]>
Commit | Line | Data |
---|---|---|
440e5d80 | 1 | /* |
38fc02a7 | 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
440e5d80 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 | 8 | */ |
8d1ebff4 RS |
9 | #include <assert.h> |
10 | #include <errno.h> | |
d02b48c6 | 11 | #include <stdio.h> |
d02b48c6 | 12 | #include <string.h> |
08073700 RB |
13 | #ifdef __TANDEM |
14 | # include <strings.h> /* strcasecmp */ | |
15 | #endif | |
8d1ebff4 | 16 | #include <ctype.h> |
17e3dd1c | 17 | |
ec577822 | 18 | #include <openssl/bn.h> |
8d1ebff4 | 19 | #include <openssl/crypto.h> |
ec577822 | 20 | #include <openssl/err.h> |
8d1ebff4 | 21 | #include <openssl/rand.h> |
2b1aa198 RL |
22 | #include "internal/nelem.h" |
23 | #include "internal/numbers.h" | |
8d1ebff4 | 24 | #include "testutil.h" |
d02b48c6 | 25 | |
2b1aa198 RL |
26 | #ifdef OPENSSL_SYS_WINDOWS |
27 | # define strcasecmp _stricmp | |
28 | #endif | |
8927c278 | 29 | |
8d1ebff4 | 30 | /* |
fd009d76 | 31 | * Things in boring, not in openssl. |
8d1ebff4 | 32 | */ |
8d1ebff4 | 33 | #define HAVE_BN_SQRT 0 |
0f113f3e | 34 | |
8d1ebff4 RS |
35 | typedef struct filetest_st { |
36 | const char *name; | |
37 | int (*func)(STANZA *s); | |
38 | } FILETEST; | |
0f113f3e | 39 | |
8d1ebff4 RS |
40 | typedef struct mpitest_st { |
41 | const char *base10; | |
42 | const char *mpi; | |
43 | size_t mpi_len; | |
44 | } MPITEST; | |
0f113f3e | 45 | |
8d1ebff4 RS |
46 | static const int NUM0 = 100; /* number of tests */ |
47 | static const int NUM1 = 50; /* additional tests for some functions */ | |
8d1ebff4 | 48 | static BN_CTX *ctx; |
0f113f3e | 49 | |
30bea14b RS |
50 | /* |
51 | * Polynomial coefficients used in GFM tests. | |
52 | */ | |
ed5c7ea2 | 53 | #ifndef OPENSSL_NO_EC2M |
30bea14b RS |
54 | static int p0[] = { 163, 7, 6, 3, 0, -1 }; |
55 | static int p1[] = { 193, 15, 0, -1 }; | |
ed5c7ea2 | 56 | #endif |
0f113f3e | 57 | |
8d1ebff4 RS |
58 | /* |
59 | * Look for |key| in the stanza and return it or NULL if not found. | |
60 | */ | |
61 | static const char *findattr(STANZA *s, const char *key) | |
62 | { | |
63 | int i = s->numpairs; | |
64 | PAIR *pp = s->pairs; | |
0f113f3e | 65 | |
8d1ebff4 RS |
66 | for ( ; --i >= 0; pp++) |
67 | if (strcasecmp(pp->key, key) == 0) | |
68 | return pp->value; | |
69 | return NULL; | |
70 | } | |
0f113f3e | 71 | |
4483fbae F |
72 | /* |
73 | * Parse BIGNUM from sparse hex-strings, return |BN_hex2bn| result. | |
74 | */ | |
75 | static int parse_bigBN(BIGNUM **out, const char *bn_strings[]) | |
76 | { | |
77 | char *bigstring = glue_strings(bn_strings, NULL); | |
78 | int ret = BN_hex2bn(out, bigstring); | |
79 | ||
80 | OPENSSL_free(bigstring); | |
81 | return ret; | |
82 | } | |
83 | ||
8d1ebff4 RS |
84 | /* |
85 | * Parse BIGNUM, return number of bytes parsed. | |
86 | */ | |
87 | static int parseBN(BIGNUM **out, const char *in) | |
88 | { | |
89 | *out = NULL; | |
90 | return BN_hex2bn(out, in); | |
91 | } | |
0f113f3e | 92 | |
8d1ebff4 RS |
93 | static int parsedecBN(BIGNUM **out, const char *in) |
94 | { | |
95 | *out = NULL; | |
96 | return BN_dec2bn(out, in); | |
97 | } | |
96a4c31b | 98 | |
8d1ebff4 RS |
99 | static BIGNUM *getBN(STANZA *s, const char *attribute) |
100 | { | |
101 | const char *hex; | |
102 | BIGNUM *ret = NULL; | |
8ff70f33 | 103 | |
8d1ebff4 | 104 | if ((hex = findattr(s, attribute)) == NULL) { |
ae269dd8 | 105 | TEST_error("%s:%d: Can't find %s", s->test_file, s->start, attribute); |
8d1ebff4 RS |
106 | return NULL; |
107 | } | |
0f113f3e | 108 | |
8d1ebff4 | 109 | if (parseBN(&ret, hex) != (int)strlen(hex)) { |
30bea14b | 110 | TEST_error("Could not decode '%s'", hex); |
8d1ebff4 RS |
111 | return NULL; |
112 | } | |
113 | return ret; | |
114 | } | |
0f113f3e | 115 | |
8d1ebff4 RS |
116 | static int getint(STANZA *s, int *out, const char *attribute) |
117 | { | |
30bea14b | 118 | BIGNUM *ret; |
8d1ebff4 RS |
119 | BN_ULONG word; |
120 | int st = 0; | |
0f113f3e | 121 | |
30bea14b RS |
122 | if (!TEST_ptr(ret = getBN(s, attribute)) |
123 | || !TEST_ulong_le(word = BN_get_word(ret), INT_MAX)) | |
0f113f3e | 124 | goto err; |
0f113f3e | 125 | |
8d1ebff4 RS |
126 | *out = (int)word; |
127 | st = 1; | |
fe16ae5f | 128 | err: |
8d1ebff4 RS |
129 | BN_free(ret); |
130 | return st; | |
131 | } | |
0f113f3e | 132 | |
8d1ebff4 RS |
133 | static int equalBN(const char *op, const BIGNUM *expected, const BIGNUM *actual) |
134 | { | |
8d1ebff4 RS |
135 | if (BN_cmp(expected, actual) == 0) |
136 | return 1; | |
0f113f3e | 137 | |
dc352c19 P |
138 | TEST_error("unexpected %s value", op); |
139 | TEST_BN_eq(expected, actual); | |
8d1ebff4 | 140 | return 0; |
0f113f3e | 141 | } |
d02b48c6 | 142 | |
8d1ebff4 RS |
143 | /* |
144 | * Return a "random" flag for if a BN should be negated. | |
145 | */ | |
146 | static int rand_neg(void) | |
147 | { | |
148 | static unsigned int neg = 0; | |
149 | static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 }; | |
0f113f3e | 150 | |
8d1ebff4 | 151 | return sign[(neg++) % 8]; |
0f113f3e | 152 | } |
d02b48c6 | 153 | |
9e5b50b5 BB |
154 | static int test_swap(void) |
155 | { | |
156 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; | |
157 | int top, cond, st = 0; | |
158 | ||
159 | if (!TEST_ptr(a = BN_new()) | |
160 | || !TEST_ptr(b = BN_new()) | |
161 | || !TEST_ptr(c = BN_new()) | |
162 | || !TEST_ptr(d = BN_new())) | |
163 | goto err; | |
164 | ||
e2f50811 SL |
165 | if (!(TEST_true(BN_bntest_rand(a, 1024, 1, 0)) |
166 | && TEST_true(BN_bntest_rand(b, 1024, 1, 0)) | |
167 | && TEST_ptr(BN_copy(c, a)) | |
168 | && TEST_ptr(BN_copy(d, b)))) | |
169 | goto err; | |
fe16ae5f | 170 | top = BN_num_bits(a) / BN_BITS2; |
9e5b50b5 BB |
171 | |
172 | /* regular swap */ | |
173 | BN_swap(a, b); | |
174 | if (!equalBN("swap", a, d) | |
175 | || !equalBN("swap", b, c)) | |
176 | goto err; | |
177 | ||
178 | /* conditional swap: true */ | |
179 | cond = 1; | |
180 | BN_consttime_swap(cond, a, b, top); | |
181 | if (!equalBN("cswap true", a, c) | |
182 | || !equalBN("cswap true", b, d)) | |
183 | goto err; | |
184 | ||
185 | /* conditional swap: false */ | |
186 | cond = 0; | |
187 | BN_consttime_swap(cond, a, b, top); | |
188 | if (!equalBN("cswap false", a, c) | |
189 | || !equalBN("cswap false", b, d)) | |
190 | goto err; | |
191 | ||
192 | /* same tests but checking flag swap */ | |
193 | BN_set_flags(a, BN_FLG_CONSTTIME); | |
194 | ||
195 | BN_swap(a, b); | |
196 | if (!equalBN("swap, flags", a, d) | |
197 | || !equalBN("swap, flags", b, c) | |
198 | || !TEST_true(BN_get_flags(b, BN_FLG_CONSTTIME)) | |
199 | || !TEST_false(BN_get_flags(a, BN_FLG_CONSTTIME))) | |
200 | goto err; | |
201 | ||
202 | cond = 1; | |
203 | BN_consttime_swap(cond, a, b, top); | |
204 | if (!equalBN("cswap true, flags", a, c) | |
205 | || !equalBN("cswap true, flags", b, d) | |
206 | || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) | |
207 | || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) | |
208 | goto err; | |
209 | ||
210 | cond = 0; | |
211 | BN_consttime_swap(cond, a, b, top); | |
212 | if (!equalBN("cswap false, flags", a, c) | |
213 | || !equalBN("cswap false, flags", b, d) | |
214 | || !TEST_true(BN_get_flags(a, BN_FLG_CONSTTIME)) | |
215 | || !TEST_false(BN_get_flags(b, BN_FLG_CONSTTIME))) | |
216 | goto err; | |
217 | ||
218 | st = 1; | |
219 | err: | |
220 | BN_free(a); | |
221 | BN_free(b); | |
222 | BN_free(c); | |
223 | BN_free(d); | |
224 | return st; | |
225 | } | |
226 | ||
31a80694 | 227 | static int test_sub(void) |
0f113f3e | 228 | { |
30bea14b RS |
229 | BIGNUM *a = NULL, *b = NULL, *c = NULL; |
230 | int i, st = 0; | |
0f113f3e | 231 | |
30bea14b RS |
232 | if (!TEST_ptr(a = BN_new()) |
233 | || !TEST_ptr(b = BN_new()) | |
234 | || !TEST_ptr(c = BN_new())) | |
235 | goto err; | |
0f113f3e | 236 | |
8d1ebff4 RS |
237 | for (i = 0; i < NUM0 + NUM1; i++) { |
238 | if (i < NUM1) { | |
e2f50811 SL |
239 | if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0))) |
