]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/bn/bntest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove unused BIGNUMs.
[thirdparty/openssl.git] / crypto / bn / bntest.c
CommitLineData
d02b48c6 1/* crypto/bn/bntest.c */
58964a49 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6
RE		 3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
1dc920c8
BM		 58/* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
60 *
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
63 *
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
66 *
1dc920c8
BM		 67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
69 *
70 */
d02b48c6 71
e9224c71
GT		 72/* Until the key-gen callbacks are modified to use newer prototypes, we allow
73 * deprecated functions for openssl-internal code */
74#ifdef OPENSSL_NO_DEPRECATED
75#undef OPENSSL_NO_DEPRECATED
76#endif
77
d02b48c6
RE		 78#include <stdio.h>
79#include <stdlib.h>
80#include <string.h>
17e3dd1c 81
41d2a336 82#include "e_os.h"
17e3dd1c 83
ec577822
BM		 84#include <openssl/bio.h>
85#include <openssl/bn.h>
86#include <openssl/rand.h>
87#include <openssl/x509.h>
88#include <openssl/err.h>
d02b48c6 89
f07fb9b2
DSH		 90const int num0 = 100; /* number of tests */
91const int num1 = 50; /* additional tests for some functions */
92const int num2 = 5; /* number of tests for slow functions */
cae55bfc 93
dfeab068
RE		 94int test_add(BIO *bp);
95int test_sub(BIO *bp);
96int test_lshift1(BIO *bp);
4da88a8d 97int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
dfeab068 98int test_rshift1(BIO *bp);
62bad771 99int test_rshift(BIO *bp,BN_CTX *ctx);
dfeab068 100int test_div(BIO *bp,BN_CTX *ctx);
cf9056cf 101int test_div_word(BIO *bp);
dfeab068
RE		 102int test_div_recp(BIO *bp,BN_CTX *ctx);
103int test_mul(BIO *bp);
104int test_sqr(BIO *bp,BN_CTX *ctx);
105int test_mont(BIO *bp,BN_CTX *ctx);
106int test_mod(BIO *bp,BN_CTX *ctx);
107int test_mod_mul(BIO *bp,BN_CTX *ctx);
108int test_mod_exp(BIO *bp,BN_CTX *ctx);
46a64376 109int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
cdfe0fdd 110int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
a0a54079 111int test_exp(BIO *bp,BN_CTX *ctx);
1dc920c8
BM		 112int test_gf2m_add(BIO *bp);
113int test_gf2m_mod(BIO *bp);
114int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
115int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
116int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
117int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
118int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
119int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
120int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
c7820896 121int test_kron(BIO *bp,BN_CTX *ctx);
cd2eebfd 122int test_sqrt(BIO *bp,BN_CTX *ctx);
96a4c31b 123int test_small_prime(BIO *bp,BN_CTX *ctx);
d02b48c6 124int rand_neg(void);
d02b48c6
RE		 125static int results=0;
126
b25c8db8 127static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
4da88a8d
BL		 128"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
129
0c50e02b
BM		 130static const char rnd_seed[] = "string to make the random number generator think it has entropy";
131
667ac4ec 132static void message(BIO *out, char *m)
cae55bfc
UM		 133 {
134 fprintf(stderr, "test %s\n", m);
cae55bfc
UM		 135 BIO_puts(out, "print \"test ");
136 BIO_puts(out, m);
137 BIO_puts(out, "\\n\"\n");
cae55bfc
UM		 138 }
139
6b691a5c 140int main(int argc, char *argv[])
d02b48c6
RE		 141 {
142 BN_CTX *ctx;
143 BIO *out;
144 char *outfile=NULL;
145
79875776
BM		 146 results = 0;
147
111482cf 148 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
0c50e02b 149
d02b48c6
RE		 150 argc--;
151 argv++;
152 while (argc >= 1)
153 {
154 if (strcmp(*argv,"-results") == 0)
155 results=1;
156 else if (strcmp(*argv,"-out") == 0)
157 {
158 if (--argc < 1) break;
159 outfile= *(++argv);
160 }
161 argc--;
162 argv++;
163 }
164
165
166 ctx=BN_CTX_new();
55f78baf 167 if (ctx == NULL) EXIT(1);
d02b48c6
RE		 168
169 out=BIO_new(BIO_s_file());
55f78baf 170 if (out == NULL) EXIT(1);
d02b48c6
RE		 171 if (outfile == NULL)
172 {
173 BIO_set_fp(out,stdout,BIO_NOCLOSE);
174 }
175 else
176 {
177 if (!BIO_write_filename(out,outfile))
178 {
179 perror(outfile);
55f78baf 180 EXIT(1);
d02b48c6
RE		 181 }
182 }
183
184 if (!results)
185 BIO_puts(out,"obase=16\nibase=16\n");
186
cae55bfc 187 message(out,"BN_add");
d02b48c6 188 if (!test_add(out)) goto err;
710069c1 189 (void)BIO_flush(out);
d02b48c6 190
cae55bfc 191 message(out,"BN_sub");
d02b48c6 192 if (!test_sub(out)) goto err;
710069c1 193 (void)BIO_flush(out);
d02b48c6 194
cae55bfc 195 message(out,"BN_lshift1");
d02b48c6 196 if (!test_lshift1(out)) goto err;
710069c1 197 (void)BIO_flush(out);
d02b48c6 198
cae55bfc 199 message(out,"BN_lshift (fixed)");
b25c8db8 200 if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
4da88a8d 201 goto err;
710069c1 202 (void)BIO_flush(out);
4da88a8d 203
cae55bfc 204 message(out,"BN_lshift");
4da88a8d 205 if (!test_lshift(out,ctx,NULL)) goto err;
710069c1 206 (void)BIO_flush(out);
d02b48c6 207
cae55bfc 208 message(out,"BN_rshift1");
d02b48c6 209 if (!test_rshift1(out)) goto err;
710069c1 210 (void)BIO_flush(out);
d02b48c6 211
cae55bfc 212 message(out,"BN_rshift");
62bad771 213 if (!test_rshift(out,ctx)) goto err;
710069c1 214 (void)BIO_flush(out);
d02b48c6 215
cae55bfc 216 message(out,"BN_sqr");
58964a49 217 if (!test_sqr(out,ctx)) goto err;
710069c1 218 (void)BIO_flush(out);
d02b48c6 219
cae55bfc 220 message(out,"BN_mul");
d02b48c6 221 if (!test_mul(out)) goto err;
710069c1 222 (void)BIO_flush(out);
d02b48c6 223
cae55bfc 224 message(out,"BN_div");
58964a49 225 if (!test_div(out,ctx)) goto err;
710069c1 226 (void)BIO_flush(out);
58964a49 227
cf9056cf
GT		 228 message(out,"BN_div_word");
229 if (!test_div_word(out)) goto err;
710069c1 230 (void)BIO_flush(out);
cf9056cf 231
cae55bfc 232 message(out,"BN_div_recp");
dfeab068 233 if (!test_div_recp(out,ctx)) goto err;
710069c1 234 (void)BIO_flush(out);
dfeab068 235
cae55bfc 236 message(out,"BN_mod");
58964a49 237 if (!test_mod(out,ctx)) goto err;
710069c1 238 (void)BIO_flush(out);
d02b48c6 239
cae55bfc 240 message(out,"BN_mod_mul");
d02b48c6 241 if (!test_mod_mul(out,ctx)) goto err;
710069c1 242 (void)BIO_flush(out);
d02b48c6 243
