NULL; 2081 1.1 christos 2082 1.1 christos if (!TEST_int_eq(parseBN(&bn, "256"), 3) 2083 1.1.1.2 christos || !TEST_BN_eq_word(bn, 0x256) 2084 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2085 1.1.1.2 christos || !TEST_BN_gt_zero(bn) 2086 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2087 1.1.1.2 christos || !TEST_BN_even(bn)) 2088 1.1 christos goto err; 2089 1.1 christos BN_free(bn); 2090 1.1 christos bn = NULL; 2091 1.1 christos 2092 1.1 christos if (!TEST_int_eq(parseBN(&bn, "-42"), 3) 2093 1.1.1.2 christos || !TEST_BN_abs_eq_word(bn, 0x42) 2094 1.1.1.2 christos || !TEST_BN_lt_zero(bn) 2095 1.1.1.2 christos || !TEST_BN_le_zero(bn) 2096 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2097 1.1.1.2 christos || !TEST_BN_even(bn)) 2098 1.1 christos goto err; 2099 1.1 christos BN_free(bn); 2100 1.1 christos bn = NULL; 2101 1.1 christos 2102 1.1 christos if (!TEST_int_eq(parseBN(&bn, "cb"), 2) 2103 1.1.1.2 christos || !TEST_BN_eq_word(bn, 0xCB) 2104 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2105 1.1.1.2 christos || !TEST_BN_gt_zero(bn) 2106 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2107 1.1.1.2 christos || !TEST_BN_odd(bn)) 2108 1.1 christos goto err; 2109 1.1 christos BN_free(bn); 2110 1.1 christos bn = NULL; 2111 1.1 christos 2112 1.1 christos if (!TEST_int_eq(parseBN(&bn, "-0"), 2) 2113 1.1.1.2 christos || !TEST_BN_eq_zero(bn) 2114 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2115 1.1.1.2 christos || !TEST_BN_le_zero(bn) 2116 1.1.1.2 christos || !TEST_BN_even(bn)) 2117 1.1 christos goto err; 2118 1.1 christos BN_free(bn); 2119 1.1 christos bn = NULL; 2120 1.1 christos 2121 1.1 christos if (!TEST_int_eq(parseBN(&bn, "abctrailing garbage is ignored"), 3) 2122 1.1.1.2 christos || !TEST_BN_eq_word(bn, 0xabc) 2123 1.1.1.2 christos || !TEST_BN_ge_zero(bn) 2124 1.1.1.2 christos || !TEST_BN_gt_zero(bn) 2125 1.1.1.2 christos || !TEST_BN_ne_zero(bn) 2126 1.1.1.2 christos || !TEST_BN_even(bn)) 2127 1.1 christos goto err; 2128 1.1 christos st = 1; 2129 1.1 christos 2130 1.1.1.2 christos err: 2131 1.1 christos BN_free(bn); 2132 1.1 christos return st; 2133 1.1 christos } 2134 1.1 christos 2135 1.1 christos static int test_asc2bn(void) 2136 1.1 christos { 2137 1.1 christos BIGNUM *bn = NULL; 2138 1.1 christos int st = 0; 2139 1.1 christos 2140 1.1 christos if (!TEST_ptr(bn = BN_new())) 2141 1.1 christos goto err; 2142 1.1 christos 2143 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "0")) 2144 1.1.1.2 christos || !TEST_BN_eq_zero(bn) 2145 1.1.1.2 christos || !TEST_BN_ge_zero(bn)) 2146 1.1 christos goto err; 2147 1.1 christos 2148 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "256")) 2149 1.1.1.2 christos || !TEST_BN_eq_word(bn, 256) 2150 1.1.1.2 christos || !TEST_BN_ge_zero(bn)) 2151 1.1 christos goto err; 2152 1.1 christos 2153 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "-42")) 2154 1.1.1.2 christos || !TEST_BN_abs_eq_word(bn, 42) 2155 1.1.1.2 christos || !TEST_BN_lt_zero(bn)) 2156 1.1 christos goto err; 2157 1.1 christos 2158 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "0x1234")) 2159 1.1.1.2 christos || !TEST_BN_eq_word(bn, 0x1234) 2160 1.1.1.2 christos || !TEST_BN_ge_zero(bn)) 2161 1.1 christos goto err; 2162 1.1 christos 2163 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "0X1234")) 2164 1.1.1.2 christos || !TEST_BN_eq_word(bn, 0x1234) 2165 1.1.1.2 christos || !TEST_BN_ge_zero(bn)) 2166 1.1 christos goto err; 2167 1.1 christos 2168 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "-0xabcd")) 2169 1.1.1.2 christos || !TEST_BN_abs_eq_word(bn, 0xabcd) 2170 1.1.1.2 christos || !TEST_BN_lt_zero(bn)) 2171 1.1 christos goto err; 2172 1.1 christos 2173 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "-0")) 2174 1.1.1.2 christos || !TEST_BN_eq_zero(bn) 2175 1.1.1.2 christos || !TEST_BN_ge_zero(bn)) 2176 1.1 christos goto err; 2177 1.1 christos 2178 1.1 christos if (!TEST_true(BN_asc2bn(&bn, "123trailing garbage is ignored")) 2179 1.1.1.2 christos || !TEST_BN_eq_word(bn, 123) 2180 1.1.1.2 christos || !TEST_BN_ge_zero(bn)) 2181 1.1 christos goto err; 2182 1.1 christos 2183 1.1 christos st = 1; 2184 1.1.1.2 christos err: 2185 1.1 christos BN_free(bn); 2186 1.1 christos return st; 2187 1.1 christos } 2188 1.1 christos 2189 1.1 christos static const MPITEST kMPITests[] = { 2190 1.1.1.2 christos { "0", "\x00\x00\x00\x00", 4 }, 2191 1.1.1.2 christos { "1", "\x00\x00\x00\x01\x01", 5 }, 2192 1.1.1.2 christos { "-1", "\x00\x00\x00\x01\x81", 5 }, 2193 1.1.1.2 christos { "128", "\x00\x00\x00\x02\x00\x80", 6 }, 2194 1.1.1.2 christos { "256", "\x00\x00\x00\x02\x01\x00", 6 }, 2195 1.1.1.2 christos { "-256", "\x00\x00\x00\x02\x81\x00", 6 }, 2196 1.1 christos }; 2197 1.1 christos 2198 1.1 christos static int test_mpi(int i) 2199 1.1 christos { 2200 1.1 christos uint8_t scratch[8]; 2201 1.1 christos const MPITEST *test = &kMPITests[i]; 2202 1.1 christos size_t mpi_len, mpi_len2; 2203 1.1 christos BIGNUM *bn = NULL; 2204 1.1 christos BIGNUM *bn2 = NULL; 2205 1.1 christos int st = 0; 2206 1.1 christos 2207 1.1 christos if (!TEST_ptr(bn = BN_new()) 2208 1.1.1.2 christos || !TEST_true(BN_asc2bn(&bn, test->base10))) 2209 1.1 christos goto err; 2210 1.1 christos mpi_len = BN_bn2mpi(bn, NULL); 2211 1.1 christos if (!TEST_size_t_le(mpi_len, sizeof(scratch))) 2212 1.1 christos goto err; 2213 1.1 christos 2214 1.1 christos if (!TEST_size_t_eq(mpi_len2 = BN_bn2mpi(bn, scratch), mpi_len) 2215 1.1.1.2 christos || !TEST_mem_eq(test->mpi, test->mpi_len, scratch, mpi_len)) 2216 1.1 christos goto err; 2217 1.1 christos 2218 1.1 christos if (!TEST_ptr(bn2 = BN_mpi2bn(scratch, mpi_len, NULL))) 2219 1.1 christos goto err; 2220 1.1 christos 2221 1.1 christos if (!TEST_BN_eq(bn, bn2)) { 2222 1.1 christos BN_free(bn2); 2223 1.1 christos goto err; 2224 1.1 christos } 2225 1.1 christos BN_free(bn2); 2226 1.1 christos 2227 1.1 christos st = 1; 2228 1.1.1.2 christos err: 2229 1.1 christos BN_free(bn); 2230 1.1 christos return st; 2231 1.1 christos } 2232 1.1 christos 2233 1.1 christos static int test_bin2zero(void) 2234 1.1 christos { 2235 1.1 christos unsigned char input[] = { 0 }; 2236 1.1 christos BIGNUM *zbn = NULL; 2237 1.1 christos int ret = 0; 2238 1.1 christos 2239 1.1 christos if (!TEST_ptr(zbn = BN_new())) 2240 1.1 christos goto err; 2241 1.1 christos 2242 1.1.1.2 christos #define zerotest(fn) \ 2243 1.1 christos if (!TEST_ptr(fn(input, 1, zbn)) \ 2244 1.1.1.2 christos || !TEST_true(BN_is_zero(zbn)) \ 2245 1.1 christos || !TEST_ptr(fn(input, 0, zbn)) \ 2246 1.1.1.2 christos || !TEST_true(BN_is_zero(zbn)) \ 2247 1.1 christos || !TEST_ptr(fn(NULL, 0, zbn)) \ 2248 1.1.1.2 christos || !TEST_true(BN_is_zero(zbn))) \ 2249 1.1.1.2 christos goto err 2250 1.1 christos 2251 1.1 christos zerotest(BN_bin2bn); 2252 1.1 christos zerotest(BN_signed_bin2bn); 2253 1.1 christos zerotest(BN_lebin2bn); 2254 1.1 christos zerotest(BN_signed_lebin2bn); 2255 1.1 christos #undef zerotest 2256 1.1 christos 2257 1.1 christos ret = 1; 2258 1.1.1.2 christos err: 2259 1.1 christos BN_free(zbn); 2260 1.1 christos return ret; 2261 1.1 christos } 2262 1.1 christos 2263 1.1 christos static int test_bin2bn_lengths(void) 2264 1.1 christos { 2265 1.1 christos unsigned char input[] = { 1, 2 }; 2266 