240 | && TEST_ptr(BN_copy(b, a)) | |
241 | && TEST_int_ne(BN_set_bit(a, i), 0) | |
242 | && TEST_true(BN_add_word(b, i))) | |
30bea14b | 243 | goto err; |
0f113f3e | 244 | } else { |
e2f50811 SL |
245 | if (!TEST_true(BN_bntest_rand(b, 400 + i - NUM1, 0, 0))) |
246 | goto err; | |
2b1aa198 RL |
247 | BN_set_negative(a, rand_neg()); |
248 | BN_set_negative(b, rand_neg()); | |
0f113f3e | 249 | } |
e2f50811 SL |
250 | if (!(TEST_true(BN_sub(c, a, b)) |
251 | && TEST_true(BN_add(c, c, b)) | |
252 | && TEST_true(BN_sub(c, c, a)) | |
253 | && TEST_BN_eq_zero(c))) | |
30bea14b | 254 | goto err; |
0f113f3e | 255 | } |
30bea14b | 256 | st = 1; |
fe16ae5f | 257 | err: |
0f113f3e MC |
258 | BN_free(a); |
259 | BN_free(b); | |
260 | BN_free(c); | |
30bea14b | 261 | return st; |
0f113f3e | 262 | } |
8169dd73 | 263 | |
31a80694 | 264 | static int test_div_recip(void) |
0f113f3e | 265 | { |
30bea14b RS |
266 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; |
267 | BN_RECP_CTX *recp = NULL; | |
268 | int st = 0, i; | |
0f113f3e | 269 | |
30bea14b RS |
270 | if (!TEST_ptr(a = BN_new()) |
271 | || !TEST_ptr(b = BN_new()) | |
272 | || !TEST_ptr(c = BN_new()) | |
273 | || !TEST_ptr(d = BN_new()) | |
274 | || !TEST_ptr(e = BN_new()) | |
275 | || !TEST_ptr(recp = BN_RECP_CTX_new())) | |
276 | goto err; | |
0f113f3e | 277 | |
8d1ebff4 RS |
278 | for (i = 0; i < NUM0 + NUM1; i++) { |
279 | if (i < NUM1) { | |
e2f50811 SL |
280 | if (!(TEST_true(BN_bntest_rand(a, 400, 0, 0)) |
281 | && TEST_ptr(BN_copy(b, a)) | |
282 | && TEST_true(BN_lshift(a, a, i)) | |
283 | && TEST_true(BN_add_word(a, i)))) | |
284 | goto err; | |
285 | } else { | |
286 | if (!(TEST_true(BN_bntest_rand(b, 50 + 3 * (i - NUM1), 0, 0)))) | |
287 | goto err; | |
288 | } | |
2b1aa198 RL |
289 | BN_set_negative(a, rand_neg()); |
290 | BN_set_negative(b, rand_neg()); | |
e2f50811 SL |
291 | if (!(TEST_true(BN_RECP_CTX_set(recp, b, ctx)) |
292 | && TEST_true(BN_div_recp(d, c, a, recp, ctx)) | |
293 | && TEST_true(BN_mul(e, d, b, ctx)) | |
294 | && TEST_true(BN_add(d, e, c)) | |
295 | && TEST_true(BN_sub(d, d, a)) | |
296 | && TEST_BN_eq_zero(d))) | |
30bea14b | 297 | goto err; |
0f113f3e | 298 | } |
30bea14b | 299 | st = 1; |
fe16ae5f | 300 | err: |
0f113f3e MC |
301 | BN_free(a); |
302 | BN_free(b); | |
303 | BN_free(c); | |
304 | BN_free(d); | |
305 | BN_free(e); | |
306 | BN_RECP_CTX_free(recp); | |
30bea14b | 307 | return st; |
0f113f3e | 308 | } |
d02b48c6 | 309 | |
105c8315 P |
310 | static struct { |
311 | int n, divisor, result, remainder; | |
312 | } signed_mod_tests[] = { | |
313 | { 10, 3, 3, 1 }, | |
314 | { -10, 3, -3, -1 }, | |
315 | { 10, -3, -3, 1 }, | |
316 | { -10, -3, 3, -1 }, | |
317 | }; | |
318 | ||
319 | static BIGNUM *set_signed_bn(int value) | |
320 | { | |
321 | BIGNUM *bn = BN_new(); | |
322 | ||
323 | if (bn == NULL) | |
324 | return NULL; | |
325 | if (!BN_set_word(bn, value < 0 ? -value : value)) { | |
326 | BN_free(bn); | |
327 | return NULL; | |
328 | } | |
329 | BN_set_negative(bn, value < 0); | |
330 | return bn; | |
331 | } | |
332 | ||
333 | static int test_signed_mod_replace_ab(int n) | |
334 | { | |
335 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; | |
336 | int st = 0; | |
337 | ||
338 | if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) | |
339 | || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) | |
340 | || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) | |
341 | || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) | |
342 | goto err; | |
343 | ||
344 | if (TEST_true(BN_div(a, b, a, b, ctx)) | |
345 | && TEST_BN_eq(a, c) | |
346 | && TEST_BN_eq(b, d)) | |
347 | st = 1; | |
348 | err: | |
349 | BN_free(a); | |
350 | BN_free(b); | |
351 | BN_free(c); | |
352 | BN_free(d); | |
353 | return st; | |
354 | } | |
355 | ||
356 | static int test_signed_mod_replace_ba(int n) | |
357 | { | |
358 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; | |
359 | int st = 0; | |
360 | ||
361 | if (!TEST_ptr(a = set_signed_bn(signed_mod_tests[n].n)) | |
362 | || !TEST_ptr(b = set_signed_bn(signed_mod_tests[n].divisor)) | |
363 | || !TEST_ptr(c = set_signed_bn(signed_mod_tests[n].result)) | |
364 | || !TEST_ptr(d = set_signed_bn(signed_mod_tests[n].remainder))) | |
365 | goto err; | |
366 | ||
367 | if (TEST_true(BN_div(b, a, a, b, ctx)) | |
368 | && TEST_BN_eq(b, c) | |
369 | && TEST_BN_eq(a, d)) | |
370 | st = 1; | |
371 | err: | |
372 | BN_free(a); | |
373 | BN_free(b); | |
374 | BN_free(c); | |
375 | BN_free(d); | |
376 | return st; | |
377 | } | |
378 | ||
31a80694 | 379 | static int test_mod(void) |
0f113f3e | 380 | { |
30bea14b RS |
381 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL; |
382 | int st = 0, i; | |
0f113f3e | 383 | |
30bea14b RS |
384 | if (!TEST_ptr(a = BN_new()) |
385 | || !TEST_ptr(b = BN_new()) | |
386 | || !TEST_ptr(c = BN_new()) | |
387 | || !TEST_ptr(d = BN_new()) | |
388 | || !TEST_ptr(e = BN_new())) | |
389 | goto err; | |
0f113f3e | 390 | |
e2f50811 SL |
391 | if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0)))) |
392 | goto err; | |
8d1ebff4 | 393 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
394 | if (!(TEST_true(BN_bntest_rand(b, 450 + i * 10, 0, 0)))) |
395 | goto err; | |
2b1aa198 RL |
396 | BN_set_negative(a, rand_neg()); |
397 | BN_set_negative(b, rand_neg()); | |
e2f50811 SL |
398 | if (!(TEST_true(BN_mod(c, a, b, ctx)) |
399 | && TEST_true(BN_div(d, e, a, b, ctx)) | |
105c8315 P |
400 | && TEST_BN_eq(e, c) |
401 | && TEST_true(BN_mul(c, d, b, ctx)) | |
402 | && TEST_true(BN_add(d, c, e)) | |
403 | && TEST_BN_eq(d, a))) | |
30bea14b | 404 | goto err; |
0f113f3e | 405 | } |
30bea14b | 406 | st = 1; |
fe16ae5f | 407 | err: |
0f113f3e MC |
408 | BN_free(a); |
409 | BN_free(b); | |
410 | BN_free(c); | |
411 | BN_free(d); | |
412 | BN_free(e); | |
30bea14b | 413 | return st; |
0f113f3e | 414 | } |
d02b48c6 | 415 | |
26a39fa9 RS |
416 | static const char *bn1strings[] = { |
417 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
418 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
419 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
420 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
421 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
422 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
423 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
424 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF00", | |
425 | "0000000000000000000000000000000000000000000000000000000000000000", | |
426 | "0000000000000000000000000000000000000000000000000000000000000000", | |
427 | "0000000000000000000000000000000000000000000000000000000000000000", | |
428 | "0000000000000000000000000000000000000000000000000000000000000000", | |
429 | "0000000000000000000000000000000000000000000000000000000000000000", | |
430 | "0000000000000000000000000000000000000000000000000000000000000000", | |
431 | "0000000000000000000000000000000000000000000000000000000000000000", | |
432 | "00000000000000000000000000000000000000000000000000FFFFFFFFFFFFFF", | |
433 | NULL | |
434 | }; | |
435 | ||
436 | static const char *bn2strings[] = { | |
437 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
438 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
439 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
440 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
441 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
442 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
443 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
444 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000FFFFFFFF0000000000", | |
445 | "0000000000000000000000000000000000000000000000000000000000000000", | |
446 | "0000000000000000000000000000000000000000000000000000000000000000", | |
447 | "0000000000000000000000000000000000000000000000000000000000000000", | |
448 | "0000000000000000000000000000000000000000000000000000000000000000", | |