cae55bfc 244 message(out,"BN_mont");
d02b48c6 245 if (!test_mont(out,ctx)) goto err;
710069c1 246 (void)BIO_flush(out);
6e0cad8d 247
cae55bfc 248 message(out,"BN_mod_exp");
d02b48c6 249 if (!test_mod_exp(out,ctx)) goto err;
710069c1 250 (void)BIO_flush(out);
d02b48c6 251
46a64376
BM		 252 message(out,"BN_mod_exp_mont_consttime");
253 if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
cdfe0fdd 254 if (!test_mod_exp_mont5(out,ctx)) goto err;
710069c1 255 (void)BIO_flush(out);
46a64376 256
cae55bfc 257 message(out,"BN_exp");
a0a54079 258 if (!test_exp(out,ctx)) goto err;
710069c1 259 (void)BIO_flush(out);
a0a54079 260
5af7d1a3
BM		 261 message(out,"BN_kronecker");
262 if (!test_kron(out,ctx)) goto err;
710069c1 263 (void)BIO_flush(out);
5af7d1a3
BM		 264
265 message(out,"BN_mod_sqrt");
266 if (!test_sqrt(out,ctx)) goto err;
710069c1 267 (void)BIO_flush(out);
96a4c31b
AL		 268
269 message(out,"Small prime generation");
270 if (!test_small_prime(out,ctx)) goto err;
271 (void)BIO_flush(out);
272
b3310161 273#ifndef OPENSSL_NO_EC2M
1dc920c8
BM		 274 message(out,"BN_GF2m_add");
275 if (!test_gf2m_add(out)) goto err;
710069c1 276 (void)BIO_flush(out);
1dc920c8
BM		 277
278 message(out,"BN_GF2m_mod");
279 if (!test_gf2m_mod(out)) goto err;
710069c1 280 (void)BIO_flush(out);
1dc920c8
BM		 281
282 message(out,"BN_GF2m_mod_mul");
283 if (!test_gf2m_mod_mul(out,ctx)) goto err;
710069c1 284 (void)BIO_flush(out);
1dc920c8
BM		 285
286 message(out,"BN_GF2m_mod_sqr");
287 if (!test_gf2m_mod_sqr(out,ctx)) goto err;
710069c1 288 (void)BIO_flush(out);
1dc920c8
BM		 289
290 message(out,"BN_GF2m_mod_inv");
291 if (!test_gf2m_mod_inv(out,ctx)) goto err;
710069c1 292 (void)BIO_flush(out);
1dc920c8
BM		 293
294 message(out,"BN_GF2m_mod_div");
295 if (!test_gf2m_mod_div(out,ctx)) goto err;
710069c1 296 (void)BIO_flush(out);
1dc920c8
BM		 297
298 message(out,"BN_GF2m_mod_exp");
299 if (!test_gf2m_mod_exp(out,ctx)) goto err;
710069c1 300 (void)BIO_flush(out);
1dc920c8
BM		 301
302 message(out,"BN_GF2m_mod_sqrt");
303 if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
710069c1 304 (void)BIO_flush(out);
1dc920c8
BM		 305
306 message(out,"BN_GF2m_mod_solve_quad");
307 if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
710069c1 308 (void)BIO_flush(out);
b3310161 309#endif
79875776
BM		 310 BN_CTX_free(ctx);
311 BIO_free(out);
312
d02b48c6 313/**/
55f78baf 314 EXIT(0);
d02b48c6 315err:
df83eeb7
BM		 316 BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
317 * the failure, see test_bn in test/Makefile.ssl*/
710069c1 318 (void)BIO_flush(out);
d02b48c6 319 ERR_load_crypto_strings();
cae55bfc 320 ERR_print_errors_fp(stderr);
55f78baf 321 EXIT(1);
d02b48c6
RE		 322 return(1);
323 }
324
6b691a5c 325int test_add(BIO *bp)
d02b48c6 326 {
dfeab068 327 BIGNUM a,b,c;
d02b48c6 328 int i;
d02b48c6 329
dfeab068
RE		 330 BN_init(&a);
331 BN_init(&b);
332 BN_init(&c);
d02b48c6 333
111482cf 334 BN_bntest_rand(&a,512,0,0);
cae55bfc 335 for (i=0; i<num0; i++)
d02b48c6 336 {
111482cf 337 BN_bntest_rand(&b,450+i,0,0);
dfeab068
RE		 338 a.neg=rand_neg();
339 b.neg=rand_neg();
dfeab068 340 BN_add(&c,&a,&b);
d02b48c6
RE		 341 if (bp != NULL)
342 {
343 if (!results)
344 {
dfeab068 345 BN_print(bp,&a);
d02b48c6 346 BIO_puts(bp," + ");
dfeab068 347 BN_print(bp,&b);
d02b48c6
RE		 348 BIO_puts(bp," - ");
349 }
dfeab068 350 BN_print(bp,&c);
d02b48c6
RE		 351 BIO_puts(bp,"\n");
352 }
62bad771
BL		 353 a.neg=!a.neg;
354 b.neg=!b.neg;
355 BN_add(&c,&c,&b);
356 BN_add(&c,&c,&a);
357 if(!BN_is_zero(&c))
358 {
cae55bfc 359 fprintf(stderr,"Add test failed!\n");
62bad771
BL		 360 return 0;
361 }
d02b48c6 362 }
dfeab068
RE		 363 BN_free(&a);
364 BN_free(&b);
365 BN_free(&c);
d02b48c6
RE		 366 return(1);
367 }
368
6b691a5c 369int test_sub(BIO *bp)
d02b48c6 370 {
dfeab068 371 BIGNUM a,b,c;
d02b48c6 372 int i;
d02b48c6 373
dfeab068
RE		 374 BN_init(&a);
375 BN_init(&b);
376 BN_init(&c);
d02b48c6 377
cae55bfc 378 for (i=0; i<num0+num1; i++)
d02b48c6 379 {
cae55bfc
UM		 380 if (i < num1)
381 {
111482cf 382 BN_bntest_rand(&a,512,0,0);
cae55bfc
UM		 383 BN_copy(&b,&a);
384 if (BN_set_bit(&a,i)==0) return(0);
385 BN_add_word(&b,i);
386 }
387 else
388 {
111482cf 389 BN_bntest_rand(&b,400+i-num1,0,0);
cae55bfc
UM		 390 a.neg=rand_neg();
391 b.neg=rand_neg();
392 }
dfeab068 393 BN_sub(&c,&a,&b);
d02b48c6
RE		 394 if (bp != NULL)
395 {
396 if (!results)
397 {
dfeab068 398 BN_print(bp,&a);
d02b48c6 399 BIO_puts(bp," - ");
dfeab068 400 BN_print(bp,&b);
d02b48c6
RE		 401 BIO_puts(bp," - ");
402 }
dfeab068 403 BN_print(bp,&c);
d02b48c6
RE		 404 BIO_puts(bp,"\n");
405 }
62bad771
BL		 406 BN_add(&c,&c,&b);
407 BN_sub(&c,&c,&a);
408 if(!BN_is_zero(&c))
409 {
cae55bfc 410 fprintf(stderr,"Subtract test failed!\n");
62bad771
BL		 411 return 0;
412 }
d02b48c6 413 }
dfeab068
RE		 414 BN_free(&a);
415 BN_free(&b);
416 BN_free(&c);
d02b48c6
RE		 417 return(1);
418 }
419
6b691a5c 420int test_div(BIO *bp, BN_CTX *ctx)
d02b48c6 421 {
62bad771 422 BIGNUM a,b,c,d,e;
d02b48c6 423 int i;
d02b48c6 424
dfeab068
RE		 425 BN_init(&a);
426 BN_init(&b);
427 BN_init(&c);
428 BN_init(&d);
62bad771 429 BN_init(&e);
d02b48c6 430
cae55bfc 431 for (i=0; i<num0+num1; i++)
d02b48c6 432 {
cae55bfc
UM		 433 if (i < num1)
434 {
111482cf 435 BN_bntest_rand(&a,400,0,0);
cae55bfc
UM		 436 BN_copy(&b,&a);
437 BN_lshift(&a,&a,i);
438 BN_add_word(&a,i);
439 }
440 else
111482cf 441 BN_bntest_rand(&b,50+3*(i-num1),0,0);
dfeab068
RE		 442 a.neg=rand_neg();
443 b.neg=rand_neg();
dfeab068 444 BN_div(&d,&c,&a,&b,ctx);
d02b48c6
RE		 445 if (bp != NULL)
446 {
447 if (!results)
448 {
dfeab068 449 BN_print(bp,&a);
d02b48c6 450 BIO_puts(bp," / ");
dfeab068 451 BN_print(bp,&b);
d02b48c6
RE		 452 BIO_puts(bp," - ");
453 }
dfeab068 454 BN_print(bp,&d);
d02b48c6
RE		 455 BIO_puts(bp,"\n");
456
457 if (!results)
458 {
dfeab068 459 BN_print(bp,&a);
d02b48c6 460 BIO_puts(bp," % ");
dfeab068 461 BN_print(bp,&b);
d02b48c6
RE		 462 BIO_puts(bp," - ");
463 }
dfeab068 464 BN_print(bp,&c);
d02b48c6
RE		 465 BIO_puts(bp,"\n");
466 }
62bad771
BL		 467 BN_mul(&e,&d,&b,ctx);
468 BN_add(&d,&e,&c);
469 BN_sub(&d,&d,&a);
470 if(!BN_is_zero(&d))
471 {
cae55bfc 472 fprintf(stderr,"Division test failed!\n");
62bad771
BL		 473 return 0;
474 }
d02b48c6 475 }
dfeab068
RE		 476 BN_free(&a);