1.1 christos BIGNUM *bn_be = NULL, *bn_expected_be = NULL; 2267 1.1 christos BIGNUM *bn_le = NULL, *bn_expected_le = NULL; 2268 1.1 christos int ret = 0; 2269 1.1 christos 2270 1.1 christos if (!TEST_ptr(bn_be = BN_new()) 2271 1.1 christos || !TEST_ptr(bn_expected_be = BN_new()) 2272 1.1 christos || !TEST_true(BN_set_word(bn_expected_be, 0x102)) 2273 1.1 christos || !TEST_ptr(bn_le = BN_new()) 2274 1.1 christos || !TEST_ptr(bn_expected_le = BN_new()) 2275 1.1 christos || !TEST_true(BN_set_word(bn_expected_le, 0x201))) 2276 1.1 christos goto err; 2277 1.1 christos 2278 1.1.1.2 christos #define lengthtest(fn, e) \ 2279 1.1.1.2 christos if (!TEST_ptr_null(fn(input, -1, bn_##e)) \ 2280 1.1.1.2 christos || !TEST_ptr(fn(input, 0, bn_##e)) \ 2281 1.1.1.2 christos || !TEST_true(BN_is_zero(bn_##e)) \ 2282 1.1.1.2 christos || !TEST_ptr(fn(input, 2, bn_##e)) \ 2283 1.1.1.2 christos || !TEST_int_eq(BN_cmp(bn_##e, bn_expected_##e), 0)) \ 2284 1.1.1.2 christos goto err 2285 1.1 christos 2286 1.1 christos lengthtest(BN_bin2bn, be); 2287 1.1 christos lengthtest(BN_signed_bin2bn, be); 2288 1.1 christos lengthtest(BN_lebin2bn, le); 2289 1.1 christos lengthtest(BN_signed_lebin2bn, le); 2290 1.1 christos #undef lengthtest 2291 1.1 christos 2292 1.1 christos ret = 1; 2293 1.1.1.2 christos err: 2294 1.1 christos BN_free(bn_be); 2295 1.1 christos BN_free(bn_expected_be); 2296 1.1 christos BN_free(bn_le); 2297 1.1 christos BN_free(bn_expected_le); 2298 1.1 christos return ret; 2299 1.1 christos } 2300 1.1 christos 2301 1.1 christos static int test_rand(void) 2302 1.1 christos { 2303 1.1 christos BIGNUM *bn = NULL; 2304 1.1 christos int st = 0; 2305 1.1 christos 2306 1.1 christos if (!TEST_ptr(bn = BN_new())) 2307 1.1 christos return 0; 2308 1.1 christos 2309 1.1 christos /* Test BN_rand for degenerate cases with |top| and |bottom| parameters. */ 2310 1.1.1.2 christos if (!TEST_false(BN_rand(bn, 0, 0 /* top */, 0 /* bottom */)) 2311 1.1.1.2 christos || !TEST_false(BN_rand(bn, 0, 1 /* top */, 1 /* bottom */)) 2312 1.1.1.2 christos || !TEST_true(BN_rand(bn, 1, 0 /* top */, 0 /* bottom */)) 2313 1.1.1.2 christos || !TEST_BN_eq_one(bn) 2314 1.1.1.2 christos || !TEST_false(BN_rand(bn, 1, 1 /* top */, 0 /* bottom */)) 2315 1.1.1.2 christos || !TEST_true(BN_rand(bn, 1, -1 /* top */, 1 /* bottom */)) 2316 1.1.1.2 christos || !TEST_BN_eq_one(bn) 2317 1.1.1.2 christos || !TEST_true(BN_rand(bn, 2, 1 /* top */, 0 /* bottom */)) 2318 1.1.1.2 christos || !TEST_BN_eq_word(bn, 3)) 2319 1.1 christos goto err; 2320 1.1 christos 2321 1.1 christos st = 1; 2322 1.1.1.2 christos err: 2323 1.1 christos BN_free(bn); 2324 1.1 christos return st; 2325 1.1 christos } 2326 1.1 christos 2327 1.1 christos /* 2328 1.1 christos * Run some statistical tests to provide a degree confidence that the 2329 1.1 christos * BN_rand_range() function works as expected. The test cases and 2330 1.1 christos * critical values are generated by the bn_rand_range script. 2331 1.1 christos * 2332 1.1 christos * Each individual test is a Chi^2 goodness of fit for a specified number 2333 1.1 christos * of samples and range. The samples are assumed to be independent and 2334 1.1 christos * that they are from a discrete uniform distribution. 2335 1.1 christos * 2336 1.1 christos * Some of these individual tests are expected to fail, the success/failure 2337 1.1 christos * of each is an independent Bernoulli trial. The number of such successes 2338 1.1 christos * will form a binomial distribution. The count of the successes is compared 2339 1.1 christos * against a precomputed critical value to determine the overall outcome. 2340 1.1 christos */ 2341 1.1 christos struct rand_range_case { 2342 1.1 christos unsigned int range; 2343 1.1 christos unsigned int iterations; 2344 1.1 christos double critical; 2345 1.1 christos }; 2346 1.1 christos 2347 1.1 christos #include "bn_rand_range.h" 2348 1.1 christos 2349 1.1 christos static int test_rand_range_single(size_t n) 2350 1.1 christos { 2351 1.1 christos const unsigned int range = rand_range_cases[n].range; 2352 1.1 christos const unsigned int iterations = rand_range_cases[n].iterations; 2353 1.1 christos const double critical = rand_range_cases[n].critical; 2354 1.1 christos const double expected = iterations / (double)range; 2355 1.1 christos double sum = 0; 2356 1.1 christos BIGNUM *rng = NULL, *val = NULL; 2357 1.1 christos size_t *counts; 2358 1.1 christos unsigned int i, v; 2359 1.1 christos int res = 0; 2360 1.1 christos 2361 1.1 christos if (!TEST_ptr(counts = OPENSSL_zalloc(sizeof(*counts) * range)) 2362 1.1 christos || !TEST_ptr(rng = BN_new()) 2363 1.1 christos || !TEST_ptr(val = BN_new()) 2364 1.1 christos || !TEST_true(BN_set_word(rng, range))) 2365 1.1 christos goto err; 2366 1.1 christos for (i = 0; i < iterations; i++) { 2367 1.1 christos if (!TEST_true(BN_rand_range(val, rng)) 2368 1.1 christos || !TEST_uint_lt(v = (unsigned int)BN_get_word(val), range)) 2369 1.1 christos goto err; 2370 1.1 christos counts[v]++; 2371 1.1 christos } 2372 1.1 christos 2373 1.1 christos for (i = 0; i < range; i++) { 2374 1.1 christos const double delta = counts[i] - expected; 2375 1.1 christos sum += delta * delta; 2376 1.1 christos } 2377 1.1 christos sum /= expected; 2378 1.1 christos 2379 1.1 christos if (sum > critical) { 2380 1.1 christos TEST_info("Chi^2 test negative %.4f > %4.f", sum, critical); 2381 1.1 christos TEST_note("test case %zu range %u iterations %u", n + 1, range, 2382 1.1.1.2 christos iterations); 2383 1.1 christos goto err; 2384 1.1 christos } 2385 1.1 christos 2386 1.1 christos res = 1; 2387 1.1 christos err: 2388 1.1 christos BN_free(rng); 2389 1.1 christos BN_free(val); 2390 1.1 christos OPENSSL_free(counts); 2391 1.1 christos return res; 2392 1.1 christos } 2393 1.1 christos 2394 1.1 christos static int test_rand_range(void) 2395 1.1 christos { 2396 1.1 christos int n_success = 0; 2397 1.1 christos size_t i; 2398 1.1 christos 2399 1.1 christos for (i = 0; i < OSSL_NELEM(rand_range_cases); i++) 2400 1.1 christos n_success += test_rand_range_single(i); 2401 1.1 christos if (TEST_int_ge(n_success, binomial_critical)) 2402 1.1 christos return 1; 2403 1.1 christos TEST_note("This test is expected to fail by chance 0.01%% of the time."); 2404 1.1 christos return 0; 2405 1.1 christos } 2406 1.1 christos 2407 1.1 christos static int test_negzero(void) 2408 1.1 christos { 2409 1.1 christos BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; 2410 1.1 christos BIGNUM *numerator = NULL, *denominator = NULL; 2411 1.1 christos int consttime, st = 0; 2412 1.1 christos 2413 1.1 christos if (!TEST_ptr(a = BN_new()) 2414 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 2415 1.1.1.2 christos || !TEST_ptr(c = BN_new()) 2416 1.1.1.2 christos || !TEST_ptr(d = BN_new())) 2417 1.1 christos goto err; 2418 1.1 christos 2419 1.1 christos /* Test that BN_mul never gives negative zero. */ 2420 1.1 christos if (!TEST_true(BN_set_word(a, 1))) 2421 1.1 christos goto err; 2422 1.1 christos BN_set_negative(a, 1); 2423 1.1 christos BN_zero(b); 2424 1.1 christos if (!TEST_true(BN_mul(c, a, b, ctx))) 2425 1.1 christos goto err; 2426 1.1 christos if (!TEST_BN_eq_zero(c) 2427 1.1.1.2 christos || !TEST_BN_ge_zero(c)) 2428 1.1 christos goto