449 | "0000000000000000000000000000000000000000000000000000000000000000", | |
450 | "0000000000000000000000000000000000000000000000000000000000000000", | |
451 | "0000000000000000000000000000000000000000000000000000000000000000", | |
452 | "000000000000000000000000000000000000000000FFFFFFFFFFFFFF00000000", | |
453 | NULL | |
454 | }; | |
455 | ||
8d1ebff4 RS |
456 | /* |
457 | * Test constant-time modular exponentiation with 1024-bit inputs, which on | |
458 | * x86_64 cause a different code branch to be taken. | |
459 | */ | |
31a80694 | 460 | static int test_modexp_mont5(void) |
0f113f3e | 461 | { |
30bea14b RS |
462 | BIGNUM *a = NULL, *p = NULL, *m = NULL, *d = NULL, *e = NULL; |
463 | BIGNUM *b = NULL, *n = NULL, *c = NULL; | |
464 | BN_MONT_CTX *mont = NULL; | |
30bea14b | 465 | int st = 0; |
0f113f3e | 466 | |
30bea14b RS |
467 | if (!TEST_ptr(a = BN_new()) |
468 | || !TEST_ptr(p = BN_new()) | |
469 | || !TEST_ptr(m = BN_new()) | |
470 | || !TEST_ptr(d = BN_new()) | |
471 | || !TEST_ptr(e = BN_new()) | |
472 | || !TEST_ptr(b = BN_new()) | |
473 | || !TEST_ptr(n = BN_new()) | |
474 | || !TEST_ptr(c = BN_new()) | |
475 | || !TEST_ptr(mont = BN_MONT_CTX_new())) | |
476 | goto err; | |
0f113f3e | 477 | |
e2f50811 SL |
478 | /* must be odd for montgomery */ |
479 | if (!(TEST_true(BN_bntest_rand(m, 1024, 0, 1)) | |
480 | /* Zero exponent */ | |
481 | && TEST_true(BN_bntest_rand(a, 1024, 0, 0)))) | |
482 | goto err; | |
8d1ebff4 | 483 | BN_zero(p); |
e2f50811 | 484 | |
30bea14b RS |
485 | if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))) |
486 | goto err; | |
dc352c19 | 487 | if (!TEST_BN_eq_one(d)) |
30bea14b | 488 | goto err; |
0f113f3e | 489 | |
8d1ebff4 | 490 | /* Regression test for carry bug in mulx4x_mont */ |
e2f50811 | 491 | if (!(TEST_true(BN_hex2bn(&a, |
8d1ebff4 RS |
492 | "7878787878787878787878787878787878787878787878787878787878787878" |
493 | "7878787878787878787878787878787878787878787878787878787878787878" | |
494 | "7878787878787878787878787878787878787878787878787878787878787878" | |
e2f50811 SL |
495 | "7878787878787878787878787878787878787878787878787878787878787878")) |
496 | && TEST_true(BN_hex2bn(&b, | |
8d1ebff4 RS |
497 | "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" |
498 | "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" | |
499 | "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" | |
e2f50811 SL |
500 | "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81")) |
501 | && TEST_true(BN_hex2bn(&n, | |
8d1ebff4 RS |
502 | "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" |
503 | "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" | |
504 | "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" | |
e2f50811 SL |
505 | "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF")))) |
506 | goto err; | |
507 | ||
508 | if (!(TEST_true(BN_MONT_CTX_set(mont, n, ctx)) | |
509 | && TEST_true(BN_mod_mul_montgomery(c, a, b, mont, ctx)) | |
510 | && TEST_true(BN_mod_mul_montgomery(d, b, a, mont, ctx)) | |
511 | && TEST_BN_eq(c, d))) | |
30bea14b | 512 | goto err; |
0f113f3e | 513 | |
3e7a4963 | 514 | /* Regression test for carry bug in sqr[x]8x_mont */ |
e2f50811 SL |
515 | if (!(TEST_true(parse_bigBN(&n, bn1strings)) |
516 | && TEST_true(parse_bigBN(&a, bn2strings)))) | |
517 | goto err; | |
26a39fa9 | 518 | BN_free(b); |
e2f50811 SL |
519 | if (!(TEST_ptr(b = BN_dup(a)) |
520 | && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) | |
521 | && TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx)) | |
522 | && TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) | |
523 | && TEST_BN_eq(c, d))) | |
30bea14b | 524 | goto err; |
3e7a4963 | 525 | |
420b88ce AP |
526 | /* Regression test for carry bug in bn_sqrx8x_internal */ |
527 | { | |
528 | static const char *ahex[] = { | |
529 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
530 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
531 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
532 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
533 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8FFEADBCFC4DAE7FFF908E92820306B", | |
534 | "9544D954000000006C0000000000000000000000000000000000000000000000", | |
535 | "00000000000000000000FF030202FFFFF8FFEBDBCFC4DAE7FFF908E92820306B", | |
536 | "9544D954000000006C000000FF0302030000000000FFFFFFFFFFFFFFFFFFFFFF", | |
537 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF01FC00FF02FFFFFFFF", | |
538 | "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FCFD", | |
539 | "FCFFFFFFFFFF000000000000000000FF0302030000000000FFFFFFFFFFFFFFFF", | |
540 | "FF00FCFDFDFF030202FF00000000FFFFFFFFFFFFFFFFFF00FCFDFCFFFFFFFFFF", | |
541 | NULL | |
4483fbae | 542 | }; |
420b88ce AP |
543 | static const char *nhex[] = { |
544 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
545 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
546 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
547 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
548 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8F8F8F8000000", | |
549 | "00000010000000006C0000000000000000000000000000000000000000000000", | |
550 | "00000000000000000000000000000000000000FFFFFFFFFFFFF8F8F8F8000000", | |
551 | "00000010000000006C000000000000000000000000FFFFFFFFFFFFFFFFFFFFFF", | |
552 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
553 | "00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
554 | "FFFFFFFFFFFF000000000000000000000000000000000000FFFFFFFFFFFFFFFF", | |
555 | "FFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", | |
556 | NULL | |
4483fbae F |
557 | }; |
558 | ||
e2f50811 SL |
559 | if (!(TEST_true(parse_bigBN(&a, ahex)) |
560 | && TEST_true(parse_bigBN(&n, nhex)))) | |
561 | goto err; | |
420b88ce AP |
562 | } |
563 | BN_free(b); | |
e2f50811 SL |
564 | if (!(TEST_ptr(b = BN_dup(a)) |
565 | && TEST_true(BN_MONT_CTX_set(mont, n, ctx)))) | |
566 | goto err; | |
567 | ||
f91e026e BE |
568 | if (!TEST_true(BN_mod_mul_montgomery(c, a, a, mont, ctx)) |
569 | || !TEST_true(BN_mod_mul_montgomery(d, a, b, mont, ctx)) | |
570 | || !TEST_BN_eq(c, d)) | |
571 | goto err; | |
572 | ||
573 | /* Regression test for bug in BN_from_montgomery_word */ | |
e2f50811 | 574 | if (!(TEST_true(BN_hex2bn(&a, |
f91e026e BE |
575 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
576 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
e2f50811 SL |
577 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) |
578 | && TEST_true(BN_hex2bn(&n, | |
f91e026e | 579 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
e2f50811 SL |
580 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")) |
581 | && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) | |
582 | && TEST_false(BN_mod_mul_montgomery(d, a, a, mont, ctx)))) | |
420b88ce AP |
583 | goto err; |
584 | ||
77d75993 | 585 | /* Regression test for bug in rsaz_1024_mul_avx2 */ |
e2f50811 | 586 | if (!(TEST_true(BN_hex2bn(&a, |
77d75993 AP |
587 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
588 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
589 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
e2f50811 SL |
590 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) |
591 | && TEST_true(BN_hex2bn(&b, | |
77d75993 AP |
592 | "2020202020202020202020202020202020202020202020202020202020202020" |
593 | "2020202020202020202020202020202020202020202020202020202020202020" | |
594 | "20202020202020FF202020202020202020202020202020202020202020202020" | |
e2f50811 SL |
595 | "2020202020202020202020202020202020202020202020202020202020202020")) |
596 | && TEST_true(BN_hex2bn(&n, | |
77d75993 AP |
597 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
598 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
599 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
e2f50811 SL |
600 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020FF")) |