477 BN_free(&b);
478 BN_free(&c);
479 BN_free(&d);
62bad771 480 BN_free(&e);
dfeab068
RE		 481 return(1);
482 }
483
8169dd73
AP		 484static void print_word(BIO *bp,BN_ULONG w)
485 {
486#ifdef SIXTY_FOUR_BIT
487 if (sizeof(w) > sizeof(unsigned long))
488 {
489 unsigned long h=(unsigned long)(w>>32),
490 l=(unsigned long)(w);
491
492 if (h) BIO_printf(bp,"%lX%08lX",h,l);
493 else BIO_printf(bp,"%lX",l);
494 return;
495 }
496#endif
4a47f556 497 BIO_printf(bp,BN_HEX_FMT1,w);
8169dd73
AP		 498 }
499
cf9056cf
GT		 500int test_div_word(BIO *bp)
501 {
502 BIGNUM a,b;
503 BN_ULONG r,s;
504 int i;
505
506 BN_init(&a);
507 BN_init(&b);
508
509 for (i=0; i<num0; i++)
510 {
511 do {
512 BN_bntest_rand(&a,512,-1,0);
513 BN_bntest_rand(&b,BN_BITS2,-1,0);
514 s = b.d[0];
515 } while (!s);
516
517 BN_copy(&b, &a);
518 r = BN_div_word(&b, s);
519
520 if (bp != NULL)
521 {
522 if (!results)
523 {
524 BN_print(bp,&a);
525 BIO_puts(bp," / ");
8169dd73 526 print_word(bp,s);
cf9056cf
GT		 527 BIO_puts(bp," - ");
528 }
529 BN_print(bp,&b);
530 BIO_puts(bp,"\n");
531
532 if (!results)
533 {
534 BN_print(bp,&a);
535 BIO_puts(bp," % ");
8169dd73 536 print_word(bp,s);
cf9056cf
GT		 537 BIO_puts(bp," - ");
538 }
8169dd73 539 print_word(bp,r);
cf9056cf
GT		 540 BIO_puts(bp,"\n");
541 }
542 BN_mul_word(&b,s);
543 BN_add_word(&b,r);
544 BN_sub(&b,&a,&b);
545 if(!BN_is_zero(&b))
546 {
547 fprintf(stderr,"Division (word) test failed!\n");
548 return 0;
549 }
550 }
551 BN_free(&a);
552 BN_free(&b);
553 return(1);
554 }
555
6b691a5c 556int test_div_recp(BIO *bp, BN_CTX *ctx)
dfeab068 557 {
62bad771 558 BIGNUM a,b,c,d,e;
dfeab068
RE		 559 BN_RECP_CTX recp;
560 int i;
dfeab068
RE		 561
562 BN_RECP_CTX_init(&recp);
563 BN_init(&a);
564 BN_init(&b);
565 BN_init(&c);
566 BN_init(&d);
62bad771 567 BN_init(&e);
dfeab068 568
cae55bfc 569 for (i=0; i<num0+num1; i++)
dfeab068 570 {
cae55bfc
UM		 571 if (i < num1)
572 {
111482cf 573 BN_bntest_rand(&a,400,0,0);
cae55bfc
UM		 574 BN_copy(&b,&a);
575 BN_lshift(&a,&a,i);
576 BN_add_word(&a,i);
577 }
578 else
111482cf 579 BN_bntest_rand(&b,50+3*(i-num1),0,0);
dfeab068
RE		 580 a.neg=rand_neg();
581 b.neg=rand_neg();
582 BN_RECP_CTX_set(&recp,&b,ctx);
dfeab068
RE		 583 BN_div_recp(&d,&c,&a,&recp,ctx);
584 if (bp != NULL)
585 {
586 if (!results)
587 {
588 BN_print(bp,&a);
589 BIO_puts(bp," / ");
590 BN_print(bp,&b);
591 BIO_puts(bp," - ");
592 }
593 BN_print(bp,&d);
594 BIO_puts(bp,"\n");
595
596 if (!results)
597 {
598 BN_print(bp,&a);
599 BIO_puts(bp," % ");
600 BN_print(bp,&b);
601 BIO_puts(bp," - ");
602 }
603 BN_print(bp,&c);
604 BIO_puts(bp,"\n");
605 }
62bad771
BL		 606 BN_mul(&e,&d,&b,ctx);
607 BN_add(&d,&e,&c);
608 BN_sub(&d,&d,&a);
609 if(!BN_is_zero(&d))
610 {
cae55bfc
UM		 611 fprintf(stderr,"Reciprocal division test failed!\n");
612 fprintf(stderr,"a=");
613 BN_print_fp(stderr,&a);
614 fprintf(stderr,"\nb=");
615 BN_print_fp(stderr,&b);
616 fprintf(stderr,"\n");
62bad771
BL		 617 return 0;
618 }
dfeab068
RE		 619 }
620 BN_free(&a);
621 BN_free(&b);
622 BN_free(&c);
623 BN_free(&d);
62bad771 624 BN_free(&e);
dfeab068 625 BN_RECP_CTX_free(&recp);
d02b48c6
RE		 626 return(1);
627 }
628
6b691a5c 629int test_mul(BIO *bp)
d02b48c6 630 {
62bad771 631 BIGNUM a,b,c,d,e;
d02b48c6 632 int i;
c62b26fd 633 BN_CTX *ctx;
d02b48c6 634
c62b26fd 635 ctx = BN_CTX_new();
55f78baf 636 if (ctx == NULL) EXIT(1);
c62b26fd 637
dfeab068
RE		 638 BN_init(&a);
639 BN_init(&b);
640 BN_init(&c);
62bad771
BL		 641 BN_init(&d);
642 BN_init(&e);
d02b48c6 643
cae55bfc 644 for (i=0; i<num0+num1; i++)
d02b48c6 645 {
587bb0e0 646 if (i <= num1)
cae55bfc 647 {
111482cf
UM		 648 BN_bntest_rand(&a,100,0,0);
649 BN_bntest_rand(&b,100,0,0);
cae55bfc
UM		 650 }
651 else
111482cf 652 BN_bntest_rand(&b,i-num1,0,0);
dfeab068
RE		 653 a.neg=rand_neg();
654 b.neg=rand_neg();
c62b26fd 655 BN_mul(&c,&a,&b,ctx);
d02b48c6
RE		 656 if (bp != NULL)
657 {
658 if (!results)
659 {
dfeab068 660 BN_print(bp,&a);
d02b48c6 661 BIO_puts(bp," * ");
dfeab068 662 BN_print(bp,&b);
d02b48c6
RE		 663 BIO_puts(bp," - ");
664 }
dfeab068 665 BN_print(bp,&c);
d02b48c6
RE		 666 BIO_puts(bp,"\n");
667 }
c62b26fd 668 BN_div(&d,&e,&c,&a,ctx);
62bad771
BL		 669 BN_sub(&d,&d,&b);
670 if(!BN_is_zero(&d) || !BN_is_zero(&e))
671 {
cae55bfc 672 fprintf(stderr,"Multiplication test failed!\n");
62bad771
BL		 673 return 0;
674 }
d02b48c6 675 }
dfeab068
RE		 676 BN_free(&a);
677 BN_free(&b);
678 BN_free(&c);
62bad771
BL		 679 BN_free(&d);
680 BN_free(&e);
c62b26fd 681 BN_CTX_free(ctx);
d02b48c6
RE		 682 return(1);
683 }
684
6b691a5c 685int test_sqr(BIO *bp, BN_CTX *ctx)
d02b48c6 686 {
62bad771 687 BIGNUM a,c,d,e;
d02b48c6 688 int i;
d02b48c6 689
dfeab068
RE		 690 BN_init(&a);
691 BN_init(&c);
62bad771
BL		 692 BN_init(&d);
693 BN_init(&e);
d02b48c6 694
cae55bfc 695 for (i=0; i<num0; i++)
d02b48c6 696 {
111482cf 697 BN_bntest_rand(&a,40+i*10,0,0);
dfeab068 698 a.neg=rand_neg();
dfeab068 699 BN_sqr(&c,&a,ctx);
d02b48c6
RE		 700 if (bp != NULL)
701 {
702 if (!results)
703 {
dfeab068 704 BN_print(bp,&a);
d02b48c6 705 BIO_puts(bp," * ");
dfeab068 706 BN_print(bp,&a);
d02b48c6
RE		 707 BIO_puts(bp," - ");
708 }
dfeab068 709 BN_print(bp,&c);
d02b48c6
RE		 710 BIO_puts(bp,"\n");
711 }
62bad771
BL		 712 BN_div(&d,&e,&c,&a,ctx);
713 BN_sub(&d,&d,&a);
714 if(!BN_is_zero(&d) || !BN_is_zero(&e))
715 {
cae55bfc 716 fprintf(stderr,"Square test failed!\n");
62bad771
BL		 717 return 0;
718 }
d02b48c6 719 }
dfeab068
RE		 720 BN_free(&a);
721 BN_free(&c);
62bad771
BL		 722 BN_free(&d);
723 BN_free(&e);
d02b48c6
RE		 724 return(1);
725 }
726
6b691a5c 727int test_mont(BIO *bp, BN_CTX *ctx)
d02b48c6 728 {
62bad771 729 BIGNUM a,b,c,d,A,B;
dfeab068 730 BIGNUM n;
d02b48c6 731 int i;
d02b48c6
RE		 732 BN_MONT_CTX *mont;
733
dfeab068
RE		 734 BN_init(&a);
735 BN_init(&b);
736 BN_init(&c);
62bad771 737 BN_init(&d);
dfeab068
RE		 738 BN_init(&A);
739 BN_init(&B);
740 BN_init(&n);
d02b48c6
RE		 741
742 mont=BN_MONT_CTX_new();
b4e88ccb
NL		 743 if (mont == NULL)
744 return 0;
d02b48c6 745
111482cf
UM		 746 BN_bntest_rand(&a,100,0,0); /**/
747 BN_bntest_rand(&b,100,0,0); /**/
cae55bfc 748 for (i=0; i<num2; i++)
d02b48c6 749 {
ea96c4bc 750 int bits = (200*(i+1))/num2;
6e0cad8d
BM		 751
752 if (bits == 0)
753 continue;