err; 2429 1.1 christos 2430 1.1 christos for (consttime = 0; consttime < 2; consttime++) { 2431 1.1 christos if (!TEST_ptr(numerator = BN_new()) 2432 1.1.1.2 christos || !TEST_ptr(denominator = BN_new())) 2433 1.1 christos goto err; 2434 1.1 christos if (consttime) { 2435 1.1 christos BN_set_flags(numerator, BN_FLG_CONSTTIME); 2436 1.1 christos BN_set_flags(denominator, BN_FLG_CONSTTIME); 2437 1.1 christos } 2438 1.1 christos /* Test that BN_div never gives negative zero in the quotient. */ 2439 1.1 christos if (!TEST_true(BN_set_word(numerator, 1)) 2440 1.1.1.2 christos || !TEST_true(BN_set_word(denominator, 2))) 2441 1.1 christos goto err; 2442 1.1 christos BN_set_negative(numerator, 1); 2443 1.1 christos if (!TEST_true(BN_div(a, b, numerator, denominator, ctx)) 2444 1.1.1.2 christos || !TEST_BN_eq_zero(a) 2445 1.1.1.2 christos || !TEST_BN_ge_zero(a)) 2446 1.1 christos goto err; 2447 1.1 christos 2448 1.1 christos /* Test that BN_div never gives negative zero in the remainder. */ 2449 1.1 christos if (!TEST_true(BN_set_word(denominator, 1)) 2450 1.1.1.2 christos || !TEST_true(BN_div(a, b, numerator, denominator, ctx)) 2451 1.1.1.2 christos || !TEST_BN_eq_zero(b) 2452 1.1.1.2 christos || !TEST_BN_ge_zero(b)) 2453 1.1 christos goto err; 2454 1.1 christos BN_free(numerator); 2455 1.1 christos BN_free(denominator); 2456 1.1 christos numerator = denominator = NULL; 2457 1.1 christos } 2458 1.1 christos 2459 1.1 christos /* Test that BN_set_negative will not produce a negative zero. */ 2460 1.1 christos BN_zero(a); 2461 1.1 christos BN_set_negative(a, 1); 2462 1.1 christos if (BN_is_negative(a)) 2463 1.1 christos goto err; 2464 1.1 christos st = 1; 2465 1.1 christos 2466 1.1.1.2 christos err: 2467 1.1 christos BN_free(a); 2468 1.1 christos BN_free(b); 2469 1.1 christos BN_free(c); 2470 1.1 christos BN_free(d); 2471 1.1 christos BN_free(numerator); 2472 1.1 christos BN_free(denominator); 2473 1.1 christos return st; 2474 1.1 christos } 2475 1.1 christos 2476 1.1 christos static int test_badmod(void) 2477 1.1 christos { 2478 1.1 christos BIGNUM *a = NULL, *b = NULL, *zero = NULL; 2479 1.1 christos BN_MONT_CTX *mont = NULL; 2480 1.1 christos int st = 0; 2481 1.1 christos 2482 1.1 christos if (!TEST_ptr(a = BN_new()) 2483 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 2484 1.1.1.2 christos || !TEST_ptr(zero = BN_new()) 2485 1.1.1.2 christos || !TEST_ptr(mont = BN_MONT_CTX_new())) 2486 1.1 christos goto err; 2487 1.1 christos BN_zero(zero); 2488 1.1 christos 2489 1.1 christos if (!TEST_false(BN_div(a, b, BN_value_one(), zero, ctx))) 2490 1.1 christos goto err; 2491 1.1 christos ERR_clear_error(); 2492 1.1 christos 2493 1.1 christos if (!TEST_false(BN_mod_mul(a, BN_value_one(), BN_value_one(), zero, ctx))) 2494 1.1 christos goto err; 2495 1.1 christos ERR_clear_error(); 2496 1.1 christos 2497 1.1 christos if (!TEST_false(BN_mod_exp(a, BN_value_one(), BN_value_one(), zero, ctx))) 2498 1.1 christos goto err; 2499 1.1 christos ERR_clear_error(); 2500 1.1 christos 2501 1.1 christos if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), 2502 1.1.1.2 christos zero, ctx, NULL))) 2503 1.1 christos goto err; 2504 1.1 christos ERR_clear_error(); 2505 1.1 christos 2506 1.1 christos if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), 2507 1.1.1.2 christos zero, ctx, NULL))) 2508 1.1 christos goto err; 2509 1.1 christos ERR_clear_error(); 2510 1.1 christos 2511 1.1 christos if (!TEST_false(BN_MONT_CTX_set(mont, zero, ctx))) 2512 1.1 christos goto err; 2513 1.1 christos ERR_clear_error(); 2514 1.1 christos 2515 1.1 christos /* Some operations also may not be used with an even modulus. */ 2516 1.1 christos if (!TEST_true(BN_set_word(b, 16))) 2517 1.1 christos goto err; 2518 1.1 christos 2519 1.1 christos if (!TEST_false(BN_MONT_CTX_set(mont, b, ctx))) 2520 1.1 christos goto err; 2521 1.1 christos ERR_clear_error(); 2522 1.1 christos 2523 1.1 christos if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), 2524 1.1.1.2 christos b, ctx, NULL))) 2525 1.1 christos goto err; 2526 1.1 christos ERR_clear_error(); 2527 1.1 christos 2528 1.1 christos if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), 2529 1.1.1.2 christos b, ctx, NULL))) 2530 1.1 christos goto err; 2531 1.1 christos ERR_clear_error(); 2532 1.1 christos 2533 1.1 christos st = 1; 2534 1.1.1.2 christos err: 2535 1.1 christos BN_free(a); 2536 1.1 christos BN_free(b); 2537 1.1 christos BN_free(zero); 2538 1.1 christos BN_MONT_CTX_free(mont); 2539 1.1 christos return st; 2540 1.1 christos } 2541 1.1 christos 2542 1.1 christos static int test_expmodzero(void) 2543 1.1 christos { 2544 1.1 christos BIGNUM *a = NULL, *r = NULL, *zero = NULL; 2545 1.1 christos int st = 0; 2546 1.1 christos 2547 1.1 christos if (!TEST_ptr(zero = BN_new()) 2548 1.1.1.2 christos || !TEST_ptr(a = BN_new()) 2549 1.1.1.2 christos || !TEST_ptr(r = BN_new())) 2550 1.1 christos goto err; 2551 1.1 christos BN_zero(zero); 2552 1.1 christos 2553 1.1 christos if (!TEST_true(BN_mod_exp(r, a, zero, BN_value_one(), NULL)) 2554 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2555 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont(r, a, zero, BN_value_one(), 2556 1.1.1.2 christos NULL, NULL)) 2557 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2558 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_consttime(r, a, zero, 2559 1.1.1.2 christos BN_value_one(), 2560 1.1.1.2 christos NULL, NULL)) 2561 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2562 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_word(r, 42, zero, 2563 1.1.1.2 christos BN_value_one(), NULL, NULL)) 2564 1.1.1.2 christos || !TEST_BN_eq_zero(r)) 2565 1.1 christos goto err; 2566 1.1 christos 2567 1.1 christos st = 1; 2568 1.1.1.2 christos err: 2569 1.1 christos BN_free(zero); 2570 1.1 christos BN_free(a); 2571 1.1 christos BN_free(r); 2572 1.1 christos return st; 2573 1.1 christos } 2574 1.1 christos 2575 1.1 christos static int test_expmodone(void) 2576 1.1 christos { 2577 1.1 christos int ret = 0, i; 2578 1.1 christos BIGNUM *r = BN_new(); 2579 1.1 christos BIGNUM *a = BN_new(); 2580 1.1 christos BIGNUM *p = BN_new(); 2581 1.1 christos BIGNUM *m = BN_new(); 2582 1.1 christos 2583 1.1 christos if (!TEST_ptr(r) 2584 1.1.1.2 christos || !TEST_ptr(a) 2585 1.1.1.2 christos || !TEST_ptr(p) 2586 1.1.1.2 christos || !TEST_ptr(p) 2587 1.1.1.2 christos || !TEST_ptr(m) 2588 1.1.1.2 christos || !TEST_true(BN_set_word(a, 1)) 2589 1.1.1.2 christos || !TEST_true(BN_set_word(p, 0)) 2590 1.1.1.2 christos || !TEST_true(BN_set_word(m, 1))) 2591 1.1 christos goto err; 2592 1.1 christos 2593 1.1 christos /* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ 2594 1.1 christos for (i = 0; i < 2; i++) { 2595 1.1 christos if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) 2596 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2597 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) 2598 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2599 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) 2600 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2601 1.1.1.2 christos || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) 2602 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2603 1.1.1.2 