601 | && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) | |
602 | && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)) | |
603 | && TEST_true(BN_mod_exp_mont(d, a, b, n, ctx, mont)) | |
604 | && TEST_BN_eq(c, d))) | |
77d75993 AP |
605 | goto err; |
606 | ||
3afd537a DB |
607 | /* |
608 | * rsaz_1024_mul_avx2 expects fully-reduced inputs. | |
609 | * BN_mod_exp_mont_consttime should reduce the input first. | |
610 | */ | |
e2f50811 | 611 | if (!(TEST_true(BN_hex2bn(&a, |
3afd537a DB |
612 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
613 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
614 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
e2f50811 SL |
615 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) |
616 | && TEST_true(BN_hex2bn(&b, | |
3afd537a DB |
617 | "1FA53F26F8811C58BE0357897AA5E165693230BC9DF5F01DFA6A2D59229EC69D" |
618 | "9DE6A89C36E3B6957B22D6FAAD5A3C73AE587B710DBE92E83D3A9A3339A085CB" | |
619 | "B58F508CA4F837924BB52CC1698B7FDC2FD74362456A595A5B58E38E38E38E38" | |
e2f50811 SL |
620 | "E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E38E")) |
621 | && TEST_true(BN_hex2bn(&n, | |
3afd537a DB |
622 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" |
623 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
624 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | |
e2f50811 SL |
625 | "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2020202020DF")) |
626 | && TEST_true(BN_MONT_CTX_set(mont, n, ctx)) | |
627 | && TEST_true(BN_mod_exp_mont_consttime(c, a, b, n, ctx, mont)))) | |
628 | goto err; | |
3afd537a DB |
629 | BN_zero(d); |
630 | if (!TEST_BN_eq(c, d)) | |
631 | goto err; | |
632 | ||
336923c0 BE |
633 | /* |
634 | * Regression test for overflow bug in bn_sqr_comba4/8 for | |
635 | * mips-linux-gnu and mipsel-linux-gnu 32bit targets. | |
636 | */ | |
637 | { | |
638 | static const char *ehex[] = { | |
639 | "95564994a96c45954227b845a1e99cb939d5a1da99ee91acc962396ae999a9ee", | |
640 | "38603790448f2f7694c242a875f0cad0aae658eba085f312d2febbbd128dd2b5", | |
641 | "8f7d1149f03724215d704344d0d62c587ae3c5939cba4b9b5f3dc5e8e911ef9a", | |
642 | "5ce1a5a749a4989d0d8368f6e1f8cdf3a362a6c97fb02047ff152b480a4ad985", | |
643 | "2d45efdf0770542992afca6a0590d52930434bba96017afbc9f99e112950a8b1", | |
644 | "a359473ec376f329bdae6a19f503be6d4be7393c4e43468831234e27e3838680", | |
645 | "b949390d2e416a3f9759e5349ab4c253f6f29f819a6fe4cbfd27ada34903300e", | |
646 | "da021f62839f5878a36f1bc3085375b00fd5fa3e68d316c0fdace87a97558465", | |
647 | NULL}; | |
648 | static const char *phex[] = { | |
649 | "f95dc0f980fbd22e90caa5a387cc4a369f3f830d50dd321c40db8c09a7e1a241", | |
650 | "a536e096622d3280c0c1ba849c1f4a79bf490f60006d081e8cf69960189f0d31", | |
651 | "2cd9e17073a3fba7881b21474a13b334116cb2f5dbf3189a6de3515d0840f053", | |
652 | "c776d3982d391b6d04d642dda5cc6d1640174c09875addb70595658f89efb439", | |
653 | "dc6fbd55f903aadd307982d3f659207f265e1ec6271b274521b7a5e28e8fd7a5", | |
654 | "5df089292820477802a43cf5b6b94e999e8c9944ddebb0d0e95a60f88cb7e813", | |
655 | "ba110d20e1024774107dd02949031864923b3cb8c3f7250d6d1287b0a40db6a4", | |
656 | "7bd5a469518eb65aa207ddc47d8c6e5fc8e0c105be8fc1d4b57b2e27540471d5", | |
657 | NULL}; | |
658 | static const char *mhex[] = { | |
659 | "fef15d5ce4625f1bccfbba49fc8439c72bf8202af039a2259678941b60bb4a8f", | |
660 | "2987e965d58fd8cf86a856674d519763d0e1211cc9f8596971050d56d9b35db3", | |
661 | "785866cfbca17cfdbed6060be3629d894f924a89fdc1efc624f80d41a22f1900", | |
662 | "9503fcc3824ef62ccb9208430c26f2d8ceb2c63488ec4c07437aa4c96c43dd8b", | |
663 | "9289ed00a712ff66ee195dc71f5e4ead02172b63c543d69baf495f5fd63ba7bc", | |
664 | "c633bd309c016e37736da92129d0b053d4ab28d21ad7d8b6fab2a8bbdc8ee647", | |
665 | "d2fbcf2cf426cf892e6f5639e0252993965dfb73ccd277407014ea784aaa280c", | |
666 | "b7b03972bc8b0baa72360bdb44b82415b86b2f260f877791cd33ba8f2d65229b", | |
667 | NULL}; | |
668 | ||
669 | if (!TEST_true(parse_bigBN(&e, ehex)) | |
670 | || !TEST_true(parse_bigBN(&p, phex)) | |
671 | || !TEST_true(parse_bigBN(&m, mhex)) | |
672 | || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) | |
673 | || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) | |
674 | || !TEST_BN_eq(a, d)) | |
675 | goto err; | |
676 | } | |
677 | ||
8d1ebff4 | 678 | /* Zero input */ |
e2f50811 SL |
679 | if (!TEST_true(BN_bntest_rand(p, 1024, 0, 0))) |
680 | goto err; | |
8d1ebff4 | 681 | BN_zero(a); |
30bea14b | 682 | if (!TEST_true(BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) |
dc352c19 | 683 | || !TEST_BN_eq_zero(d)) |
30bea14b RS |
684 | goto err; |
685 | ||
8d1ebff4 RS |
686 | /* |
687 | * Craft an input whose Montgomery representation is 1, i.e., shorter | |
688 | * than the modulus m, in order to test the const time precomputation | |
689 | * scattering/gathering. | |
690 | */ | |
e2f50811 SL |
691 | if (!(TEST_true(BN_one(a)) |
692 | && TEST_true(BN_MONT_CTX_set(mont, m, ctx)))) | |
693 | goto err; | |
30bea14b RS |
694 | if (!TEST_true(BN_from_montgomery(e, a, mont, ctx)) |
695 | || !TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) | |
696 | || !TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) | |
dc352c19 | 697 | || !TEST_BN_eq(a, d)) |
30bea14b RS |
698 | goto err; |
699 | ||
8d1ebff4 | 700 | /* Finally, some regular test vectors. */ |
e2f50811 SL |
701 | if (!(TEST_true(BN_bntest_rand(e, 1024, 0, 0)) |
702 | && TEST_true(BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL)) | |
703 | && TEST_true(BN_mod_exp_simple(a, e, p, m, ctx)) | |
704 | && TEST_BN_eq(a, d))) | |
30bea14b RS |
705 | goto err; |
706 | ||
707 | st = 1; | |
708 | ||
fe16ae5f | 709 | err: |
0f113f3e MC |
710 | BN_MONT_CTX_free(mont); |
711 | BN_free(a); | |
8d1ebff4 RS |
712 | BN_free(p); |
713 | BN_free(m); | |
0f113f3e | 714 | BN_free(d); |
8d1ebff4 RS |
715 | BN_free(e); |
716 | BN_free(b); | |
0f113f3e | 717 | BN_free(n); |
8d1ebff4 | 718 | BN_free(c); |
30bea14b | 719 | return st; |
0f113f3e | 720 | } |
d02b48c6 | 721 | |
8d1ebff4 | 722 | #ifndef OPENSSL_NO_EC2M |
31a80694 | 723 | static int test_gf2m_add(void) |
0f113f3e | 724 | { |
30bea14b | 725 | BIGNUM *a = NULL, *b = NULL, *c = NULL; |
8d1ebff4 | 726 | int i, st = 0; |
0f113f3e | 727 | |
30bea14b RS |
728 | if (!TEST_ptr(a = BN_new()) |
729 | || !TEST_ptr(b = BN_new()) | |
730 | || !TEST_ptr(c = BN_new())) | |
731 | goto err; | |
0f113f3e | 732 | |
8d1ebff4 | 733 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
734 | if (!(TEST_true(BN_rand(a, 512, 0, 0)) |
735 | && TEST_ptr(BN_copy(b, BN_value_one())))) | |
736 | goto err; | |
2b1aa198 RL |
737 | BN_set_negative(a, rand_neg()); |
738 | BN_set_negative(b, rand_neg()); | |
e2f50811 SL |
739 | if (!(TEST_true(BN_GF2m_add(c, a, b)) |
740 | /* Test that two added values have the correct parity. */ | |
741 | && TEST_false((BN_is_odd(a) && BN_is_odd(c)) | |
742 | || (!BN_is_odd(a) && !BN_is_odd(c))))) | |
8d1ebff4 | 743 | goto err; |
e2f50811 SL |
744 | if (!(TEST_true(BN_GF2m_add(c, c, c)) |
745 | /* Test that c + c = 0. */ | |
746 | && TEST_BN_eq_zero(c))) | |
8d1ebff4 | 747 | goto err; |
0f113f3e | 748 | } |
8d1ebff4 RS |
749 | st = 1; |
750 | err: | |
0f113f3e MC |
751 | BN_free(a); |
752 | BN_free(b); | |
753 | BN_free(c); | |
8d1ebff4 | 754 | return st; |
0f113f3e | 755 | } |
d02b48c6 | 756 | |
31a80694 | 757 | static int test_gf2m_mod(void) |
0f113f3e | 758 | { |
1287dabd | 759 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL, *e = NULL; |
8d1ebff4 | 760 | int i, j, st = 0; |
0f113f3e | 761 | |
30bea14b RS |
762 | if (!TEST_ptr(a = BN_new()) |
763 | || !TEST_ptr(b[0] = BN_new()) | |
764 | || !TEST_ptr(b[1] = BN_new()) | |
765 | || !TEST_ptr(c = BN_new()) | |
766 | || !TEST_ptr(d = BN_new()) | |
767 | || !TEST_ptr(e = BN_new())) | |
768 | goto err; | |
0f113f3e | 769 | |
e2f50811 SL |
770 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
771 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
772 | goto err; | |
0f113f3e | 773 | |