111482cf 754 BN_bntest_rand(&n,bits,0,1);
dfeab068 755 BN_MONT_CTX_set(mont,&n,ctx);
d02b48c6 756
14697d9d
BM		 757 BN_nnmod(&a,&a,&n,ctx);
758 BN_nnmod(&b,&b,&n,ctx);
759
dfeab068
RE		 760 BN_to_montgomery(&A,&a,mont,ctx);
761 BN_to_montgomery(&B,&b,mont,ctx);
d02b48c6 762
dfeab068
RE		 763 BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
764 BN_from_montgomery(&A,&c,mont,ctx);/**/
d02b48c6
RE		 765 if (bp != NULL)
766 {
767 if (!results)
768 {
769#ifdef undef
770fprintf(stderr,"%d * %d %% %d\n",
dfeab068
RE		 771BN_num_bits(&a),
772BN_num_bits(&b),
d02b48c6
RE		 773BN_num_bits(mont->N));
774#endif
dfeab068 775 BN_print(bp,&a);
d02b48c6 776 BIO_puts(bp," * ");
dfeab068 777 BN_print(bp,&b);
d02b48c6 778 BIO_puts(bp," % ");
dfeab068 779 BN_print(bp,&(mont->N));
d02b48c6
RE		 780 BIO_puts(bp," - ");
781 }
dfeab068 782 BN_print(bp,&A);
d02b48c6
RE		 783 BIO_puts(bp,"\n");
784 }
62bad771
BL		 785 BN_mod_mul(&d,&a,&b,&n,ctx);
786 BN_sub(&d,&d,&A);
787 if(!BN_is_zero(&d))
788 {
cae55bfc 789 fprintf(stderr,"Montgomery multiplication test failed!\n");
62bad771
BL		 790 return 0;
791 }
d02b48c6
RE		 792 }
793 BN_MONT_CTX_free(mont);
dfeab068
RE		 794 BN_free(&a);
795 BN_free(&b);
796 BN_free(&c);
62bad771
BL		 797 BN_free(&d);
798 BN_free(&A);
799 BN_free(&B);
800 BN_free(&n);
d02b48c6
RE		 801 return(1);
802 }
803
6b691a5c 804int test_mod(BIO *bp, BN_CTX *ctx)
d02b48c6 805 {
62bad771 806 BIGNUM *a,*b,*c,*d,*e;
d02b48c6 807 int i;
d02b48c6
RE		 808
809 a=BN_new();
810 b=BN_new();
811 c=BN_new();
62bad771
BL		 812 d=BN_new();
813 e=BN_new();
d02b48c6 814
111482cf 815 BN_bntest_rand(a,1024,0,0); /**/
cae55bfc 816 for (i=0; i<num0; i++)
d02b48c6 817 {
111482cf 818 BN_bntest_rand(b,450+i*10,0,0); /**/
d02b48c6
RE		 819 a->neg=rand_neg();
820 b->neg=rand_neg();
d02b48c6
RE		 821 BN_mod(c,a,b,ctx);/**/
822 if (bp != NULL)
823 {
824 if (!results)
825 {
826 BN_print(bp,a);
827 BIO_puts(bp," % ");
828 BN_print(bp,b);
829 BIO_puts(bp," - ");
830 }
831 BN_print(bp,c);
832 BIO_puts(bp,"\n");
833 }
62bad771
BL		 834 BN_div(d,e,a,b,ctx);
835 BN_sub(e,e,c);
836 if(!BN_is_zero(e))
837 {
cae55bfc 838 fprintf(stderr,"Modulo test failed!\n");
62bad771
BL		 839 return 0;
840 }
d02b48c6
RE		 841 }
842 BN_free(a);
843 BN_free(b);
844 BN_free(c);
62bad771
BL		 845 BN_free(d);
846 BN_free(e);
d02b48c6
RE		 847 return(1);
848 }
849
6b691a5c 850int test_mod_mul(BIO *bp, BN_CTX *ctx)
d02b48c6
RE		 851 {
852 BIGNUM *a,*b,*c,*d,*e;
aecb0b01 853 int i,j;
d02b48c6
RE		 854
855 a=BN_new();
856 b=BN_new();
857 c=BN_new();
858 d=BN_new();
859 e=BN_new();
860
aecb0b01 861 for (j=0; j<3; j++) {
111482cf 862 BN_bntest_rand(c,1024,0,0); /**/
cae55bfc 863 for (i=0; i<num0; i++)
d02b48c6 864 {
111482cf
UM		 865 BN_bntest_rand(a,475+i*10,0,0); /**/
866 BN_bntest_rand(b,425+i*11,0,0); /**/
d02b48c6
RE		 867 a->neg=rand_neg();
868 b->neg=rand_neg();
d02b48c6
RE		 869 if (!BN_mod_mul(e,a,b,c,ctx))
870 {
871 unsigned long l;
872
873 while ((l=ERR_get_error()))
874 fprintf(stderr,"ERROR:%s\n",
875 ERR_error_string(l,NULL));
55f78baf 876 EXIT(1);
d02b48c6
RE		 877 }
878 if (bp != NULL)
879 {
880 if (!results)
881 {
882 BN_print(bp,a);
883 BIO_puts(bp," * ");
884 BN_print(bp,b);
885 BIO_puts(bp," % ");
886 BN_print(bp,c);
5acaa495
BM		 887 if ((a->neg ^ b->neg) && !BN_is_zero(e))
888 {
889 /* If (a*b) % c is negative, c must be added
890 * in order to obtain the normalized remainder
891 * (new with OpenSSL 0.9.7, previous versions of
892 * BN_mod_mul could generate negative results)
893 */
894 BIO_puts(bp," + ");
895 BN_print(bp,c);
896 }
d02b48c6
RE		 897 BIO_puts(bp," - ");
898 }
899 BN_print(bp,e);
900 BIO_puts(bp,"\n");
901 }
62bad771
BL		 902 BN_mul(d,a,b,ctx);
903 BN_sub(d,d,e);
904 BN_div(a,b,d,c,ctx);
905 if(!BN_is_zero(b))
906 {
cae55bfc 907 fprintf(stderr,"Modulo multiply test failed!\n");
020fc820 908 ERR_print_errors_fp(stderr);
62bad771
BL		 909 return 0;
910 }
d02b48c6 911 }
aecb0b01 912 }
d02b48c6
RE		 913 BN_free(a);
914 BN_free(b);
915 BN_free(c);
916 BN_free(d);
917 BN_free(e);
918 return(1);
919 }
920
6b691a5c 921int test_mod_exp(BIO *bp, BN_CTX *ctx)
d02b48c6
RE		 922 {
923 BIGNUM *a,*b,*c,*d,*e;
924 int i;
925
926 a=BN_new();
927 b=BN_new();
928 c=BN_new();
929 d=BN_new();
930 e=BN_new();
931
111482cf 932 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
cae55bfc 933 for (i=0; i<num2; i++)
d02b48c6 934 {
111482cf
UM		 935 BN_bntest_rand(a,20+i*5,0,0); /**/
936 BN_bntest_rand(b,2+i,0,0); /**/
d02b48c6
RE		 937
938 if (!BN_mod_exp(d,a,b,c,ctx))
477fd459 939 return(0);
d02b48c6
RE		 940
941 if (bp != NULL)
942 {
943 if (!results)
944 {
945 BN_print(bp,a);
946 BIO_puts(bp," ^ ");
947 BN_print(bp,b);
948 BIO_puts(bp," % ");
949 BN_print(bp,c);
950 BIO_puts(bp," - ");
951 }
952 BN_print(bp,d);
953 BIO_puts(bp,"\n");
954 }
62bad771
BL		 955 BN_exp(e,a,b,ctx);
956 BN_sub(e,e,d);
957 BN_div(a,b,e,c,ctx);
958 if(!BN_is_zero(b))
959 {
cae55bfc 960 fprintf(stderr,"Modulo exponentiation test failed!\n");
62bad771
BL		 961 return 0;
962 }
d02b48c6
RE		 963 }
964 BN_free(a);
965 BN_free(b);
966 BN_free(c);
967 BN_free(d);
968 BN_free(e);
969 return(1);
970 }
971
46a64376
BM		 972int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
973 {
974 BIGNUM *a,*b,*c,*d,*e;
975 int i;
976
977 a=BN_new();
978 b=BN_new();
979 c=BN_new();
980 d=BN_new();
981 e=BN_new();
982
983 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
984 for (i=0; i<num2; i++)
985 {
986 BN_bntest_rand(a,20+i*5,0,0); /**/
987 BN_bntest_rand(b,2+i,0,0); /**/
988
989 if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
990 return(00);
991
992 if (bp != NULL)
993 {
994 if (!results)
995 {
996 BN_print(bp,a);
997 BIO_puts(bp," ^ ");
998 BN_print(bp,b);
999 BIO_puts(bp," % ");
1000 BN_print(bp,c);
1001 BIO_puts(bp," - ");
1002 }
1003 BN_print(bp,d);
1004 BIO_puts(bp,"\n");
1005 }
1006 BN_exp(e,a,b,ctx);
1007 BN_sub(e,e,d);
1008 BN_div(a,b,e,c,ctx);
1009 if(!BN_is_zero(b))
1010 {
1011 fprintf(stderr,"Modulo exponentiation test failed!\n");
1012 return 0;
1013 }
1014 }
1015 BN_free(a);
1016 BN_free(b);
1017 BN_free(c);
1018 BN_free(d);
1019 BN_free(e);
1020 return(1);
1021 }
1022
cdfe0fdd
BM		 1023/* Test constant-time modular exponentiation with 1024-bit inputs,
1024 * which on x86_64 cause a different code branch to be taken.