christos || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) 2604 1.1.1.2 christos || !TEST_BN_eq_zero(r) 2605 1.1.1.2 christos || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) 2606 1.1.1.2 christos || !TEST_BN_eq_zero(r)) 2607 1.1 christos goto err; 2608 1.1 christos /* Repeat for r = 1 ^ 0 mod -1 */ 2609 1.1 christos if (i == 0) 2610 1.1 christos BN_set_negative(m, 1); 2611 1.1 christos } 2612 1.1 christos 2613 1.1 christos ret = 1; 2614 1.1.1.2 christos err: 2615 1.1 christos BN_free(r); 2616 1.1 christos BN_free(a); 2617 1.1 christos BN_free(p); 2618 1.1 christos BN_free(m); 2619 1.1 christos return ret; 2620 1.1 christos } 2621 1.1 christos 2622 1.1 christos static int test_smallprime(int kBits) 2623 1.1 christos { 2624 1.1 christos BIGNUM *r; 2625 1.1 christos int st = 0; 2626 1.1 christos 2627 1.1 christos if (!TEST_ptr(r = BN_new())) 2628 1.1 christos goto err; 2629 1.1 christos 2630 1.1 christos if (kBits <= 1) { 2631 1.1 christos if (!TEST_false(BN_generate_prime_ex(r, kBits, 0, 2632 1.1.1.2 christos NULL, NULL, NULL))) 2633 1.1 christos goto err; 2634 1.1 christos } else { 2635 1.1 christos if (!TEST_true(BN_generate_prime_ex(r, kBits, 0, 2636 1.1.1.2 christos NULL, NULL, NULL)) 2637 1.1.1.2 christos || !TEST_int_eq(BN_num_bits(r), kBits)) 2638 1.1 christos goto err; 2639 1.1 christos } 2640 1.1 christos 2641 1.1 christos st = 1; 2642 1.1.1.2 christos err: 2643 1.1 christos BN_free(r); 2644 1.1 christos return st; 2645 1.1 christos } 2646 1.1 christos 2647 1.1 christos static int test_smallsafeprime(int kBits) 2648 1.1 christos { 2649 1.1 christos BIGNUM *r; 2650 1.1 christos int st = 0; 2651 1.1 christos 2652 1.1 christos if (!TEST_ptr(r = BN_new())) 2653 1.1 christos goto err; 2654 1.1 christos 2655 1.1 christos if (kBits <= 5 && kBits != 3) { 2656 1.1 christos if (!TEST_false(BN_generate_prime_ex(r, kBits, 1, 2657 1.1.1.2 christos NULL, NULL, NULL))) 2658 1.1 christos goto err; 2659 1.1 christos } else { 2660 1.1 christos if (!TEST_true(BN_generate_prime_ex(r, kBits, 1, 2661 1.1.1.2 christos NULL, NULL, NULL)) 2662 1.1.1.2 christos || !TEST_int_eq(BN_num_bits(r), kBits)) 2663 1.1 christos goto err; 2664 1.1 christos } 2665 1.1 christos 2666 1.1 christos st = 1; 2667 1.1.1.2 christos err: 2668 1.1 christos BN_free(r); 2669 1.1 christos return st; 2670 1.1 christos } 2671 1.1 christos 2672 1.1 christos static int primes[] = { 2, 3, 5, 7, 17863 }; 2673 1.1 christos 2674 1.1 christos static int test_is_prime(int i) 2675 1.1 christos { 2676 1.1 christos int ret = 0; 2677 1.1 christos BIGNUM *r = NULL; 2678 1.1 christos int trial; 2679 1.1 christos 2680 1.1 christos if (!TEST_ptr(r = BN_new())) 2681 1.1 christos goto err; 2682 1.1 christos 2683 1.1 christos for (trial = 0; trial <= 1; ++trial) { 2684 1.1 christos if (!TEST_true(BN_set_word(r, primes[i])) 2685 1.1.1.2 christos || !TEST_int_eq(BN_check_prime(r, ctx, NULL), 2686 1.1.1.2 christos 1)) 2687 1.1 christos goto err; 2688 1.1 christos } 2689 1.1 christos 2690 1.1 christos ret = 1; 2691 1.1.1.2 christos err: 2692 1.1 christos BN_free(r); 2693 1.1 christos return ret; 2694 1.1 christos } 2695 1.1 christos 2696 1.1 christos static int not_primes[] = { -1, 0, 1, 4 }; 2697 1.1 christos 2698 1.1 christos static int test_not_prime(int i) 2699 1.1 christos { 2700 1.1 christos int ret = 0; 2701 1.1 christos BIGNUM *r = NULL; 2702 1.1 christos int trial; 2703 1.1 christos 2704 1.1 christos if (!TEST_ptr(r = BN_new())) 2705 1.1 christos goto err; 2706 1.1 christos 2707 1.1 christos for (trial = 0; trial <= 1; ++trial) { 2708 1.1 christos if (!TEST_true(BN_set_word(r, not_primes[i])) 2709 1.1.1.2 christos || !TEST_int_eq(BN_check_prime(r, ctx, NULL), 0)) 2710 1.1 christos goto err; 2711 1.1 christos } 2712 1.1 christos 2713 1.1 christos ret = 1; 2714 1.1.1.2 christos err: 2715 1.1 christos BN_free(r); 2716 1.1 christos return ret; 2717 1.1 christos } 2718 1.1 christos 2719 1.1 christos static int test_ctx_set_ct_flag(BN_CTX *c) 2720 1.1 christos { 2721 1.1 christos int st = 0; 2722 1.1 christos size_t i; 2723 1.1 christos BIGNUM *b[15]; 2724 1.1 christos 2725 1.1 christos BN_CTX_start(c); 2726 1.1 christos for (i = 0; i < OSSL_NELEM(b); i++) { 2727 1.1 christos if (!TEST_ptr(b[i] = BN_CTX_get(c))) 2728 1.1 christos goto err; 2729 1.1 christos if (i % 2 == 1) 2730 1.1 christos BN_set_flags(b[i], BN_FLG_CONSTTIME); 2731 1.1 christos } 2732 1.1 christos 2733 1.1 christos st = 1; 2734 1.1.1.2 christos err: 2735 1.1 christos BN_CTX_end(c); 2736 1.1 christos return st; 2737 1.1 christos } 2738 1.1 christos 2739 1.1 christos static int test_ctx_check_ct_flag(BN_CTX *c) 2740 1.1 christos { 2741 1.1 christos int st = 0; 2742 1.1 christos size_t i; 2743 1.1 christos BIGNUM *b[30]; 2744 1.1 christos 2745 1.1 christos BN_CTX_start(c); 2746 1.1 christos for (i = 0; i < OSSL_NELEM(b); i++) { 2747 1.1 christos if (!TEST_ptr(b[i] = BN_CTX_get(c))) 2748 1.1 christos goto err; 2749 1.1 christos if (!TEST_false(BN_get_flags(b[i], BN_FLG_CONSTTIME))) 2750 1.1 christos goto err; 2751 1.1 christos } 2752 1.1 christos 2753 1.1 christos st = 1; 2754 1.1.1.2 christos err: 2755 1.1 christos BN_CTX_end(c); 2756 1.1 christos return st; 2757 1.1 christos } 2758 1.1 christos 2759 1.1 christos static int test_ctx_consttime_flag(void) 2760 1.1 christos { 2761 1.1 christos /*- 2762 1.1 christos * The constant-time flag should not "leak" among BN_CTX frames: 2763 1.1 christos * 2764 1.1 christos * - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and 2765 1.1 christos * sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained 2766 1.1 christos * from the frame before ending it. 2767 1.1 christos * - test_ctx_check_ct_flag() then starts a new frame and gets a 2768 1.1 christos * number of BIGNUMs from it. In absence of leaks, none of the 2769 1.1 christos * BIGNUMs in the new frame should have BN_FLG_CONSTTIME set. 2770 1.1 christos * 2771 1.1 christos * In actual BN_CTX usage inside libcrypto the leak could happen at 2772 1.1 christos * any depth level in the BN_CTX stack, with varying results 2773 1.1 christos * depending on the patterns of sibling trees of nested function 2774 1.1 christos * calls sharing the same BN_CTX object, and the effect of 2775 1.1 christos * unintended BN_FLG_CONSTTIME on the called BN_* functions. 2776 1.1 christos * 2777 1.1 christos * This simple unit test abstracts away this complexity and verifies 2778 1.1 christos * that the leak does not happen between two sibling functions 2779 1.1 christos * sharing the same BN_CTX object at the same level of nesting. 