8d1ebff4 | 774 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
775 | if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0))) |
776 | goto err; | |
8d1ebff4 | 777 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
778 | if (!(TEST_true(BN_GF2m_mod(c, a, b[j])) |
779 | && TEST_true(BN_GF2m_add(d, a, c)) | |
780 | && TEST_true(BN_GF2m_mod(e, d, b[j])) | |
781 | /* Test that a + (a mod p) mod p == 0. */ | |
782 | && TEST_BN_eq_zero(e))) | |
8d1ebff4 | 783 | goto err; |
0f113f3e MC |
784 | } |
785 | } | |
8d1ebff4 RS |
786 | st = 1; |
787 | err: | |
0f113f3e | 788 | BN_free(a); |
8d1ebff4 RS |
789 | BN_free(b[0]); |
790 | BN_free(b[1]); | |
0f113f3e MC |
791 | BN_free(c); |
792 | BN_free(d); | |
793 | BN_free(e); | |
8d1ebff4 | 794 | return st; |
0f113f3e | 795 | } |
d02b48c6 | 796 | |
31a80694 | 797 | static int test_gf2m_mul(void) |
0f113f3e | 798 | { |
30bea14b RS |
799 | BIGNUM *a, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
800 | BIGNUM *e = NULL, *f = NULL, *g = NULL, *h = NULL; | |
8d1ebff4 | 801 | int i, j, st = 0; |
30bea14b RS |
802 | |
803 | if (!TEST_ptr(a = BN_new()) | |
804 | || !TEST_ptr(b[0] = BN_new()) | |
805 | || !TEST_ptr(b[1] = BN_new()) | |
806 | || !TEST_ptr(c = BN_new()) | |
807 | || !TEST_ptr(d = BN_new()) | |
808 | || !TEST_ptr(e = BN_new()) | |
809 | || !TEST_ptr(f = BN_new()) | |
810 | || !TEST_ptr(g = BN_new()) | |
811 | || !TEST_ptr(h = BN_new())) | |
812 | goto err; | |
0f113f3e | 813 | |
e2f50811 SL |
814 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
815 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
816 | goto err; | |
0f113f3e | 817 | |
8d1ebff4 | 818 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
819 | if (!(TEST_true(BN_bntest_rand(a, 1024, 0, 0)) |
820 | && TEST_true(BN_bntest_rand(c, 1024, 0, 0)) | |
821 | && TEST_true(BN_bntest_rand(d, 1024, 0, 0)))) | |
822 | goto err; | |
8d1ebff4 | 823 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
824 | if (!(TEST_true(BN_GF2m_mod_mul(e, a, c, b[j], ctx)) |
825 | && TEST_true(BN_GF2m_add(f, a, d)) | |
826 | && TEST_true(BN_GF2m_mod_mul(g, f, c, b[j], ctx)) | |
827 | && TEST_true(BN_GF2m_mod_mul(h, d, c, b[j], ctx)) | |
828 | && TEST_true(BN_GF2m_add(f, e, g)) | |
829 | && TEST_true(BN_GF2m_add(f, f, h)) | |
830 | /* Test that (a+d)*c = a*c + d*c. */ | |
831 | && TEST_BN_eq_zero(f))) | |
8d1ebff4 | 832 | goto err; |
0f113f3e | 833 | } |
29851264 | 834 | } |
8d1ebff4 | 835 | st = 1; |
30bea14b | 836 | |
8d1ebff4 | 837 | err: |
0f113f3e | 838 | BN_free(a); |
8d1ebff4 RS |
839 | BN_free(b[0]); |
840 | BN_free(b[1]); | |
0f113f3e MC |
841 | BN_free(c); |
842 | BN_free(d); | |
843 | BN_free(e); | |
8d1ebff4 RS |
844 | BN_free(f); |
845 | BN_free(g); | |
846 | BN_free(h); | |
847 | return st; | |
0f113f3e | 848 | } |
d02b48c6 | 849 | |
31a80694 | 850 | static int test_gf2m_sqr(void) |
0f113f3e | 851 | { |
1287dabd | 852 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
8d1ebff4 | 853 | int i, j, st = 0; |
0f113f3e | 854 | |
30bea14b RS |
855 | if (!TEST_ptr(a = BN_new()) |
856 | || !TEST_ptr(b[0] = BN_new()) | |
857 | || !TEST_ptr(b[1] = BN_new()) | |
858 | || !TEST_ptr(c = BN_new()) | |
859 | || !TEST_ptr(d = BN_new())) | |
860 | goto err; | |
a9009e51 | 861 | |
e2f50811 SL |
862 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
863 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
864 | goto err; | |
0f113f3e | 865 | |
8d1ebff4 | 866 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
867 | if (!TEST_true(BN_bntest_rand(a, 1024, 0, 0))) |
868 | goto err; | |
8d1ebff4 | 869 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
870 | if (!(TEST_true(BN_GF2m_mod_sqr(c, a, b[j], ctx)) |
871 | && TEST_true(BN_copy(d, a)) | |
872 | && TEST_true(BN_GF2m_mod_mul(d, a, d, b[j], ctx)) | |
873 | && TEST_true(BN_GF2m_add(d, c, d)) | |
874 | /* Test that a*a = a^2. */ | |
875 | && TEST_BN_eq_zero(d))) | |
8d1ebff4 | 876 | goto err; |
0f113f3e MC |
877 | } |
878 | } | |
8d1ebff4 RS |
879 | st = 1; |
880 | err: | |
0f113f3e | 881 | BN_free(a); |
8d1ebff4 RS |
882 | BN_free(b[0]); |
883 | BN_free(b[1]); | |
0f113f3e MC |
884 | BN_free(c); |
885 | BN_free(d); | |
8d1ebff4 | 886 | return st; |
0f113f3e MC |
887 | } |
888 | ||
31a80694 | 889 | static int test_gf2m_modinv(void) |
0f113f3e | 890 | { |
1287dabd | 891 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
8d1ebff4 | 892 | int i, j, st = 0; |
0f113f3e | 893 | |
30bea14b RS |
894 | if (!TEST_ptr(a = BN_new()) |
895 | || !TEST_ptr(b[0] = BN_new()) | |
896 | || !TEST_ptr(b[1] = BN_new()) | |
897 | || !TEST_ptr(c = BN_new()) | |
898 | || !TEST_ptr(d = BN_new())) | |
899 | goto err; | |
0f113f3e | 900 | |
e2f50811 SL |
901 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
902 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
903 | goto err; | |
0f113f3e | 904 | |
8d1ebff4 | 905 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
906 | if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) |
907 | goto err; | |
0f113f3e | 908 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
909 | if (!(TEST_true(BN_GF2m_mod_inv(c, a, b[j], ctx)) |
910 | && TEST_true(BN_GF2m_mod_mul(d, a, c, b[j], ctx)) | |
911 | /* Test that ((1/a)*a) = 1. */ | |
912 | && TEST_BN_eq_one(d))) | |
0f113f3e | 913 | goto err; |
0f113f3e MC |
914 | } |
915 | } | |
8d1ebff4 | 916 | st = 1; |
0f113f3e MC |
917 | err: |
918 | BN_free(a); | |
919 | BN_free(b[0]); | |
920 | BN_free(b[1]); | |
921 | BN_free(c); | |
922 | BN_free(d); | |
8d1ebff4 | 923 | return st; |
0f113f3e MC |
924 | } |
925 | ||
31a80694 | 926 | static int test_gf2m_moddiv(void) |
0f113f3e | 927 | { |
1287dabd | 928 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
30bea14b | 929 | BIGNUM *e = NULL, *f = NULL; |
8d1ebff4 | 930 | int i, j, st = 0; |
0f113f3e | 931 | |
30bea14b RS |
932 | if (!TEST_ptr(a = BN_new()) |
933 | || !TEST_ptr(b[0] = BN_new()) | |
934 | || !TEST_ptr(b[1] = BN_new()) | |
935 | || !TEST_ptr(c = BN_new()) | |
936 | || !TEST_ptr(d = BN_new()) | |
937 | || !TEST_ptr(e = BN_new()) | |
938 | || !TEST_ptr(f = BN_new())) | |
939 | goto err; | |
0f113f3e | 940 | |
e2f50811 SL |
941 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
942 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
943 | goto err; | |
0f113f3e | 944 | |
8d1ebff4 | 945 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
946 | if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0)) |
947 | && TEST_true(BN_bntest_rand(c, 512, 0, 0)))) | |
948 | goto err; | |
0f113f3e | 949 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
950 | if (!(TEST_true(BN_GF2m_mod_div(d, a, c, b[j], ctx)) |
951 | && TEST_true(BN_GF2m_mod_mul(e, d, c, b[j], ctx)) | |
952 | && TEST_true(BN_GF2m_mod_div(f, a, e, b[j], ctx)) | |
953 | /* Test that ((a/c)*c)/a = 1. */ | |
954 | && TEST_BN_eq_one(f))) | |
0f113f3e | 955 | goto err; |
0f113f3e MC |
956 | } |
957 | } | |
8d1ebff4 | 958 | st = 1; |
0f113f3e MC |
959 | err: |
960 | BN_free(a); | |
961 | BN_free(b[0]); | |
962 | BN_free(b[1]); | |
963 | BN_free(c); | |
964 | BN_free(d); | |
965 | BN_free(e); | |
966 | BN_free(f); | |
8d1ebff4 | 967 | return st; |
0f113f3e MC |
968 | } |
969 | ||
31a80694 | 970 | static int test_gf2m_modexp(void) |
0f113f3e | 971 | { |
1287dabd | 972 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
30bea14b | 973 | BIGNUM *e = NULL, *f = NULL; |
8d1ebff4 | 974 | int i, j, st = 0; |
0f113f3e | 975 | |
30bea14b RS |
976 | if (!TEST_ptr(a = BN_new()) |
977 | || !TEST_ptr(b[0] = BN_new()) | |
978 | || !TEST_ptr(b[1] = BN_new()) | |
979 | || !TEST_ptr(c = BN_new()) | |
980 | || !TEST_ptr(d = BN_new()) | |
981 | || !TEST_ptr(e = BN_new()) | |
982 | || !TEST_ptr(f = BN_new())) | |
983 | goto err; | |
0f113f3e | 984 | |
e2f50811 SL |
985 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
986 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
987 | goto err; | |
0f113f3e | 988 | |
8d1ebff4 | 989 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