1025 */
1026int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
1027 {
1028 BIGNUM *a,*p,*m,*d,*e;
cdfe0fdd
BM		 1029
1030 BN_MONT_CTX *mont;
1031
1032 a=BN_new();
1033 p=BN_new();
1034 m=BN_new();
1035 d=BN_new();
1036 e=BN_new();
1037
1038 mont = BN_MONT_CTX_new();
1039
1040 BN_bntest_rand(m,1024,0,1); /* must be odd for montgomery */
1041 /* Zero exponent */
1042 BN_bntest_rand(a,1024,0,0);
1043 BN_zero(p);
1044 if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
1045 return 0;
1046 if(!BN_is_one(d))
1047 {
1048 fprintf(stderr, "Modular exponentiation test failed!\n");
1049 return 0;
1050 }
1051 /* Zero input */
1052 BN_bntest_rand(p,1024,0,0);
1053 BN_zero(a);
1054 if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
1055 return 0;
1056 if(!BN_is_zero(d))
1057 {
1058 fprintf(stderr, "Modular exponentiation test failed!\n");
1059 return 0;
1060 }
1061 /* Craft an input whose Montgomery representation is 1,
1062 * i.e., shorter than the modulus m, in order to test
1063 * the const time precomputation scattering/gathering.
1064 */
1065 BN_one(a);
1066 BN_MONT_CTX_set(mont,m,ctx);
1067 if(!BN_from_montgomery(e,a,mont,ctx))
1068 return 0;
1069 if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
1070 return 0;
1071 if(!BN_mod_exp_simple(a,e,p,m,ctx))
1072 return 0;
1073 if(BN_cmp(a,d) != 0)
1074 {
1075 fprintf(stderr,"Modular exponentiation test failed!\n");
1076 return 0;
1077 }
1078 /* Finally, some regular test vectors. */
1079 BN_bntest_rand(e,1024,0,0);
1080 if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
1081 return 0;
1082 if(!BN_mod_exp_simple(a,e,p,m,ctx))
1083 return 0;
1084 if(BN_cmp(a,d) != 0)
1085 {
1086 fprintf(stderr,"Modular exponentiation test failed!\n");
1087 return 0;
1088 }
1089 BN_free(a);
1090 BN_free(p);
1091 BN_free(m);
1092 BN_free(d);
1093 BN_free(e);
1094 return(1);
1095 }
1096
6b691a5c 1097int test_exp(BIO *bp, BN_CTX *ctx)
a0a54079 1098 {
62bad771 1099 BIGNUM *a,*b,*d,*e,*one;
a0a54079
MC		 1100 int i;
1101
1102 a=BN_new();
1103 b=BN_new();
1104 d=BN_new();
1105 e=BN_new();
62bad771
BL		 1106 one=BN_new();
1107 BN_one(one);
a0a54079 1108
cae55bfc 1109 for (i=0; i<num2; i++)
a0a54079 1110 {
111482cf
UM		 1111 BN_bntest_rand(a,20+i*5,0,0); /**/
1112 BN_bntest_rand(b,2+i,0,0); /**/
a0a54079 1113
e8a682f2 1114 if (BN_exp(d,a,b,ctx) <= 0)
477fd459 1115 return(0);
a0a54079
MC		 1116
1117 if (bp != NULL)
1118 {
1119 if (!results)
1120 {
1121 BN_print(bp,a);
1122 BIO_puts(bp," ^ ");
1123 BN_print(bp,b);
1124 BIO_puts(bp," - ");
1125 }
1126 BN_print(bp,d);
1127 BIO_puts(bp,"\n");
1128 }
62bad771
BL		 1129 BN_one(e);
1130 for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
1131 BN_mul(e,e,a,ctx);
1132 BN_sub(e,e,d);
1133 if(!BN_is_zero(e))
1134 {
cae55bfc 1135 fprintf(stderr,"Exponentiation test failed!\n");
62bad771
BL		 1136 return 0;
1137 }
a0a54079
MC		 1138 }
1139 BN_free(a);
1140 BN_free(b);
1141 BN_free(d);
1142 BN_free(e);
62bad771 1143 BN_free(one);
a0a54079
MC		 1144 return(1);
1145 }
b3310161 1146#ifndef OPENSSL_NO_EC2M
1dc920c8
BM		 1147int test_gf2m_add(BIO *bp)
1148 {
1149 BIGNUM a,b,c;
1150 int i, ret = 0;
1151
1152 BN_init(&a);
1153 BN_init(&b);
1154 BN_init(&c);
1155
1156 for (i=0; i<num0; i++)
1157 {
1158 BN_rand(&a,512,0,0);
1159 BN_copy(&b, BN_value_one());
1160 a.neg=rand_neg();
1161 b.neg=rand_neg();
1162 BN_GF2m_add(&c,&a,&b);
1163#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1164 if (bp != NULL)
1165 {
1166 if (!results)
1167 {
1168 BN_print(bp,&a);
1169 BIO_puts(bp," ^ ");
1170 BN_print(bp,&b);
1171 BIO_puts(bp," = ");
1172 }
1173 BN_print(bp,&c);
1174 BIO_puts(bp,"\n");
1175 }
1176#endif
1177 /* Test that two added values have the correct parity. */
1178 if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
1179 {
1180 fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
1181 goto err;
1182 }
1183 BN_GF2m_add(&c,&c,&c);
1184 /* Test that c + c = 0. */
1185 if(!BN_is_zero(&c))
1186 {
1187 fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
1188 goto err;
1189 }
1190 }
1191 ret = 1;
1192 err:
1193 BN_free(&a);
1194 BN_free(&b);
1195 BN_free(&c);
1196 return ret;
1197 }
1198
1199int test_gf2m_mod(BIO *bp)
1200 {
1201 BIGNUM *a,*b[2],*c,*d,*e;
1202 int i, j, ret = 0;
c4e7870a
BM		 1203 int p0[] = {163,7,6,3,0,-1};
1204 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1205
1206 a=BN_new();
1207 b[0]=BN_new();
1208 b[1]=BN_new();
1209 c=BN_new();
1210 d=BN_new();
1211 e=BN_new();
1212
1213 BN_GF2m_arr2poly(p0, b[0]);
1214 BN_GF2m_arr2poly(p1, b[1]);
1215
1216 for (i=0; i<num0; i++)
1217 {
1218 BN_bntest_rand(a, 1024, 0, 0);
1219 for (j=0; j < 2; j++)
1220 {
1221 BN_GF2m_mod(c, a, b[j]);
1222#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1223 if (bp != NULL)
1224 {
1225 if (!results)
1226 {
1227 BN_print(bp,a);
1228 BIO_puts(bp," % ");
1229 BN_print(bp,b[j]);
1230 BIO_puts(bp," - ");
1231 BN_print(bp,c);
1232 BIO_puts(bp,"\n");
1233 }
1234 }
1235#endif
1236 BN_GF2m_add(d, a, c);
1237 BN_GF2m_mod(e, d, b[j]);
1238 /* Test that a + (a mod p) mod p == 0. */
1239 if(!BN_is_zero(e))
1240 {
1241 fprintf(stderr,"GF(2^m) modulo test failed!\n");
1242 goto err;
1243 }
1244 }
1245 }
1246 ret = 1;
1247 err:
1248 BN_free(a);
1249 BN_free(b[0]);
1250 BN_free(b[1]);
1251 BN_free(c);
1252 BN_free(d);
1253 BN_free(e);
1254 return ret;
1255 }
1256
1257int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
1258 {
1259 BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
1260 int i, j, ret = 0;
c4e7870a
BM		 1261 int p0[] = {163,7,6,3,0,-1};
1262 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1263
1264 a=BN_new();
1265 b[0]=BN_new();
1266 b[1]=BN_new();
1267 c=BN_new();
1268 d=BN_new();
1269 e=BN_new();
1270 f=BN_new();
1271 g=BN_new();
1272 h=BN_new();
1273
1274 BN_GF2m_arr2poly(p0, b[0]);
1275 BN_GF2m_arr2poly(p1, b[1]);
1276
1277 for (i=0; i<num0; i++)
1278 {
1279 BN_bntest_rand(a, 1024, 0, 0);
1280 BN_bntest_rand(c, 1024, 0, 0);
1281 BN_bntest_rand(d, 1024, 0, 0);
1282 for (j=0; j < 2; j++)
1283 {
1284 BN_GF2m_mod_mul(e, a, c, b[j], ctx);
1285#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1286 if (bp != NULL)
1287 {
1288 if (!results)
1289 {
1290 BN_print(bp,a);
1291 BIO_puts(bp," * ");
1292 BN_print(bp,c);
1293 BIO_puts(bp," % ");
1294 BN_print(bp,b[j]);
1295 BIO_puts(bp," - ");
1296 BN_print(bp,e);
1297 BIO_puts(bp,"\n");
1298 }
1299 }
1300#endif
1301 BN_GF2m_add(f, a, d);