2780 1.1 christos * 2781 1.1 christos */ 2782 1.1 christos BN_CTX *nctx = NULL; 2783 1.1 christos BN_CTX *sctx = NULL; 2784 1.1 christos size_t i = 0; 2785 1.1 christos int st = 0; 2786 1.1 christos 2787 1.1 christos if (!TEST_ptr(nctx = BN_CTX_new()) 2788 1.1.1.2 christos || !TEST_ptr(sctx = BN_CTX_secure_new())) 2789 1.1 christos goto err; 2790 1.1 christos 2791 1.1 christos for (i = 0; i < 2; i++) { 2792 1.1 christos BN_CTX *c = i == 0 ? nctx : sctx; 2793 1.1 christos if (!TEST_true(test_ctx_set_ct_flag(c)) 2794 1.1.1.2 christos || !TEST_true(test_ctx_check_ct_flag(c))) 2795 1.1 christos goto err; 2796 1.1 christos } 2797 1.1 christos 2798 1.1 christos st = 1; 2799 1.1.1.2 christos err: 2800 1.1 christos BN_CTX_free(nctx); 2801 1.1 christos BN_CTX_free(sctx); 2802 1.1 christos return st; 2803 1.1 christos } 2804 1.1 christos 2805 1.1 christos static int test_coprime(void) 2806 1.1 christos { 2807 1.1 christos BIGNUM *a = NULL, *b = NULL; 2808 1.1 christos int ret = 0; 2809 1.1 christos 2810 1.1 christos ret = TEST_ptr(a = BN_new()) 2811 1.1.1.2 christos && TEST_ptr(b = BN_new()) 2812 1.1.1.2 christos && TEST_true(BN_set_word(a, 66)) 2813 1.1.1.2 christos && TEST_true(BN_set_word(b, 99)) 2814 1.1.1.2 christos && TEST_int_eq(BN_are_coprime(a, b, ctx), 0) 2815 1.1.1.2 christos && TEST_int_eq(BN_are_coprime(b, a, ctx), 0) 2816 1.1.1.2 christos && TEST_true(BN_set_word(a, 67)) 2817 1.1.1.2 christos && TEST_int_eq(BN_are_coprime(a, b, ctx), 1) 2818 1.1.1.2 christos && TEST_int_eq(BN_are_coprime(b, a, ctx), 1); 2819 1.1 christos BN_free(a); 2820 1.1 christos BN_free(b); 2821 1.1 christos return ret; 2822 1.1 christos } 2823 1.1 christos 2824 1.1 christos static int test_gcd_prime(void) 2825 1.1 christos { 2826 1.1 christos BIGNUM *a = NULL, *b = NULL, *gcd = NULL; 2827 1.1 christos int i, st = 0; 2828 1.1 christos 2829 1.1 christos if (!TEST_ptr(a = BN_new()) 2830 1.1.1.2 christos || !TEST_ptr(b = BN_new()) 2831 1.1.1.2 christos || !TEST_ptr(gcd = BN_new())) 2832 1.1 christos goto err; 2833 1.1 christos 2834 1.1 christos if (!TEST_true(BN_generate_prime_ex(a, 1024, 0, NULL, NULL, NULL))) 2835 1.1.1.2 christos goto err; 2836 1.1 christos for (i = 0; i < NUM_PRIME_TESTS; i++) { 2837 1.1 christos if (!TEST_true(BN_generate_prime_ex(b, 1024, 0, 2838 1.1.1.2 christos NULL, NULL, NULL)) 2839 1.1.1.2 christos || !TEST_true(BN_gcd(gcd, a, b, ctx)) 2840 1.1.1.2 christos || !TEST_true(BN_is_one(gcd)) 2841 1.1.1.2 christos || !TEST_true(BN_are_coprime(a, b, ctx))) 2842 1.1 christos goto err; 2843 1.1 christos } 2844 1.1 christos 2845 1.1 christos st = 1; 2846 1.1.1.2 christos err: 2847 1.1 christos BN_free(a); 2848 1.1 christos BN_free(b); 2849 1.1 christos BN_free(gcd); 2850 1.1 christos return st; 2851 1.1 christos } 2852 1.1 christos 2853 1.1 christos typedef struct mod_exp_test_st { 2854 1.1 christos const char *base; 2855 1.1 christos const char *exp; 2856 1.1 christos const char *mod; 2857 1.1 christos const char *res; 2858 1.1 christos } MOD_EXP_TEST; 2859 1.1 christos 2860 1.1 christos static const MOD_EXP_TEST ModExpTests[] = { 2861 1.1.1.2 christos /* original test vectors for rsaz_512_sqr bug, by OSS-Fuzz */ 2862 1.1.1.2 christos { 2863 1.1.1.2 christos "1166180238001879113042182292626169621106255558914000595999312084" 2864 1.1.1.2 christos "4627946820899490684928760491249738643524880720584249698100907201" 2865 1.1.1.2 christos "002086675047927600340800371", 2866 1.1.1.2 christos "8000000000000000000000000000000000000000000000000000000000000000" 2867 1.1.1.2 christos "0000000000000000000000000000000000000000000000000000000000000000" 2868 1.1.1.2 christos "00000000", 2869 1.1.1.2 christos "1340780792684523720980737645613191762604395855615117867483316354" 2870 1.1.1.2 christos "3294276330515137663421134775482798690129946803802212663956180562" 2871 1.1.1.2 christos "088664022929883876655300863", 2872 1.1.1.2 christos "8243904058268085430037326628480645845409758077568738532059032482" 2873 1.1.1.2 christos "8294114415890603594730158120426756266457928475330450251339773498" 2874 1.1.1.2 christos "26758407619521544102068438" }, 2875 1.1.1.2 christos { "4974270041410803822078866696159586946995877618987010219312844726" 2876 1.1.1.2 christos "0284386121835740784990869050050504348861513337232530490826340663" 2877 1.1.1.2 christos "197278031692737429054", 2878 1.1.1.2 christos "4974270041410803822078866696159586946995877428188754995041148539" 2879 1.1.1.2 christos "1663243362592271353668158565195557417149981094324650322556843202" 2880 1.1.1.2 christos "946445882670777892608", 2881 1.1.1.2 christos "1340780716511420227215592830971452482815377482627251725537099028" 2882 1.1.1.2 christos "4429769497230131760206012644403029349547320953206103351725462999" 2883 1.1.1.2 christos "947509743623340557059752191", 2884 1.1.1.2 christos "5296244594780707015616522701706118082963369547253192207884519362" 2885 1.1.1.2 christos "1767869984947542695665420219028522815539559194793619684334900442" 2886 1.1.1.2 christos "49304558011362360473525933" }, 2887 1.1.1.2 christos /* test vectors for rsaz_512_srq bug, with rcx/rbx=1 */ 2888 1.1.1.2 christos { /* between first and second iteration */ 2889 1.1.1.2 christos "5148719036160389201525610950887605325980251964889646556085286545" 2890 1.1.1.2 christos "3931548809178823413169359635978762036512397113080988070677858033" 2891 1.1.1.2 christos "36463909753993540214027190", 2892 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2893 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2894 1.1.1.2 christos "05973284973216824503042158", 2895 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2896 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2897 1.1.1.2 christos "05973284973216824503042159", 2898 1.1.1.2 christos "1" }, 2899 1.1.1.2 christos { /* between second and third iteration */ 2900 1.1.1.2 christos "8908340854353752577419678771330460827942371434853054158622636544" 2901 1.1.1.2 christos "8151360109722890949471912566649465436296659601091730745087014189" 2902 1.1.1.2 christos "2672764191218875181826063", 2903 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2904 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2905 1.1.1.2 christos "05973284973216824503042158", 2906 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2907 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2908 1.1.1.2 christos "05973284973216824503042159", 2909 1.1.1.2 christos "1" }, 2910 1.1.1.2 christos { /* between third and fourth iteration */ 2911 1.1.1.2 christos "3427446396505596330634350984901719674479522569002785244080234738" 2912 1.1.1.2 christos "4288743635435746136297299366444548736533053717416735379073185344" 2913 1.1.1.2 christos "26985272974404612945608761", 2914 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2915 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2916 1.1.1.2 christos "05973284973216824503042158", 2917 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2918 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2919 1.1.1.2 christos "05973284973216824503042159", 2920 1.1.1.2 christos "1" }, 2921 1.1.1.2 christos { /* between fourth and fifth iteration */ 2922 1.1.1.2 christos "3472743044917564564078857826111874560045331237315597383869652985" 2923 1.1.1.2 christos "6919870028890895988478351133601517365908445058405433832718206902" 2924 1.1.1.2 christos "4088133164805266956353542", 2925 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2926 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2927 1.1.1.2 christos "05973284973216824503042158", 2928 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2929 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2930 1.1.1.2 christos "05973284973216824503042159", 2931 1.1.1.2 christos "1" }, 2932 1.1.1.2 christos { /* between fifth and sixth iteration */ 2933 1.1.1.2 christos "3608632990153469264412378349742339216742409743898601587274768025" 2934 1.1.1.2 christos "0110772032985643555192767717344946174122842255204082586753499651" 2935 1.1.1.2 christos "14483434992887431333675068", 2936 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2937 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2938 1.1.1.2 christos "05973284973216824503042158", 2939 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2940 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2941 1.1.1.2 christos "05973284973216824503042159", 2942 1.1.1.2 christos "1" }, 2943 1.1.1.2 christos { /* between sixth and seventh iteration */ 2944 1.1.1.2 christos "8455374370234070242910508226941981520235709767260723212165264877" 2945 1.1.1.2 christos "8689064388017521524568434328264431772644802567028663962962025746" 2946 1.1.1.2 christos "9283458217850119569539086", 2947 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2948 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2949 1.1.1.2 christos "05973284973216824503042158", 2950 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2951 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2952 1.1.1.2 christos "05973284973216824503042159", 2953 1.1.1.2 christos "1" }, 2954 1.1.1.2 christos { /* between seventh and eighth iteration */ 2955 1.1.1.2 christos "5155371529688532178421209781159131443543419764974688878527112131" 2956 1.1.1.2 christos "7446518205609427412336183157918981038066636807317733319323257603" 2957 1.1.1.2 christos "04416292040754017461076359", 2958 1.1.1.2 christos "1005585594745694782468051874865438459560952436544429503329267108" 2959 1.1.1.2 christos "2791323022555160232601405723625177570767523893639864538140315412" 2960 1.1.1.2 christos "108959927459825236754563832", 2961 1.1.1.2 christos "1005585594745694782468051874865438459560952436544429503329267108" 2962 1.1.1.2 christos "2791323022555160232601405723625177570767523893639864538140315412" 2963 1.1.1.2 christos "108959927459825236754563833", 2964 1.1.1.2 christos "1" }, 2965 1.1.1.2 christos /* test vectors for rsaz_512_srq bug, with rcx/rbx=2 */ 2966 1.1.1.2 christos { /* between first and second iteration */ 2967 1.1.1.2 christos "3155666506033786929967309937640790361084670559125912405342594979" 2968 1.1.1.2 christos "4345142818528956285490897841406338022378565972533508820577760065" 2969 1.1.1.2 christos "58494345853302083699912572", 2970 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2971 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2972 1.1.1.2 christos "05973284973216824503042158", 2973 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2974 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2975 1.1.1.2 christos "05973284973216824503042159", 2976 1.1.1.2 christos "1" }, 2977 1.1.1.2 christos { /* between second and third iteration */ 2978 1.1.1.2 christos "3789819583801342198190405714582958759005991915505282362397087750" 2979 1.1.1.2 christos "4213544724644823098843135685133927198668818185338794377239590049" 2980 1.1.1.2 christos "41019388529192775771488319", 2981 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2982 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2983 1.1.1.2 christos "05973284973216824503042158", 2984 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2985 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2986 1.1.1.2 christos "05973284973216824503042159", 2987 1.1.1.2 christos "1" }, 2988 1.1.1.2 christos { /* between third and forth iteration */ 2989 1.1.1.2 christos "4695752552040706867080542538786056470322165281761525158189220280" 2990 1.1.1.2 christos "4025547447667484759200742764246905647644662050122968912279199065" 2991 1.1.1.2 christos "48065034299166336940507214", 2992 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2993 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2994 1.1.1.2 christos "05973284973216824503042158", 2995 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 2996 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 2997 1.1.1.2 christos "05973284973216824503042159", 2998 1.1.1.2 christos "1" }, 2999 1.1.1.2 christos { /* between forth and fifth iteration */ 3000 1.1.1.2 christos "2159140240970485794188159431017382878636879856244045329971239574" 3001 1.1.1.2 christos "8919691133560661162828034323196457386059819832804593989740268964" 3002 1.1.1.2 christos "74502911811812651475927076", 3003 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 3004 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 3005 1.1.1.2 christos "05973284973216824503042158", 3006 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 3007 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 3008 1.1.1.2 christos "05973284973216824503042159", 3009 1.1.1.2 christos "1" }, 3010 1.1.1.2 christos { /* between fifth and sixth iteration */ 3011 1.1.1.2 christos "5239312332984325668414624633307915097111691815000872662334695514" 3012 1.1.1.2 christos "5436533521392362443557163429336808208137221322444780490437871903" 3013 1.1.1.2 christos "99972784701334569424519255", 3014 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 3015 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 3016 1.1.1.2 christos "05973284973216824503042158", 3017 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 3018 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 3019 1.1.1.2 christos "05973284973216824503042159", 3020 1.1.1.2 christos "1" }, 3021 1.1.1.2 christos { /* between sixth and seventh iteration */ 3022 1.1.1.2 christos "1977953647322612860406858017869125467496941904523063466791308891" 3023 1.1.1.2 christos "1172796739058531929470539758361774569875505293428856181093904091" 3024 1.1.1.2 christos "33788264851714311303725089", 3025 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 3026 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 3027 1.1.1.2 christos "05973284973216824503042158", 3028 1.1.1.2 christos "6703903964971298549787012499102923063739682910296196688861780721" 3029 1.1.1.2 christos "8608820150367734884009371490834517138450159290932430254268769414" 3030 1.1.1.2 christos "05973284973216824503042159", 3031 1.1.1.2 christos "1" }, 3032 1.1.1.2 christos { /* between seventh and eighth iteration */ 3033 1.1.1.2 christos "6456987954117763835533395796948878140715006860263624787492985786" 3034 1.1.1.2 christos "8514630216966738305923915688821526449499763719943997120302368211" 3035 1.1.1.2 christos "04813318117996225041943964", 3036 1.1.1.2 christos "1340780792994259709957402499820584612747936582059239337772356144" 3037 1.1.1.2 christos "3721764030073546976801874298166903427690031858186486050853753882" 3038 1.1.1.2 christos "811946551499689575296532556", 3039 1.1.1.2 christos "1340780792994259709957402499820584612747936582059239337772356144" 3040 1.1.1.2 christos "3721764030073546976801874298166903427690031858186486050853753882" 3041 1.1.1.2 christos "811946551499689575296532557", 3042 1.1.1.2 christos "1" } 3043 1.1 christos }; 3044 1.1 christos 3045 1.1 christos static int test_mod_exp(int i) 3046 1.1 christos { 3047 1.1 christos const MOD_EXP_TEST *test = &ModExpTests[i]; 3048 1.1 christos int res = 0; 3049 1.1.1.2 christos BIGNUM *result = NULL; 3050 1.1 christos BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL; 3051 1.1 christos char *s = NULL; 3052 1.1 christos 3053 1.1 christos if (!TEST_ptr(result = BN_new()) 3054 1.1.1.2 