990 | if (!(TEST_true(BN_bntest_rand(a, 512, 0, 0)) |
991 | && TEST_true(BN_bntest_rand(c, 512, 0, 0)) | |
992 | && TEST_true(BN_bntest_rand(d, 512, 0, 0)))) | |
993 | goto err; | |
0f113f3e | 994 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
995 | if (!(TEST_true(BN_GF2m_mod_exp(e, a, c, b[j], ctx)) |
996 | && TEST_true(BN_GF2m_mod_exp(f, a, d, b[j], ctx)) | |
997 | && TEST_true(BN_GF2m_mod_mul(e, e, f, b[j], ctx)) | |
998 | && TEST_true(BN_add(f, c, d)) | |
999 | && TEST_true(BN_GF2m_mod_exp(f, a, f, b[j], ctx)) | |
1000 | && TEST_true(BN_GF2m_add(f, e, f)) | |
1001 | /* Test that a^(c+d)=a^c*a^d. */ | |
1002 | && TEST_BN_eq_zero(f))) | |
0f113f3e | 1003 | goto err; |
0f113f3e MC |
1004 | } |
1005 | } | |
8d1ebff4 | 1006 | st = 1; |
0f113f3e MC |
1007 | err: |
1008 | BN_free(a); | |
1009 | BN_free(b[0]); | |
1010 | BN_free(b[1]); | |
1011 | BN_free(c); | |
1012 | BN_free(d); | |
1013 | BN_free(e); | |
1014 | BN_free(f); | |
8d1ebff4 | 1015 | return st; |
0f113f3e MC |
1016 | } |
1017 | ||
31a80694 | 1018 | static int test_gf2m_modsqrt(void) |
0f113f3e | 1019 | { |
1287dabd | 1020 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
30bea14b | 1021 | BIGNUM *e = NULL, *f = NULL; |
8d1ebff4 | 1022 | int i, j, st = 0; |
0f113f3e | 1023 | |
30bea14b RS |
1024 | if (!TEST_ptr(a = BN_new()) |
1025 | || !TEST_ptr(b[0] = BN_new()) | |
1026 | || !TEST_ptr(b[1] = BN_new()) | |
1027 | || !TEST_ptr(c = BN_new()) | |
1028 | || !TEST_ptr(d = BN_new()) | |
1029 | || !TEST_ptr(e = BN_new()) | |
1030 | || !TEST_ptr(f = BN_new())) | |
1031 | goto err; | |
0f113f3e | 1032 | |
e2f50811 SL |
1033 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
1034 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
1035 | goto err; | |
0f113f3e | 1036 | |
8d1ebff4 | 1037 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
1038 | if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) |
1039 | goto err; | |
1040 | ||
0f113f3e | 1041 | for (j = 0; j < 2; j++) { |
e2f50811 SL |
1042 | if (!(TEST_true(BN_GF2m_mod(c, a, b[j])) |
1043 | && TEST_true(BN_GF2m_mod_sqrt(d, a, b[j], ctx)) | |
1044 | && TEST_true(BN_GF2m_mod_sqr(e, d, b[j], ctx)) | |
1045 | && TEST_true(BN_GF2m_add(f, c, e)) | |
1046 | /* Test that d^2 = a, where d = sqrt(a). */ | |
1047 | && TEST_BN_eq_zero(f))) | |
0f113f3e | 1048 | goto err; |
0f113f3e MC |
1049 | } |
1050 | } | |
8d1ebff4 | 1051 | st = 1; |
0f113f3e MC |
1052 | err: |
1053 | BN_free(a); | |
1054 | BN_free(b[0]); | |
1055 | BN_free(b[1]); | |
1056 | BN_free(c); | |
1057 | BN_free(d); | |
1058 | BN_free(e); | |
1059 | BN_free(f); | |
8d1ebff4 | 1060 | return st; |
0f113f3e MC |
1061 | } |
1062 | ||
31a80694 | 1063 | static int test_gf2m_modsolvequad(void) |
0f113f3e | 1064 | { |
1287dabd | 1065 | BIGNUM *a = NULL, *b[2] = {NULL, NULL}, *c = NULL, *d = NULL; |
30bea14b | 1066 | BIGNUM *e = NULL; |
8d1ebff4 | 1067 | int i, j, s = 0, t, st = 0; |
0f113f3e | 1068 | |
30bea14b RS |
1069 | if (!TEST_ptr(a = BN_new()) |
1070 | || !TEST_ptr(b[0] = BN_new()) | |
1071 | || !TEST_ptr(b[1] = BN_new()) | |
1072 | || !TEST_ptr(c = BN_new()) | |
1073 | || !TEST_ptr(d = BN_new()) | |
1074 | || !TEST_ptr(e = BN_new())) | |
1075 | goto err; | |
0f113f3e | 1076 | |
e2f50811 SL |
1077 | if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) |
1078 | && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) | |
1079 | goto err; | |
0f113f3e | 1080 | |
8d1ebff4 | 1081 | for (i = 0; i < NUM0; i++) { |
e2f50811 SL |
1082 | if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) |
1083 | goto err; | |
0f113f3e MC |
1084 | for (j = 0; j < 2; j++) { |
1085 | t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx); | |
1086 | if (t) { | |
1087 | s++; | |
e2f50811 SL |
1088 | if (!(TEST_true(BN_GF2m_mod_sqr(d, c, b[j], ctx)) |
1089 | && TEST_true(BN_GF2m_add(d, c, d)) | |
1090 | && TEST_true(BN_GF2m_mod(e, a, b[j])) | |
1091 | && TEST_true(BN_GF2m_add(e, e, d)) | |
1092 | /* | |
1093 | * Test that solution of quadratic c | |
1094 | * satisfies c^2 + c = a. | |
1095 | */ | |
1096 | && TEST_BN_eq_zero(e))) | |
0f113f3e | 1097 | goto err; |
0f113f3e MC |
1098 | } |
1099 | } | |
1100 | } | |
30bea14b RS |
1101 | if (!TEST_int_ge(s, 0)) { |
1102 | TEST_info("%d tests found no roots; probably an error", NUM0); | |
0f113f3e MC |
1103 | goto err; |
1104 | } | |
8d1ebff4 | 1105 | st = 1; |
0f113f3e MC |
1106 | err: |
1107 | BN_free(a); | |
1108 | BN_free(b[0]); | |
1109 | BN_free(b[1]); | |
1110 | BN_free(c); | |
1111 | BN_free(d); | |
1112 | BN_free(e); | |
8d1ebff4 | 1113 | return st; |
0f113f3e | 1114 | } |
b3310161 | 1115 | #endif |
8d1ebff4 | 1116 | |
31a80694 | 1117 | static int test_kronecker(void) |
0f113f3e | 1118 | { |
30bea14b RS |
1119 | BIGNUM *a = NULL, *b = NULL, *r = NULL, *t = NULL; |
1120 | int i, legendre, kronecker, st = 0; | |
8d1ebff4 | 1121 | |
30bea14b RS |
1122 | if (!TEST_ptr(a = BN_new()) |
1123 | || !TEST_ptr(b = BN_new()) | |
1124 | || !TEST_ptr(r = BN_new()) | |
1125 | || !TEST_ptr(t = BN_new())) | |
8d1ebff4 RS |
1126 | goto err; |
1127 | ||
1128 | /* | |
1129 | * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In | |
1130 | * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is | |
1131 | * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we | |
1132 | * generate a random prime b and compare these values for a number of | |
1133 | * random a's. (That is, we run the Solovay-Strassen primality test to | |
1134 | * confirm that b is prime, except that we don't want to test whether b | |
1135 | * is prime but whether BN_kronecker works.) | |
1136 | */ | |
1137 | ||
30bea14b | 1138 | if (!TEST_true(BN_generate_prime_ex(b, 512, 0, NULL, NULL, NULL))) |
8d1ebff4 | 1139 | goto err; |
2b1aa198 | 1140 | BN_set_negative(b, rand_neg()); |
8d1ebff4 RS |
1141 | |
1142 | for (i = 0; i < NUM0; i++) { | |
30bea14b | 1143 | if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) |
8d1ebff4 | 1144 | goto err; |
2b1aa198 | 1145 | BN_set_negative(a, rand_neg()); |
8d1ebff4 RS |
1146 | |
1147 | /* t := (|b|-1)/2 (note that b is odd) */ | |
30bea14b | 1148 | if (!TEST_true(BN_copy(t, b))) |
8d1ebff4 | 1149 | goto err; |
2b1aa198 | 1150 | BN_set_negative(t, 0); |
30bea14b | 1151 | if (!TEST_true(BN_sub_word(t, 1))) |
8d1ebff4 | 1152 | goto err; |
30bea14b | 1153 | if (!TEST_true(BN_rshift1(t, t))) |
8d1ebff4 RS |
1154 | goto err; |
1155 | /* r := a^t mod b */ | |
2b1aa198 | 1156 | BN_set_negative(b, 0); |
8d1ebff4 | 1157 | |
30bea14b | 1158 | if (!TEST_true(BN_mod_exp_recp(r, a, t, b, ctx))) |
8d1ebff4 | 1159 | goto err; |
2b1aa198 | 1160 | BN_set_negative(b, 1); |
8d1ebff4 RS |
1161 | |
1162 | if (BN_is_word(r, 1)) | |
1163 | legendre = 1; | |
1164 | else if (BN_is_zero(r)) | |
1165 | legendre = 0; | |
1166 | else { | |
30bea14b | 1167 | if (!TEST_true(BN_add_word(r, 1))) |
8d1ebff4 | 1168 | goto err; |
30bea14b RS |
1169 | if (!TEST_int_eq(BN_ucmp(r, b), 0)) { |
1170 | TEST_info("Legendre symbol computation failed"); | |
8d1ebff4 RS |
1171 | goto err; |
1172 | } | |
1173 | legendre = -1; | |
1174 | } | |
1175 | ||
30bea14b | 1176 | if (!TEST_int_ge(kronecker = BN_kronecker(a, b, ctx), -1)) |
8d1ebff4 RS |
1177 | goto err; |
1178 | /* we actually need BN_kronecker(a, |b|) */ | |
2b1aa198 | 1179 | if (BN_is_negative(a) && BN_is_negative(b)) |
8d1ebff4 RS |
1180 | kronecker = -kronecker; |
1181 | ||
30bea14b | 1182 | if (!TEST_int_eq(legendre, kronecker)) |
8d1ebff4 | 1183 | goto err; |
8d1ebff4 RS |
1184 | } |
1185 | ||
1186 | st = 1; | |
1187 | err: | |
1188 | BN_free(a); | |
1189 | BN_free(b); | |
1190 | BN_free(r); | |
1191 | BN_free(t); | |
1192 | return st; | |
1193 | } | |
1194 | ||
1195 | static int file_sum(STANZA *s) | |
1196 | { | |
30bea14b | 1197 | BIGNUM *a = NULL, *b = NULL, *sum = NULL, *ret = NULL; |
8d1ebff4 RS |
1198 | BN_ULONG b_word; |
1199 | int st = 0; | |
1200 | ||
30bea14b RS |
1201 | if (!TEST_ptr(a = getBN(s, "A")) |