1302 BN_GF2m_mod_mul(g, f, c, b[j], ctx);
1303 BN_GF2m_mod_mul(h, d, c, b[j], ctx);
1304 BN_GF2m_add(f, e, g);
1305 BN_GF2m_add(f, f, h);
1306 /* Test that (a+d)*c = a*c + d*c. */
1307 if(!BN_is_zero(f))
1308 {
1309 fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
1310 goto err;
1311 }
1312 }
1313 }
1314 ret = 1;
1315 err:
1316 BN_free(a);
1317 BN_free(b[0]);
1318 BN_free(b[1]);
1319 BN_free(c);
1320 BN_free(d);
1321 BN_free(e);
1322 BN_free(f);
1323 BN_free(g);
1324 BN_free(h);
1325 return ret;
1326 }
1327
1328int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
1329 {
1330 BIGNUM *a,*b[2],*c,*d;
1331 int i, j, ret = 0;
c4e7870a
BM		 1332 int p0[] = {163,7,6,3,0,-1};
1333 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1334
1335 a=BN_new();
1336 b[0]=BN_new();
1337 b[1]=BN_new();
1338 c=BN_new();
1339 d=BN_new();
1340
1341 BN_GF2m_arr2poly(p0, b[0]);
1342 BN_GF2m_arr2poly(p1, b[1]);
1343
1344 for (i=0; i<num0; i++)
1345 {
1346 BN_bntest_rand(a, 1024, 0, 0);
1347 for (j=0; j < 2; j++)
1348 {
1349 BN_GF2m_mod_sqr(c, a, b[j], ctx);
1350 BN_copy(d, a);
1351 BN_GF2m_mod_mul(d, a, d, b[j], ctx);
1352#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1353 if (bp != NULL)
1354 {
1355 if (!results)
1356 {
1357 BN_print(bp,a);
1358 BIO_puts(bp," ^ 2 % ");
1359 BN_print(bp,b[j]);
1360 BIO_puts(bp, " = ");
1361 BN_print(bp,c);
1362 BIO_puts(bp,"; a * a = ");
1363 BN_print(bp,d);
1364 BIO_puts(bp,"\n");
1365 }
1366 }
1367#endif
1368 BN_GF2m_add(d, c, d);
1369 /* Test that a*a = a^2. */
1370 if(!BN_is_zero(d))
1371 {
1372 fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
1373 goto err;
1374 }
1375 }
1376 }
1377 ret = 1;
1378 err:
1379 BN_free(a);
1380 BN_free(b[0]);
1381 BN_free(b[1]);
1382 BN_free(c);
1383 BN_free(d);
1384 return ret;
1385 }
1386
1387int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
1388 {
1389 BIGNUM *a,*b[2],*c,*d;
1390 int i, j, ret = 0;
c4e7870a
BM		 1391 int p0[] = {163,7,6,3,0,-1};
1392 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1393
1394 a=BN_new();
1395 b[0]=BN_new();
1396 b[1]=BN_new();
1397 c=BN_new();
1398 d=BN_new();
1399
1400 BN_GF2m_arr2poly(p0, b[0]);
1401 BN_GF2m_arr2poly(p1, b[1]);
1402
1403 for (i=0; i<num0; i++)
1404 {
1405 BN_bntest_rand(a, 512, 0, 0);
1406 for (j=0; j < 2; j++)
1407 {
1408 BN_GF2m_mod_inv(c, a, b[j], ctx);
1409 BN_GF2m_mod_mul(d, a, c, b[j], ctx);
1410#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1411 if (bp != NULL)
1412 {
1413 if (!results)
1414 {
1415 BN_print(bp,a);
1416 BIO_puts(bp, " * ");
1417 BN_print(bp,c);
1418 BIO_puts(bp," - 1 % ");
1419 BN_print(bp,b[j]);
1420 BIO_puts(bp,"\n");
1421 }
1422 }
1423#endif
1424 /* Test that ((1/a)*a) = 1. */
1425 if(!BN_is_one(d))
1426 {
1427 fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
1428 goto err;
1429 }
1430 }
1431 }
1432 ret = 1;
1433 err:
1434 BN_free(a);
1435 BN_free(b[0]);
1436 BN_free(b[1]);
1437 BN_free(c);
1438 BN_free(d);
1439 return ret;
1440 }
1441
1442int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
1443 {
1444 BIGNUM *a,*b[2],*c,*d,*e,*f;
1445 int i, j, ret = 0;
c4e7870a
BM		 1446 int p0[] = {163,7,6,3,0,-1};
1447 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1448
1449 a=BN_new();
1450 b[0]=BN_new();
1451 b[1]=BN_new();
1452 c=BN_new();
1453 d=BN_new();
1454 e=BN_new();
1455 f=BN_new();
1456
1457 BN_GF2m_arr2poly(p0, b[0]);
1458 BN_GF2m_arr2poly(p1, b[1]);
1459
1460 for (i=0; i<num0; i++)
1461 {
1462 BN_bntest_rand(a, 512, 0, 0);
1463 BN_bntest_rand(c, 512, 0, 0);
1464 for (j=0; j < 2; j++)
1465 {
1466 BN_GF2m_mod_div(d, a, c, b[j], ctx);
1467 BN_GF2m_mod_mul(e, d, c, b[j], ctx);
1468 BN_GF2m_mod_div(f, a, e, b[j], ctx);
1469#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1470 if (bp != NULL)
1471 {
1472 if (!results)
1473 {
1474 BN_print(bp,a);
1475 BIO_puts(bp, " = ");
1476 BN_print(bp,c);
1477 BIO_puts(bp," * ");
1478 BN_print(bp,d);
1479 BIO_puts(bp, " % ");
1480 BN_print(bp,b[j]);
1481 BIO_puts(bp,"\n");
1482 }
1483 }
1484#endif
1485 /* Test that ((a/c)*c)/a = 1. */
1486 if(!BN_is_one(f))
1487 {
1488 fprintf(stderr,"GF(2^m) modular division test failed!\n");
1489 goto err;
1490 }
1491 }
1492 }
1493 ret = 1;
1494 err:
1495 BN_free(a);
1496 BN_free(b[0]);
1497 BN_free(b[1]);
1498 BN_free(c);
1499 BN_free(d);
1500 BN_free(e);
1501 BN_free(f);
1502 return ret;
1503 }
1504
1505int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
1506 {
1507 BIGNUM *a,*b[2],*c,*d,*e,*f;
1508 int i, j, ret = 0;
c4e7870a
BM		 1509 int p0[] = {163,7,6,3,0,-1};
1510 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1511
1512 a=BN_new();
1513 b[0]=BN_new();
1514 b[1]=BN_new();
1515 c=BN_new();
1516 d=BN_new();
1517 e=BN_new();
1518 f=BN_new();
1519
1520 BN_GF2m_arr2poly(p0, b[0]);
1521 BN_GF2m_arr2poly(p1, b[1]);
1522
1523 for (i=0; i<num0; i++)
1524 {
1525 BN_bntest_rand(a, 512, 0, 0);
1526 BN_bntest_rand(c, 512, 0, 0);
1527 BN_bntest_rand(d, 512, 0, 0);
1528 for (j=0; j < 2; j++)
1529 {
1530 BN_GF2m_mod_exp(e, a, c, b[j], ctx);
1531 BN_GF2m_mod_exp(f, a, d, b[j], ctx);
1532 BN_GF2m_mod_mul(e, e, f, b[j], ctx);
1533 BN_add(f, c, d);
1534 BN_GF2m_mod_exp(f, a, f, b[j], ctx);
1535#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1536 if (bp != NULL)
1537 {
1538 if (!results)
1539 {
1540 BN_print(bp,a);
1541 BIO_puts(bp, " ^ (");
1542 BN_print(bp,c);
1543 BIO_puts(bp," + ");
1544 BN_print(bp,d);
1545 BIO_puts(bp, ") = ");
1546 BN_print(bp,e);
1547 BIO_puts(bp, "; - ");
1548 BN_print(bp,f);
1549 BIO_puts(bp, " % ");
1550 BN_print(bp,b[j]);
1551 BIO_puts(bp,"\n");
1552 }
1553 }
1554#endif
1555 BN_GF2m_add(f, e, f);
1556 /* Test that a^(c+d)=a^c*a^d. */
1557 if(!BN_is_zero(f))
1558 {
1559 fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
1560 goto err;
1561 }
1562 }
1563 }
1564 ret = 1;
1565 err:
1566 BN_free(a);
1567 BN_free(b[0]);
1568 BN_free(b[1]);
1569 BN_free(c);
1570 BN_free(d);
1571 BN_free(e);
1572 BN_free(f);
1573 return ret;
1574 }
1575
1576int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
1577 {
1578 BIGNUM *a,*b[2],*c,*d,*e,*f;
1579 int i, j, ret = 0;
c4e7870a
BM		 1580 int p0[] = {163,7,6,3,0,-1};
1581 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1582
1583 a=BN_new();
1584 b[0]=BN_new();
1585 b[1]=BN_new();
1586 c=BN_new();
1587 d=BN_new();
1588 e=BN_new();
1589 f=BN_new();
1590
1591 BN_GF2m_arr2poly(p0, b[0]);
1592 BN_GF2m_arr2poly(p1, b[1]);
1593
1594 for (i=0; i<num0; i++)
1595 {