christos || !TEST_true(BN_dec2bn(&base, test->base)) 3055 1.1.1.2 christos || !TEST_true(BN_dec2bn(&exponent, test->exp)) 3056 1.1.1.2 christos || !TEST_true(BN_dec2bn(&modulo, test->mod))) 3057 1.1 christos goto err; 3058 1.1 christos 3059 1.1 christos if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1)) 3060 1.1 christos goto err; 3061 1.1 christos 3062 1.1 christos if (!TEST_ptr(s = BN_bn2dec(result))) 3063 1.1 christos goto err; 3064 1.1 christos 3065 1.1 christos if (!TEST_mem_eq(s, strlen(s), test->res, strlen(test->res))) 3066 1.1 christos goto err; 3067 1.1 christos 3068 1.1 christos res = 1; 3069 1.1 christos 3070 1.1.1.2 christos err: 3071 1.1 christos OPENSSL_free(s); 3072 1.1 christos BN_free(result); 3073 1.1 christos BN_free(base); 3074 1.1 christos BN_free(exponent); 3075 1.1 christos BN_free(modulo); 3076 1.1 christos return res; 3077 1.1 christos } 3078 1.1 christos 3079 1.1 christos static int test_mod_exp_consttime(int i) 3080 1.1 christos { 3081 1.1 christos const MOD_EXP_TEST *test = &ModExpTests[i]; 3082 1.1 christos int res = 0; 3083 1.1.1.2 christos BIGNUM *result = NULL; 3084 1.1 christos BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL; 3085 1.1 christos char *s = NULL; 3086 1.1 christos 3087 1.1 christos if (!TEST_ptr(result = BN_new()) 3088 1.1.1.2 christos || !TEST_true(BN_dec2bn(&base, test->base)) 3089 1.1.1.2 christos || !TEST_true(BN_dec2bn(&exponent, test->exp)) 3090 1.1.1.2 christos || !TEST_true(BN_dec2bn(&modulo, test->mod))) 3091 1.1 christos goto err; 3092 1.1 christos 3093 1.1 christos BN_set_flags(base, BN_FLG_CONSTTIME); 3094 1.1 christos BN_set_flags(exponent, BN_FLG_CONSTTIME); 3095 1.1 christos BN_set_flags(modulo, BN_FLG_CONSTTIME); 3096 1.1 christos 3097 1.1 christos if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1)) 3098 1.1 christos goto err; 3099 1.1 christos 3100 1.1 christos if (!TEST_ptr(s = BN_bn2dec(result))) 3101 1.1 christos goto err; 3102 1.1 christos 3103 1.1 christos if (!TEST_mem_eq(s, strlen(s), test->res, strlen(test->res))) 3104 1.1 christos goto err; 3105 1.1 christos 3106 1.1 christos res = 1; 3107 1.1 christos 3108 1.1.1.2 christos err: 3109 1.1 christos OPENSSL_free(s); 3110 1.1 christos BN_free(result); 3111 1.1 christos BN_free(base); 3112 1.1 christos BN_free(exponent); 3113 1.1 christos BN_free(modulo); 3114 1.1 christos return res; 3115 1.1 christos } 3116 1.1 christos 3117 1.1 christos /* 3118 1.1 christos * Regression test to ensure BN_mod_exp2_mont fails safely if argument m is 3119 1.1 christos * zero. 3120 1.1 christos */ 3121 1.1 christos static int test_mod_exp2_mont(void) 3122 1.1 christos { 3123 1.1 christos int res = 0; 3124 1.1 christos BIGNUM *exp_result = NULL; 3125 1.1 christos BIGNUM *exp_a1 = NULL, *exp_p1 = NULL, *exp_a2 = NULL, *exp_p2 = NULL, 3126 1.1 christos *exp_m = NULL; 3127 1.1 christos 3128 1.1 christos if (!TEST_ptr(exp_result = BN_new()) 3129 1.1.1.2 christos || !TEST_ptr(exp_a1 = BN_new()) 3130 1.1.1.2 christos || !TEST_ptr(exp_p1 = BN_new()) 3131 1.1.1.2 christos || !TEST_ptr(exp_a2 = BN_new()) 3132 1.1.1.2 christos || !TEST_ptr(exp_p2 = BN_new()) 3133 1.1.1.2 christos || !TEST_ptr(exp_m = BN_new())) 3134 1.1 christos goto err; 3135 1.1 christos 3136 1.1 christos if (!TEST_true(BN_one(exp_a1)) 3137 1.1.1.2 christos || !TEST_true(BN_one(exp_p1)) 3138 1.1.1.2 christos || !TEST_true(BN_one(exp_a2)) 3139 1.1.1.2 christos || !TEST_true(BN_one(exp_p2))) 3140 1.1 christos goto err; 3141 1.1 christos 3142 1.1 christos BN_zero(exp_m); 3143 1.1 christos 3144 1.1 christos /* input of 0 is even, so must fail */ 3145 1.1 christos if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2, 3146 1.1.1.2 christos exp_p2, exp_m, ctx, NULL), 3147 1.1.1.2 christos 0)) 3148 1.1 christos goto err; 3149 1.1 christos 3150 1.1 christos res = 1; 3151 1.1 christos 3152 1.1 christos err: 3153 1.1 christos BN_free(exp_result); 3154 1.1 christos BN_free(exp_a1); 3155 1.1 christos BN_free(exp_p1); 3156 1.1 christos BN_free(exp_a2); 3157 1.1 christos BN_free(exp_p2); 3158 1.1 christos BN_free(exp_m); 3159 1.1 christos return res; 3160 1.1 christos } 3161 1.1 christos 3162 1.1 christos static int test_mod_inverse(void) 3163 1.1 christos { 3164 1.1 christos int res = 0; 3165 1.1 christos char *str = NULL; 3166 1.1 christos BIGNUM *a = NULL; 3167 1.1 christos BIGNUM *b = NULL; 3168 1.1 christos BIGNUM *r = NULL; 3169 1.1 christos 3170 1.1 christos if (!TEST_true(BN_dec2bn(&a, "5193817943"))) 3171 1.1 christos goto err; 3172 1.1 christos if (!TEST_true(BN_dec2bn(&b, "3259122431"))) 3173 1.1 christos goto err; 3174 1.1 christos if (!TEST_ptr(r = BN_new())) 3175 1.1 christos goto err; 3176 1.1 christos if (!TEST_ptr_eq(BN_mod_inverse(r, a, b, ctx), r)) 3177 1.1 christos goto err; 3178 1.1 christos if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) 3179 1.1 christos goto err; 3180 1.1 christos if (!TEST_int_eq(strcmp(str, "2609653924"), 0)) 3181 1.1 christos goto err; 3182 1.1 christos 3183 1.1 christos /* Note that this aliases the result with the modulus. */ 3184 1.1 christos if (!TEST_ptr_null(BN_mod_inverse(b, a, b, ctx))) 3185 1.1 christos goto err; 3186 1.1 christos 3187 1.1 christos res = 1; 3188 1.1 christos 3189 1.1 christos err: 3190 1.1 christos BN_free(a); 3191 1.1 christos BN_free(b); 3192 1.1 christos BN_free(r); 3193 1.1 christos OPENSSL_free(str); 3194 1.1 christos return res; 3195 1.1 christos } 3196 1.1 christos 3197 1.1 christos static int test_mod_exp_alias(int idx) 3198 1.1 christos { 3199 1.1 christos int res = 0; 3200 1.1 christos char *str = NULL; 3201 1.1 christos BIGNUM *a = NULL; 3202 1.1 christos BIGNUM *b = NULL; 3203 1.1 christos BIGNUM *c = NULL; 3204 1.1 christos BIGNUM *r = NULL; 3205 1.1 christos 3206 1.1 christos if (!TEST_true(BN_dec2bn(&a, "15"))) 3207 1.1 christos goto err; 3208 1.1 christos if (!TEST_true(BN_dec2bn(&b, "10"))) 3209 1.1 christos goto err; 3210 1.1 christos if (!TEST_true(BN_dec2bn(&c, "39"))) 3211 1.1 christos goto err; 3212 1.1 christos if (!TEST_ptr(r = BN_new())) 3213 1.1 christos goto err; 3214 1.1 christos 3215 1.1 christos if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple 3216 1.1.1.2 christos : BN_mod_exp_recp)(r, a, b, c, ctx), 3217 1.1.1.2 christos 1)) 3218 1.1 christos goto err; 3219 1.1 christos if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) 3220 1.1 christos goto err; 3221 1.1 christos if (!TEST_str_eq(str, "36")) 3222 1.1 christos goto err; 3223 1.1 christos 3224 1.1 christos OPENSSL_free(str); 3225 1.1 christos str = NULL; 3226 1.1 christos 3227 1.1 christos BN_copy(r, b); 3228 1.1 christos 3229 1.1 christos /* Aliasing with exponent must work. */ 3230 1.1 christos if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple 3231 1.1.1.2 christos : BN_mod_exp_recp)(r, a, r, c, ctx), 3232 1.1.1.2 christos 1)) 3233 1.1 christos goto err; 3234 1.1 christos if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) 3235 1.1 christos goto err; 3236 1.1 christos if (!TEST_str_eq(str, "36")) 3237 1.1 christos goto err; 3238 1.1 christos 3239 1.1 christos OPENSSL_free(str); 3240 1.1 christos str = NULL; 3241 1.1 christos 3242 1.1 christos /* Aliasing with modulus should return failure for the simple call. */ 3243 1.1 christos if (idx == 