1202 | || !TEST_ptr(b = getBN(s, "B")) | |
1203 | || !TEST_ptr(sum = getBN(s, "Sum")) | |
1204 | || !TEST_ptr(ret = BN_new())) | |
8d1ebff4 RS |
1205 | goto err; |
1206 | ||
30bea14b | 1207 | if (!TEST_true(BN_add(ret, a, b)) |
8d1ebff4 | 1208 | || !equalBN("A + B", sum, ret) |
30bea14b | 1209 | || !TEST_true(BN_sub(ret, sum, a)) |
8d1ebff4 | 1210 | || !equalBN("Sum - A", b, ret) |
30bea14b | 1211 | || !TEST_true(BN_sub(ret, sum, b)) |
8d1ebff4 RS |
1212 | || !equalBN("Sum - B", a, ret)) |
1213 | goto err; | |
1214 | ||
1215 | /* | |
1216 | * Test that the functions work when |r| and |a| point to the same BIGNUM, | |
1217 | * or when |r| and |b| point to the same BIGNUM. | |
fd009d76 | 1218 | * There is no test for all of |r|, |a|, and |b| pointint to the same BIGNUM. |
8d1ebff4 | 1219 | */ |
30bea14b RS |
1220 | if (!TEST_true(BN_copy(ret, a)) |
1221 | || !TEST_true(BN_add(ret, ret, b)) | |
8d1ebff4 | 1222 | || !equalBN("A + B (r is a)", sum, ret) |
30bea14b RS |
1223 | || !TEST_true(BN_copy(ret, b)) |
1224 | || !TEST_true(BN_add(ret, a, ret)) | |
8d1ebff4 | 1225 | || !equalBN("A + B (r is b)", sum, ret) |
30bea14b RS |
1226 | || !TEST_true(BN_copy(ret, sum)) |
1227 | || !TEST_true(BN_sub(ret, ret, a)) | |
8d1ebff4 | 1228 | || !equalBN("Sum - A (r is a)", b, ret) |
30bea14b RS |
1229 | || !TEST_true(BN_copy(ret, a)) |
1230 | || !TEST_true(BN_sub(ret, sum, ret)) | |
8d1ebff4 | 1231 | || !equalBN("Sum - A (r is b)", b, ret) |
30bea14b RS |
1232 | || !TEST_true(BN_copy(ret, sum)) |
1233 | || !TEST_true(BN_sub(ret, ret, b)) | |
8d1ebff4 | 1234 | || !equalBN("Sum - B (r is a)", a, ret) |
30bea14b RS |
1235 | || !TEST_true(BN_copy(ret, b)) |
1236 | || !TEST_true(BN_sub(ret, sum, ret)) | |
8d1ebff4 RS |
1237 | || !equalBN("Sum - B (r is b)", a, ret)) |
1238 | goto err; | |
1239 | ||
1240 | /* | |
1241 | * Test BN_uadd() and BN_usub() with the prerequisites they are | |
1242 | * documented as having. Note that these functions are frequently used | |
1243 | * when the prerequisites don't hold. In those cases, they are supposed | |
1244 | * to work as if the prerequisite hold, but we don't test that yet. | |
8d1ebff4 RS |
1245 | */ |
1246 | if (!BN_is_negative(a) && !BN_is_negative(b) && BN_cmp(a, b) >= 0) { | |
30bea14b | 1247 | if (!TEST_true(BN_uadd(ret, a, b)) |
8d1ebff4 | 1248 | || !equalBN("A +u B", sum, ret) |
30bea14b | 1249 | || !TEST_true(BN_usub(ret, sum, a)) |
8d1ebff4 | 1250 | || !equalBN("Sum -u A", b, ret) |
30bea14b | 1251 | || !TEST_true(BN_usub(ret, sum, b)) |
8d1ebff4 RS |
1252 | || !equalBN("Sum -u B", a, ret)) |
1253 | goto err; | |
1254 | /* | |
1255 | * Test that the functions work when |r| and |a| point to the same | |
1256 | * BIGNUM, or when |r| and |b| point to the same BIGNUM. | |
fd009d76 P |
1257 | * There is no test for all of |r|, |a|, and |b| pointint to the same |
1258 | * BIGNUM. | |
8d1ebff4 | 1259 | */ |
30bea14b RS |
1260 | if (!TEST_true(BN_copy(ret, a)) |
1261 | || !TEST_true(BN_uadd(ret, ret, b)) | |
8d1ebff4 | 1262 | || !equalBN("A +u B (r is a)", sum, ret) |
30bea14b RS |
1263 | || !TEST_true(BN_copy(ret, b)) |
1264 | || !TEST_true(BN_uadd(ret, a, ret)) | |
8d1ebff4 | 1265 | || !equalBN("A +u B (r is b)", sum, ret) |
30bea14b RS |
1266 | || !TEST_true(BN_copy(ret, sum)) |
1267 | || !TEST_true(BN_usub(ret, ret, a)) | |
8d1ebff4 | 1268 | || !equalBN("Sum -u A (r is a)", b, ret) |
30bea14b RS |
1269 | || !TEST_true(BN_copy(ret, a)) |
1270 | || !TEST_true(BN_usub(ret, sum, ret)) | |
8d1ebff4 | 1271 | || !equalBN("Sum -u A (r is b)", b, ret) |
30bea14b RS |
1272 | || !TEST_true(BN_copy(ret, sum)) |
1273 | || !TEST_true(BN_usub(ret, ret, b)) | |
8d1ebff4 | 1274 | || !equalBN("Sum -u B (r is a)", a, ret) |
30bea14b RS |
1275 | || !TEST_true(BN_copy(ret, b)) |
1276 | || !TEST_true(BN_usub(ret, sum, ret)) | |
8d1ebff4 RS |
1277 | || !equalBN("Sum -u B (r is b)", a, ret)) |
1278 | goto err; | |
1279 | } | |
1280 | ||
1281 | /* | |
1282 | * Test with BN_add_word() and BN_sub_word() if |b| is small enough. | |
1283 | */ | |
1284 | b_word = BN_get_word(b); | |
1285 | if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { | |
30bea14b RS |
1286 | if (!TEST_true(BN_copy(ret, a)) |
1287 | || !TEST_true(BN_add_word(ret, b_word)) | |
8d1ebff4 | 1288 | || !equalBN("A + B (word)", sum, ret) |
30bea14b RS |
1289 | || !TEST_true(BN_copy(ret, sum)) |
1290 | || !TEST_true(BN_sub_word(ret, b_word)) | |
8d1ebff4 RS |
1291 | || !equalBN("Sum - B (word)", a, ret)) |
1292 | goto err; | |
1293 | } | |
1294 | st = 1; | |
1295 | ||
fe16ae5f | 1296 | err: |
8d1ebff4 RS |
1297 | BN_free(a); |
1298 | BN_free(b); | |
1299 | BN_free(sum); | |
1300 | BN_free(ret); | |
1301 | return st; | |
1302 | } | |
1303 | ||
1304 | static int file_lshift1(STANZA *s) | |
1305 | { | |
30bea14b RS |
1306 | BIGNUM *a = NULL, *lshift1 = NULL, *zero = NULL, *ret = NULL; |
1307 | BIGNUM *two = NULL, *remainder = NULL; | |
8d1ebff4 RS |
1308 | int st = 0; |
1309 | ||
30bea14b RS |
1310 | if (!TEST_ptr(a = getBN(s, "A")) |
1311 | || !TEST_ptr(lshift1 = getBN(s, "LShift1")) | |
1312 | || !TEST_ptr(zero = BN_new()) | |
1313 | || !TEST_ptr(ret = BN_new()) | |
1314 | || !TEST_ptr(two = BN_new()) | |
1315 | || !TEST_ptr(remainder = BN_new())) | |
8d1ebff4 RS |
1316 | goto err; |
1317 | ||
1318 | BN_zero(zero); | |
1319 | ||
30bea14b RS |
1320 | if (!TEST_true(BN_set_word(two, 2)) |
1321 | || !TEST_true(BN_add(ret, a, a)) | |
8d1ebff4 | 1322 | || !equalBN("A + A", lshift1, ret) |
30bea14b | 1323 | || !TEST_true(BN_mul(ret, a, two, ctx)) |
8d1ebff4 | 1324 | || !equalBN("A * 2", lshift1, ret) |
30bea14b | 1325 | || !TEST_true(BN_div(ret, remainder, lshift1, two, ctx)) |
8d1ebff4 RS |
1326 | || !equalBN("LShift1 / 2", a, ret) |
1327 | || !equalBN("LShift1 % 2", zero, remainder) | |
30bea14b | 1328 | || !TEST_true(BN_lshift1(ret, a)) |
8d1ebff4 | 1329 | || !equalBN("A << 1", lshift1, ret) |
30bea14b | 1330 | || !TEST_true(BN_rshift1(ret, lshift1)) |
8d1ebff4 | 1331 | || !equalBN("LShift >> 1", a, ret) |
30bea14b | 1332 | || !TEST_true(BN_rshift1(ret, lshift1)) |
8d1ebff4 RS |
1333 | || !equalBN("LShift >> 1", a, ret)) |
1334 | goto err; | |
1335 | ||
1336 | /* Set the LSB to 1 and test rshift1 again. */ | |
30bea14b RS |
1337 | if (!TEST_true(BN_set_bit(lshift1, 0)) |
1338 | || !TEST_true(BN_div(ret, NULL /* rem */ , lshift1, two, ctx)) | |
8d1ebff4 | 1339 | || !equalBN("(LShift1 | 1) / 2", a, ret) |
30bea14b | 1340 | || !TEST_true(BN_rshift1(ret, lshift1)) |
8d1ebff4 RS |
1341 | || !equalBN("(LShift | 1) >> 1", a, ret)) |
1342 | goto err; | |
1343 | ||
1344 | st = 1; | |
fe16ae5f | 1345 | err: |
8d1ebff4 RS |
1346 | BN_free(a); |
1347 | BN_free(lshift1); | |
1348 | BN_free(zero); | |
1349 | BN_free(ret); | |
1350 | BN_free(two); | |
1351 | BN_free(remainder); | |
1352 | ||
1353 | return st; | |
1354 | } | |
1355 | ||
1356 | static int file_lshift(STANZA *s) | |
1357 | { | |
30bea14b RS |
1358 | BIGNUM *a = NULL, *lshift = NULL, *ret = NULL; |
1359 | int n = 0, st = 0; | |
8d1ebff4 | 1360 | |
30bea14b RS |
1361 | if (!TEST_ptr(a = getBN(s, "A")) |
1362 | || !TEST_ptr(lshift = getBN(s, "LShift")) | |
83ccead4 MC |
1363 | || !TEST_ptr(ret = BN_new()) |
1364 | || !getint(s, &n, "N")) | |
1365 | goto err; | |
8d1ebff4 | 1366 | |
30bea14b | 1367 | if (!TEST_true(BN_lshift(ret, a, n)) |
8d1ebff4 | 1368 | || !equalBN("A << N", lshift, ret) |
30bea14b | 1369 | || !TEST_true(BN_rshift(ret, lshift, n)) |
8d1ebff4 RS |
1370 | || !equalBN("A >> N", a, ret)) |
1371 | goto err; | |
1372 | ||
1373 | st = 1; | |
fe16ae5f | 1374 | err: |
8d1ebff4 RS |
1375 | BN_free(a); |
1376 | BN_free(lshift); | |
1377 | BN_free(ret); | |
1378 | return st; | |
1379 | } | |
1380 | ||
1381 | static int file_rshift(STANZA *s) | |
1382 | { | |
30bea14b RS |
1383 | BIGNUM *a = NULL, *rshift = NULL, *ret = NULL; |
1384 | int n = 0, st = 0; | |
8d1ebff4 | 1385 | |
30bea14b RS |
1386 | if (!TEST_ptr(a = getBN(s, "A")) |
1387 | || !TEST_ptr(rshift = getBN(s, "RShift")) | |