1596 BN_bntest_rand(a, 512, 0, 0);
1597 for (j=0; j < 2; j++)
1598 {
1599 BN_GF2m_mod(c, a, b[j]);
1600 BN_GF2m_mod_sqrt(d, a, b[j], ctx);
1601 BN_GF2m_mod_sqr(e, d, b[j], ctx);
1602#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1603 if (bp != NULL)
1604 {
1605 if (!results)
1606 {
1607 BN_print(bp,d);
1608 BIO_puts(bp, " ^ 2 - ");
1609 BN_print(bp,a);
1610 BIO_puts(bp,"\n");
1611 }
1612 }
1613#endif
1614 BN_GF2m_add(f, c, e);
1615 /* Test that d^2 = a, where d = sqrt(a). */
1616 if(!BN_is_zero(f))
1617 {
1618 fprintf(stderr,"GF(2^m) modular square root test failed!\n");
1619 goto err;
1620 }
1621 }
1622 }
1623 ret = 1;
1624 err:
1625 BN_free(a);
1626 BN_free(b[0]);
1627 BN_free(b[1]);
1628 BN_free(c);
1629 BN_free(d);
1630 BN_free(e);
1631 BN_free(f);
1632 return ret;
1633 }
1634
1635int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
1636 {
1637 BIGNUM *a,*b[2],*c,*d,*e;
1638 int i, j, s = 0, t, ret = 0;
c4e7870a
BM		 1639 int p0[] = {163,7,6,3,0,-1};
1640 int p1[] = {193,15,0,-1};
1dc920c8
BM		 1641
1642 a=BN_new();
1643 b[0]=BN_new();
1644 b[1]=BN_new();
1645 c=BN_new();
1646 d=BN_new();
1647 e=BN_new();
1648
1649 BN_GF2m_arr2poly(p0, b[0]);
1650 BN_GF2m_arr2poly(p1, b[1]);
1651
1652 for (i=0; i<num0; i++)
1653 {
1654 BN_bntest_rand(a, 512, 0, 0);
1655 for (j=0; j < 2; j++)
1656 {
1657 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1658 if (t)
1659 {
1660 s++;
1661 BN_GF2m_mod_sqr(d, c, b[j], ctx);
1662 BN_GF2m_add(d, c, d);
1663 BN_GF2m_mod(e, a, b[j]);
1664#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1665 if (bp != NULL)
1666 {
1667 if (!results)
1668 {
1669 BN_print(bp,c);
1670 BIO_puts(bp, " is root of z^2 + z = ");
1671 BN_print(bp,a);
1672 BIO_puts(bp, " % ");
1673 BN_print(bp,b[j]);
1674 BIO_puts(bp, "\n");
1675 }
1676 }
1677#endif
1678 BN_GF2m_add(e, e, d);
1679 /* Test that solution of quadratic c satisfies c^2 + c = a. */
1680 if(!BN_is_zero(e))
1681 {
1682 fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
1683 goto err;
1684 }
1685
1686 }
1687 else
1688 {
1689#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1690 if (bp != NULL)
1691 {
1692 if (!results)
1693 {
1694 BIO_puts(bp, "There are no roots of z^2 + z = ");
1695 BN_print(bp,a);
1696 BIO_puts(bp, " % ");
1697 BN_print(bp,b[j]);
1698 BIO_puts(bp, "\n");
1699 }
1700 }
1701#endif
1702 }
1703 }
1704 }
1705 if (s == 0)
1706 {
1707 fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
1708 fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
1709 goto err;
1710 }
1711 ret = 1;
1712 err:
1713 BN_free(a);
1714 BN_free(b[0]);
1715 BN_free(b[1]);
1716 BN_free(c);
1717 BN_free(d);
1718 BN_free(e);
1719 return ret;
1720 }
b3310161 1721#endif
2aaec9cc 1722static int genprime_cb(int p, int n, BN_GENCB *arg)
bdec3c53
BM		 1723 {
1724 char c='*';
1725
1726 if (p == 0) c='.';
1727 if (p == 1) c='+';
1728 if (p == 2) c='*';
1729 if (p == 3) c='\n';
1730 putc(c, stderr);
1731 fflush(stderr);
2aaec9cc 1732 return 1;
bdec3c53
BM		 1733 }
1734
c7820896
BM		 1735int test_kron(BIO *bp, BN_CTX *ctx)
1736 {
2aaec9cc 1737 BN_GENCB cb;
470fa98f 1738 BIGNUM *a,*b,*r,*t;
bdec3c53
BM		 1739 int i;
1740 int legendre, kronecker;
1741 int ret = 0;
1742
1743 a = BN_new();
1744 b = BN_new();
1745 r = BN_new();
470fa98f
BM		 1746 t = BN_new();
1747 if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
2aaec9cc
GT		 1748
1749 BN_GENCB_set(&cb, genprime_cb, NULL);
bdec3c53 1750
d79cab27
BM		 1751 /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
1752 * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
1753 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
1754 * So we generate a random prime b and compare these values
1755 * for a number of random a's. (That is, we run the Solovay-Strassen
1756 * primality test to confirm that b is prime, except that we
1757 * don't want to test whether b is prime but whether BN_kronecker
1758 * works.) */
1759
2aaec9cc 1760 if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
80d89e6a 1761 b->neg = rand_neg();
bdec3c53 1762 putc('\n', stderr);
d79cab27 1763
bdec3c53
BM		 1764 for (i = 0; i < num0; i++)
1765 {
111482cf 1766 if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
eb1f1b0a
BM		 1767 a->neg = rand_neg();
1768
80d89e6a 1769 /* t := (|b|-1)/2 (note that b is odd) */
470fa98f 1770 if (!BN_copy(t, b)) goto err;
80d89e6a 1771 t->neg = 0;
470fa98f
BM		 1772 if (!BN_sub_word(t, 1)) goto err;
1773 if (!BN_rshift1(t, t)) goto err;
1774 /* r := a^t mod b */
8dea52fa
BM		 1775 b->neg=0;
1776
5c9396e3 1777 if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
8dea52fa 1778 b->neg=1;
bdec3c53
BM		 1779
1780 if (BN_is_word(r, 1))
1781 legendre = 1;
b2993bde
BM		 1782 else if (BN_is_zero(r))
1783 legendre = 0;
bdec3c53
BM		 1784 else
1785 {
1786 if (!BN_add_word(r, 1)) goto err;
8dea52fa 1787 if (0 != BN_ucmp(r, b))
bdec3c53
BM		 1788 {
1789 fprintf(stderr, "Legendre symbol computation failed\n");
1790 goto err;
1791 }
1792 legendre = -1;
1793 }
fc2e05c2 1794
bdec3c53
BM		 1795 kronecker = BN_kronecker(a, b, ctx);
1796 if (kronecker < -1) goto err;
80d89e6a
BM		 1797 /* we actually need BN_kronecker(a, |b|) */
1798 if (a->neg && b->neg)
1799 kronecker = -kronecker;
bdec3c53
BM		 1800
1801 if (legendre != kronecker)
1802 {
1803 fprintf(stderr, "legendre != kronecker; a = ");
1804 BN_print_fp(stderr, a);
fc2e05c2 1805 fprintf(stderr, ", b = ");
bdec3c53
BM		 1806 BN_print_fp(stderr, b);
1807 fprintf(stderr, "\n");
1808 goto err;
1809 }
1810
03a08489
BM		 1811 putc('.', stderr);
1812 fflush(stderr);
bdec3c53
BM		 1813 }
1814
03a08489
BM		 1815 putc('\n', stderr);
1816 fflush(stderr);
bdec3c53
BM		 1817 ret = 1;
1818 err:
1819 if (a != NULL) BN_free(a);
1820 if (b != NULL) BN_free(b);
1821 if (r != NULL) BN_free(r);
470fa98f 1822 if (t != NULL) BN_free(t);
bdec3c53 1823 return ret;
c7820896
BM		 1824 }
1825
cd2eebfd
BM		 1826int test_sqrt(BIO *bp, BN_CTX *ctx)
1827 {
2aaec9cc 1828 BN_GENCB cb;
cd2eebfd
BM		 1829 BIGNUM *a,*p,*r;
1830 int i, j;
1831 int ret = 0;
1832
1833 a = BN_new();
1834 p = BN_new();
1835 r = BN_new();
1836 if (a == NULL || p == NULL || r == NULL) goto err;
2aaec9cc
GT		 1837
1838 BN_GENCB_set(&cb, genprime_cb, NULL);
1839
cd2eebfd
BM		 1840 for (i = 0; i < 16; i++)
1841 {
1842 if (i < 8)
1843 {
77ac92d0 1844 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
cd2eebfd
BM		 1845
1846 if (!BN_set_word(p, primes[i])) goto err;
1847 }
1848 else
1849 {