0) { 3244 1.1 christos if (!TEST_int_eq(BN_mod_exp_simple(c, a, b, c, ctx), 0)) 3245 1.1 christos goto err; 3246 1.1 christos } else { 3247 1.1 christos if (!TEST_int_eq(BN_mod_exp_recp(c, a, b, c, ctx), 1)) 3248 1.1 christos goto err; 3249 1.1 christos if (!TEST_ptr_ne(str = BN_bn2dec(c), NULL)) 3250 1.1 christos goto err; 3251 1.1 christos if (!TEST_str_eq(str, "36")) 3252 1.1 christos goto err; 3253 1.1 christos } 3254 1.1 christos 3255 1.1 christos res = 1; 3256 1.1 christos 3257 1.1 christos err: 3258 1.1 christos BN_free(a); 3259 1.1 christos BN_free(b); 3260 1.1 christos BN_free(c); 3261 1.1 christos BN_free(r); 3262 1.1 christos OPENSSL_free(str); 3263 1.1 christos return res; 3264 1.1 christos } 3265 1.1 christos 3266 1.1 christos static int file_test_run(STANZA *s) 3267 1.1 christos { 3268 1.1 christos static const FILETEST filetests[] = { 3269 1.1.1.2 christos { "Sum", file_sum }, 3270 1.1.1.2 christos { "LShift1", file_lshift1 }, 3271 1.1.1.2 christos { "LShift", file_lshift }, 3272 1.1.1.2 christos { "RShift", file_rshift }, 3273 1.1.1.2 christos { "Square", file_square }, 3274 1.1.1.2 christos { "Product", file_product }, 3275 1.1.1.2 christos { "Quotient", file_quotient }, 3276 1.1.1.2 christos { "ModMul", file_modmul }, 3277 1.1.1.2 christos { "ModExp", file_modexp }, 3278 1.1.1.2 christos { "Exp", file_exp }, 3279 1.1.1.2 christos { "ModSqrt", file_modsqrt }, 3280 1.1.1.2 christos { "GCD", file_gcd }, 3281 1.1 christos }; 3282 1.1 christos int numtests = OSSL_NELEM(filetests); 3283 1.1 christos const FILETEST *tp = filetests; 3284 1.1 christos 3285 1.1.1.2 christos for (; --numtests >= 0; tp++) { 3286 1.1 christos if (findattr(s, tp->name) != NULL) { 3287 1.1 christos if (!tp->func(s)) { 3288 1.1 christos TEST_info("%s:%d: Failed %s test", 3289 1.1.1.2 christos s->test_file, s->start, tp->name); 3290 1.1 christos return 0; 3291 1.1 christos } 3292 1.1 christos return 1; 3293 1.1 christos } 3294 1.1 christos } 3295 1.1 christos TEST_info("%s:%d: Unknown test", s->test_file, s->start); 3296 1.1 christos return 0; 3297 1.1 christos } 3298 1.1 christos 3299 1.1 christos static int run_file_tests(int i) 3300 1.1 christos { 3301 1.1 christos STANZA *s = NULL; 3302 1.1 christos char *testfile = test_get_argument(i); 3303 1.1 christos int c; 3304 1.1 christos 3305 1.1 christos if (!TEST_ptr(s = OPENSSL_zalloc(sizeof(*s)))) 3306 1.1 christos return 0; 3307 1.1 christos if (!test_start_file(s, testfile)) { 3308 1.1 christos OPENSSL_free(s); 3309 1.1 christos return 0; 3310 1.1 christos } 3311 1.1 christos 3312 1.1 christos /* Read test file. */ 3313 1.1 christos while (!BIO_eof(s->fp) && test_readstanza(s)) { 3314 1.1 christos if (s->numpairs == 0) 3315 1.1 christos continue; 3316 1.1 christos if (!file_test_run(s)) 3317 1.1 christos s->errors++; 3318 1.1 christos s->numtests++; 3319 1.1 christos test_clearstanza(s); 3320 1.1 christos } 3321 1.1 christos test_end_file(s); 3322 1.1 christos c = s->errors; 3323 1.1 christos OPENSSL_free(s); 3324 1.1 christos 3325 1.1 christos return c == 0; 3326 1.1 christos } 3327 1.1 christos 3328 1.1 christos typedef enum OPTION_choice { 3329 1.1 christos OPT_ERR = -1, 3330 1.1 christos OPT_EOF = 0, 3331 1.1 christos OPT_STOCHASTIC_TESTS, 3332 1.1 christos OPT_TEST_ENUM 3333 1.1 christos } OPTION_CHOICE; 3334 1.1 christos 3335 1.1 christos const OPTIONS *test_get_options(void) 3336 1.1 christos { 3337 1.1 christos static const OPTIONS test_options[] = { 3338 1.1 christos OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), 3339 1.1 christos { "stochastic", OPT_STOCHASTIC_TESTS, '-', "Run stochastic tests" }, 3340 1.1 christos { OPT_HELP_STR, 1, '-', 3341 1.1.1.2 christos "file\tFile to run tests on. Normal tests are not run\n" }, 3342 1.1 christos { NULL } 3343 1.1 christos }; 3344 1.1 christos return test_options; 3345 1.1 christos } 3346 1.1 christos 3347 1.1 christos int setup_tests(void) 3348 1.1 christos { 3349 1.1 christos OPTION_CHOICE o; 3350 1.1 christos int n, stochastic = 0; 3351 1.1 christos 3352 1.1 christos while ((o = opt_next()) != OPT_EOF) { 3353 1.1 christos switch (o) { 3354 1.1 christos case OPT_STOCHASTIC_TESTS: 3355 1.1 christos stochastic = 1; 3356 1.1 christos break; 3357 1.1 christos case OPT_TEST_CASES: 3358 1.1.1.2 christos break; 3359 1.1 christos default: 3360 1.1 christos case OPT_ERR: 3361 1.1 christos return 0; 3362 1.1 christos } 3363 1.1 christos } 3364 1.1.1.2 christos n = test_get_argument_count(); 3365 1.1 christos 3366 1.1 christos if (!TEST_ptr(ctx = BN_CTX_new())) 3367 1.1 christos return 0; 3368 1.1 christos 3369 1.1 christos if (n == 0) { 3370 1.1 christos ADD_TEST(test_sub); 3371 1.1 christos ADD_TEST(test_div_recip); 3372 1.1 christos ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests)); 3373 1.1 christos ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests)); 3374 1.1 christos ADD_TEST(test_mod); 3375 1.1 christos ADD_TEST(test_mod_inverse); 3376 1.1 christos ADD_ALL_TESTS(test_mod_exp_alias, 2); 3377 1.1 christos ADD_TEST(test_modexp_mont5); 3378 1.1 christos ADD_TEST(test_kronecker); 3379 1.1 christos ADD_TEST(test_rand); 3380 1.1 christos ADD_TEST(test_bn2padded); 3381 1.1 christos ADD_TEST(test_dec2bn); 3382 1.1 christos ADD_TEST(test_hex2bn); 3383 1.1 christos ADD_TEST(test_asc2bn); 3384 1.1 christos ADD_TEST(test_bin2zero); 3385 1.1 christos ADD_TEST(test_bin2bn_lengths); 3386 1.1 christos ADD_ALL_TESTS(test_mpi, (int)OSSL_NELEM(kMPITests)); 3387 1.1 christos ADD_ALL_TESTS(test_bn2signed, (int)OSSL_NELEM(kSignedTests_BE)); 3388 1.1 christos ADD_TEST(test_negzero); 3389 1.1 christos ADD_TEST(test_badmod); 3390 1.1 christos ADD_TEST(test_expmodzero); 3391 1.1 christos ADD_TEST(test_expmodone); 3392 1.1 christos ADD_ALL_TESTS(test_smallprime, 16); 3393 1.1 christos ADD_ALL_TESTS(test_smallsafeprime, 16); 3394 1.1 christos ADD_TEST(test_swap); 3395 1.1 christos ADD_TEST(test_ctx_consttime_flag); 3396 1.1 christos #ifndef OPENSSL_NO_EC2M 3397 1.1 christos ADD_TEST(test_gf2m_add); 3398 1.1 christos ADD_TEST(test_gf2m_mod); 3399 1.1 christos ADD_TEST(test_gf2m_mul); 3400 1.1 christos ADD_TEST(test_gf2m_sqr); 3401 1.1 christos ADD_TEST(test_gf2m_modinv); 3402 1.1 christos ADD_TEST(test_gf2m_moddiv); 3403 1.1 christos ADD_TEST(test_gf2m_modexp); 3404 1.1 christos ADD_TEST(test_gf2m_modsqrt); 3405 1.1 christos ADD_TEST(test_gf2m_modsolvequad); 3406 1.1 christos #endif 3407 1.1 christos ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); 3408 1.1 christos ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); 3409 1.1 christos ADD_TEST(test_gcd_prime); 3410 1.1 christos ADD_TEST(test_coprime); 3411 1.1 christos ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests)); 3412 1.1 christos ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests)); 3413 1.1 christos ADD_TEST(test_mod_exp2_mont); 3414 1.1 christos if (stochastic) 3415 1.1 christos ADD_TEST(test_rand_range); 3416 1.1 christos } else { 3417 1.1 christos ADD_ALL_TESTS(run_file_tests, n); 3418 1.1 christos } 3419 1.1 christos return 1; 3420 1.1 christos } 3421 1.1 christos 3422 1.1 christos void cleanup_tests(void) 3423 1.1 christos { 3424 1.1 christos BN_CTX_free(ctx); 3425 1.1 christos } 3426
Indexes created Sun Mar 01 05:31:48 UTC 2026