1850 if (!BN_set_word(a, 32)) goto err;
1851 if (!BN_set_word(r, 2*i + 1)) goto err;
1852
2aaec9cc 1853 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
cd2eebfd
BM		 1854 putc('\n', stderr);
1855 }
80d89e6a 1856 p->neg = rand_neg();
cd2eebfd
BM		 1857
1858 for (j = 0; j < num2; j++)
1859 {
1860 /* construct 'a' such that it is a square modulo p,
1861 * but in general not a proper square and not reduced modulo p */
111482cf 1862 if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
cd2eebfd
BM		 1863 if (!BN_nnmod(r, r, p, ctx)) goto err;
1864 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
111482cf 1865 if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
cd2eebfd
BM		 1866 if (!BN_nnmod(a, a, p, ctx)) goto err;
1867 if (!BN_mod_sqr(a, a, p, ctx)) goto err;
1868 if (!BN_mul(a, a, r, ctx)) goto err;
80d89e6a
BM		 1869 if (rand_neg())
1870 if (!BN_sub(a, a, p)) goto err;
cd2eebfd
BM		 1871
1872 if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
1873 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1874
1875 if (!BN_nnmod(a, a, p, ctx)) goto err;
1876
1877 if (BN_cmp(a, r) != 0)
1878 {
1879 fprintf(stderr, "BN_mod_sqrt failed: a = ");
1880 BN_print_fp(stderr, a);
1881 fprintf(stderr, ", r = ");
1882 BN_print_fp(stderr, r);
1883 fprintf(stderr, ", p = ");
1884 BN_print_fp(stderr, p);
1885 fprintf(stderr, "\n");
1886 goto err;
1887 }
1888
1889 putc('.', stderr);
1890 fflush(stderr);
1891 }
1892
1893 putc('\n', stderr);
1894 fflush(stderr);
1895 }
1896 ret = 1;
1897 err:
1898 if (a != NULL) BN_free(a);
1899 if (p != NULL) BN_free(p);
1900 if (r != NULL) BN_free(r);
1901 return ret;
1902 }
1903
96a4c31b
AL		 1904int test_small_prime(BIO *bp,BN_CTX *ctx)
1905 {
1906 static const int bits = 10;
1907 int ret = 0;
1908 BIGNUM r;
1909
1910 BN_init(&r);
1911 if (!BN_generate_prime_ex(&r, bits, 0, NULL, NULL, NULL))
1912 goto err;
1913 if (BN_num_bits(&r) != bits)
1914 {
1915 BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, BN_num_bits(&r));
1916 goto err;
1917 }
1918
1919 ret = 1;
1920
1921err:
1922 BN_clear(&r);
1923 return ret;
1924 }
1925
4da88a8d 1926int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
d02b48c6 1927 {
62bad771 1928 BIGNUM *a,*b,*c,*d;
d02b48c6
RE		 1929 int i;
1930
d02b48c6
RE		 1931 b=BN_new();
1932 c=BN_new();
62bad771 1933 d=BN_new();
d02b48c6
RE		 1934 BN_one(c);
1935
4da88a8d
BL		 1936 if(a_)
1937 a=a_;
1938 else
1939 {
1940 a=BN_new();
111482cf 1941 BN_bntest_rand(a,200,0,0); /**/
4da88a8d
BL		 1942 a->neg=rand_neg();
1943 }
cae55bfc 1944 for (i=0; i<num0; i++)
d02b48c6
RE		 1945 {
1946 BN_lshift(b,a,i+1);
1947 BN_add(c,c,c);
1948 if (bp != NULL)
1949 {
1950 if (!results)
1951 {
1952 BN_print(bp,a);
1953 BIO_puts(bp," * ");
1954 BN_print(bp,c);
1955 BIO_puts(bp," - ");
1956 }
1957 BN_print(bp,b);
1958 BIO_puts(bp,"\n");
1959 }
62bad771
BL		 1960 BN_mul(d,a,c,ctx);
1961 BN_sub(d,d,b);
1962 if(!BN_is_zero(d))
1963 {
cae55bfc
UM		 1964 fprintf(stderr,"Left shift test failed!\n");
1965 fprintf(stderr,"a=");
1966 BN_print_fp(stderr,a);
1967 fprintf(stderr,"\nb=");
1968 BN_print_fp(stderr,b);
1969 fprintf(stderr,"\nc=");
1970 BN_print_fp(stderr,c);
1971 fprintf(stderr,"\nd=");
1972 BN_print_fp(stderr,d);
1973 fprintf(stderr,"\n");
62bad771
BL		 1974 return 0;
1975 }
d02b48c6
RE		 1976 }
1977 BN_free(a);
1978 BN_free(b);
1979 BN_free(c);
62bad771 1980 BN_free(d);
d02b48c6
RE		 1981 return(1);
1982 }
1983
6b691a5c 1984int test_lshift1(BIO *bp)
d02b48c6 1985 {
62bad771 1986 BIGNUM *a,*b,*c;
d02b48c6
RE		 1987 int i;
1988
1989 a=BN_new();
1990 b=BN_new();
62bad771 1991 c=BN_new();
d02b48c6 1992
111482cf 1993 BN_bntest_rand(a,200,0,0); /**/
d02b48c6 1994 a->neg=rand_neg();
cae55bfc 1995 for (i=0; i<num0; i++)
d02b48c6
RE		 1996 {
1997 BN_lshift1(b,a);
1998 if (bp != NULL)
1999 {
2000 if (!results)
2001 {
2002 BN_print(bp,a);
2003 BIO_puts(bp," * 2");
2004 BIO_puts(bp," - ");
2005 }
2006 BN_print(bp,b);
2007 BIO_puts(bp,"\n");
2008 }
62bad771
BL		 2009 BN_add(c,a,a);
2010 BN_sub(a,b,c);
2011 if(!BN_is_zero(a))
2012 {
cae55bfc 2013 fprintf(stderr,"Left shift one test failed!\n");
62bad771
BL		 2014 return 0;
2015 }
2016
d02b48c6
RE		 2017 BN_copy(a,b);
2018 }
2019 BN_free(a);
2020 BN_free(b);
62bad771 2021 BN_free(c);
d02b48c6
RE		 2022 return(1);
2023 }
2024
62bad771 2025int test_rshift(BIO *bp,BN_CTX *ctx)
d02b48c6 2026 {
62bad771 2027 BIGNUM *a,*b,*c,*d,*e;
d02b48c6
RE		 2028 int i;
2029
2030 a=BN_new();
2031 b=BN_new();
2032 c=BN_new();
62bad771
BL		 2033 d=BN_new();
2034 e=BN_new();
d02b48c6
RE		 2035 BN_one(c);
2036
111482cf 2037 BN_bntest_rand(a,200,0,0); /**/
d02b48c6 2038 a->neg=rand_neg();
cae55bfc 2039 for (i=0; i<num0; i++)
d02b48c6
RE		 2040 {
2041 BN_rshift(b,a,i+1);
2042 BN_add(c,c,c);
2043 if (bp != NULL)
2044 {
2045 if (!results)
2046 {
2047 BN_print(bp,a);
2048 BIO_puts(bp," / ");
2049 BN_print(bp,c);
2050 BIO_puts(bp," - ");
2051 }
2052 BN_print(bp,b);
2053 BIO_puts(bp,"\n");
2054 }
62bad771
BL		 2055 BN_div(d,e,a,c,ctx);
2056 BN_sub(d,d,b);
2057 if(!BN_is_zero(d))
2058 {
cae55bfc 2059 fprintf(stderr,"Right shift test failed!\n");
62bad771
BL		 2060 return 0;
2061 }
d02b48c6
RE		 2062 }
2063 BN_free(a);
2064 BN_free(b);
2065 BN_free(c);
62bad771
BL		 2066 BN_free(d);
2067 BN_free(e);
d02b48c6
RE		 2068 return(1);
2069 }
2070
6b691a5c 2071int test_rshift1(BIO *bp)
d02b48c6 2072 {
62bad771 2073 BIGNUM *a,*b,*c;
d02b48c6
RE		 2074 int i;
2075
2076 a=BN_new();
2077 b=BN_new();
62bad771 2078 c=BN_new();
d02b48c6 2079
111482cf 2080 BN_bntest_rand(a,200,0,0); /**/
d02b48c6 2081 a->neg=rand_neg();
cae55bfc 2082 for (i=0; i<num0; i++)
d02b48c6
RE		 2083 {
2084 BN_rshift1(b,a);
2085 if (bp != NULL)
2086 {
2087 if (!results)
2088 {
2089 BN_print(bp,a);
2090 BIO_puts(bp," / 2");
2091 BIO_puts(bp," - ");
2092 }
2093 BN_print(bp,b);
2094 BIO_puts(bp,"\n");
2095 }
62bad771
BL		 2096 BN_sub(c,a,b);
2097 BN_sub(c,c,b);
8dea52fa 2098 if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
62bad771 2099 {
cae55bfc 2100 fprintf(stderr,"Right shift one test failed!\n");
62bad771
BL		 2101 return 0;
2102 }
d02b48c6
RE		 2103 BN_copy(a,b);
2104 }
2105 BN_free(a);
2106 BN_free(b);
62bad771 2107 BN_free(c);
d02b48c6
RE		 2108 return(1);
2109 }
2110
6b691a5c 2111int rand_neg(void)
d02b48c6
RE		 2112 {
2113 static unsigned int neg=0;
2114 static int sign[8]={0,0,0,1,1,0,1,1};
2115
2116 return(sign[(neg++)%8]);
2117 }
A mirror of the official openssl repository