1388 | || !TEST_ptr(ret = BN_new()) | |
1389 | || !getint(s, &n, "N")) | |
8d1ebff4 RS |
1390 | goto err; |
1391 | ||
30bea14b | 1392 | if (!TEST_true(BN_rshift(ret, a, n)) |
8d1ebff4 | 1393 | || !equalBN("A >> N", rshift, ret)) |
30bea14b | 1394 | goto err; |
ceac1975 RL |
1395 | |
1396 | /* If N == 1, try with rshift1 as well */ | |
1397 | if (n == 1) { | |
30bea14b | 1398 | if (!TEST_true(BN_rshift1(ret, a)) |
ceac1975 | 1399 | || !equalBN("A >> 1 (rshift1)", rshift, ret)) |
30bea14b | 1400 | goto err; |
ceac1975 | 1401 | } |
30bea14b | 1402 | st = 1; |
8d1ebff4 | 1403 | |
fe16ae5f | 1404 | err: |
8d1ebff4 RS |
1405 | BN_free(a); |
1406 | BN_free(rshift); | |
1407 | BN_free(ret); | |
30bea14b | 1408 | return st; |
8d1ebff4 RS |
1409 | } |
1410 | ||
1411 | static int file_square(STANZA *s) | |
1412 | { | |
30bea14b RS |
1413 | BIGNUM *a = NULL, *square = NULL, *zero = NULL, *ret = NULL; |
1414 | BIGNUM *remainder = NULL, *tmp = NULL; | |
8d1ebff4 RS |
1415 | int st = 0; |
1416 | ||
30bea14b RS |
1417 | if (!TEST_ptr(a = getBN(s, "A")) |
1418 | || !TEST_ptr(square = getBN(s, "Square")) | |
1419 | || !TEST_ptr(zero = BN_new()) | |
1420 | || !TEST_ptr(ret = BN_new()) | |
1421 | || !TEST_ptr(remainder = BN_new())) | |
8d1ebff4 RS |
1422 | goto err; |
1423 | ||
1424 | BN_zero(zero); | |
30bea14b | 1425 | if (!TEST_true(BN_sqr(ret, a, ctx)) |
8d1ebff4 | 1426 | || !equalBN("A^2", square, ret) |
30bea14b | 1427 | || !TEST_true(BN_mul(ret, a, a, ctx)) |
8d1ebff4 | 1428 | || !equalBN("A * A", square, ret) |
30bea14b | 1429 | || !TEST_true(BN_div(ret, remainder, square, a, ctx)) |
8d1ebff4 RS |
1430 | || !equalBN("Square / A", a, ret) |
1431 | || !equalBN("Square % A", zero, remainder)) | |
1432 | goto err; | |
1433 | ||
1434 | #if HAVE_BN_SQRT | |
1435 | BN_set_negative(a, 0); | |
30bea14b | 1436 | if (!TEST_true(BN_sqrt(ret, square, ctx)) |
8d1ebff4 RS |
1437 | || !equalBN("sqrt(Square)", a, ret)) |
1438 | goto err; | |
1439 | ||
1440 | /* BN_sqrt should fail on non-squares and negative numbers. */ | |
dc352c19 P |
1441 | if (!TEST_BN_eq_zero(square)) { |
1442 | if (!TEST_ptr(tmp = BN_new()) | |
1443 | || !TEST_true(BN_copy(tmp, square))) | |
8d1ebff4 RS |
1444 | goto err; |
1445 | BN_set_negative(tmp, 1); | |
1446 | ||
30bea14b | 1447 | if (!TEST_int_eq(BN_sqrt(ret, tmp, ctx), 0)) |
8d1ebff4 | 1448 | goto err; |
8d1ebff4 RS |
1449 | ERR_clear_error(); |
1450 | ||
1451 | BN_set_negative(tmp, 0); | |
1452 | if (BN_add(tmp, tmp, BN_value_one())) | |
1453 | goto err; | |
30bea14b | 1454 | if (!TEST_int_eq(BN_sqrt(ret, tmp, ctx))) |
8d1ebff4 | 1455 | goto err; |
8d1ebff4 RS |
1456 | ERR_clear_error(); |
1457 | } | |
1458 | #endif | |
1459 | ||
1460 | st = 1; | |
fe16ae5f | 1461 | err: |
8d1ebff4 RS |
1462 | BN_free(a); |
1463 | BN_free(square); | |
1464 | BN_free(zero); | |
1465 | BN_free(ret); | |
1466 | BN_free(remainder); | |
1467 | BN_free(tmp); | |
1468 | return st; | |
1469 | } | |
1470 | ||
1471 | static int file_product(STANZA *s) | |
1472 | { | |
30bea14b RS |
1473 | BIGNUM *a = NULL, *b = NULL, *product = NULL, *ret = NULL; |
1474 | BIGNUM *remainder = NULL, *zero = NULL; | |
8d1ebff4 RS |
1475 | int st = 0; |
1476 | ||
30bea14b RS |
1477 | if (!TEST_ptr(a = getBN(s, "A")) |
1478 | || !TEST_ptr(b = getBN(s, "B")) | |
1479 | || !TEST_ptr(product = getBN(s, "Product")) | |
1480 | || !TEST_ptr(ret = BN_new()) | |
1481 | || !TEST_ptr(remainder = BN_new()) | |
1482 | || !TEST_ptr(zero = BN_new())) | |
8d1ebff4 RS |
1483 | goto err; |
1484 | ||
1485 | BN_zero(zero); | |
1486 | ||
30bea14b | 1487 | if (!TEST_true(BN_mul(ret, a, b, ctx)) |
8d1ebff4 | 1488 | || !equalBN("A * B", product, ret) |
30bea14b | 1489 | || !TEST_true(BN_div(ret, remainder, product, a, ctx)) |
8d1ebff4 RS |
1490 | || !equalBN("Product / A", b, ret) |
1491 | || !equalBN("Product % A", zero, remainder) | |
30bea14b | 1492 | || !TEST_true(BN_div(ret, remainder, product, b, ctx)) |
8d1ebff4 RS |
1493 | || !equalBN("Product / B", a, ret) |
1494 | || !equalBN("Product % B", zero, remainder)) | |
1495 | goto err; | |
1496 | ||
1497 | st = 1; | |
fe16ae5f | 1498 | err: |
8d1ebff4 RS |
1499 | BN_free(a); |
1500 | BN_free(b); | |
1501 | BN_free(product); | |
1502 | BN_free(ret); | |
1503 | BN_free(remainder); | |
1504 | BN_free(zero); | |
1505 | return st; | |
1506 | } | |
1507 | ||
1508 | static int file_quotient(STANZA *s) | |
1509 | { | |
30bea14b RS |
1510 | BIGNUM *a = NULL, *b = NULL, *quotient = NULL, *remainder = NULL; |
1511 | BIGNUM *ret = NULL, *ret2 = NULL, *nnmod = NULL; | |
8d1ebff4 RS |
1512 | BN_ULONG b_word, ret_word; |
1513 | int st = 0; | |
1514 | ||
30bea14b RS |
1515 | if (!TEST_ptr(a = getBN(s, "A")) |
1516 | || !TEST_ptr(b = getBN(s, "B")) | |
1517 | || !TEST_ptr(quotient = getBN(s, "Quotient")) | |
1518 | || !TEST_ptr(remainder = getBN(s, "Remainder")) | |
1519 | || !TEST_ptr(ret = BN_new()) | |
1520 | || !TEST_ptr(ret2 = BN_new()) | |
1521 | || !TEST_ptr(nnmod = BN_new())) | |
8d1ebff4 RS |
1522 | goto err; |
1523 | ||
30bea14b | 1524 | if (!TEST_true(BN_div(ret, ret2, a, b, ctx)) |
8d1ebff4 RS |
1525 | || !equalBN("A / B", quotient, ret) |
1526 | || !equalBN("A % B", remainder, ret2) | |
30bea14b RS |
1527 | || !TEST_true(BN_mul(ret, quotient, b, ctx)) |
1528 | || !TEST_true(BN_add(ret, ret, remainder)) | |
8d1ebff4 RS |
1529 | || !equalBN("Quotient * B + Remainder", a, ret)) |
1530 | goto err; | |
1531 | ||
1532 | /* | |
1533 | * Test with BN_mod_word() and BN_div_word() if the divisor is | |
1534 | * small enough. | |
1535 | */ | |
1536 | b_word = BN_get_word(b); | |
1537 | if (!BN_is_negative(b) && b_word != (BN_ULONG)-1) { | |
1538 | BN_ULONG remainder_word = BN_get_word(remainder); | |
1539 | ||
1540 | assert(remainder_word != (BN_ULONG)-1); | |
30bea14b | 1541 | if (!TEST_ptr(BN_copy(ret, a))) |
8d1ebff4 RS |
1542 | goto err; |
1543 | ret_word = BN_div_word(ret, b_word); | |
1544 | if (ret_word != remainder_word) { | |
1545 | #ifdef BN_DEC_FMT1 | |
30bea14b RS |
1546 | TEST_error( |
1547 | "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1, | |
8d1ebff4 RS |
1548 | ret_word, remainder_word); |
1549 | #else | |
30bea14b | 1550 | TEST_error("Got A %% B (word) mismatch"); |
8d1ebff4 RS |
1551 | #endif |
1552 | goto err; | |
1553 | } | |
1554 | if (!equalBN ("A / B (word)", quotient, ret)) | |
1555 | goto err; | |
1556 | ||
1557 | ret_word = BN_mod_word(a, b_word); | |
1558 | if (ret_word != remainder_word) { | |
1559 | #ifdef BN_DEC_FMT1 | |
30bea14b RS |
1560 | TEST_error( |
1561 | "Got A %% B (word) = " BN_DEC_FMT1 ", wanted " BN_DEC_FMT1 "", | |
8d1ebff4 RS |
1562 | ret_word, remainder_word); |
1563 | #else | |
30bea14b | 1564 | TEST_error("Got A %% B (word) mismatch"); |
8d1ebff4 RS |
1565 | #endif |
1566 | goto err; | |
1567 | } | |
1568 | } | |
1569 | ||
1570 | /* Test BN_nnmod. */ | |
1571 | if (!BN_is_negative(b)) { | |
30bea14b RS |
1572 | if (!TEST_true(BN_copy(nnmod, remainder)) |
1573 | || (BN_is_negative(nnmod) | |
1574 | && !TEST_true(BN_add(nnmod, nnmod, b))) | |
1575 | || !TEST_true(BN_nnmod(ret, a, b, ctx)) | |
8d1ebff4 RS |
1576 | || !equalBN("A % B (non-negative)", nnmod, ret)) |
1577 | goto err; | |
1578 | } | |
1579 | ||
1580 | st = 1; | |
fe16ae5f | 1581 | err: |
8d1ebff4 RS |
1582 | BN_free(a); |
1583 | BN_free(b); | |
1584 | BN_free(quotient); | |
1585 | BN_free(remainder); | |
1586 | BN_free(ret); | |
1587 | BN_free(ret2); | |
1588 | BN_free(nnmod); | |
1589 | return st; | |
1590 | } | |
1591 | ||
1592 | static int file_modmul(STANZA *s) | |
1593 | { | |
30bea14b | 1594 | BIGNUM *a = NULL, *b = NULL, *m = NULL, *mod_mul = NULL, *ret = NULL; |
8d1ebff4 RS |
1595 | int st = 0; |
1596 | ||
30bea14b RS |
1597 | if (!TEST_ptr(a = getBN(s, "A")) |
1598 | || !TEST_ptr(b = getBN(s, "B")) | |
1599 | || !TEST_ptr(m = getBN(s, "M")) | |
1600 | || !TEST_ptr(mod_mul = getBN(s, "ModMul")) | |
1601 | || !TEST_ptr(ret = BN_new())) | |
8d1ebff4 RS |
1602 | goto err; |
1603 | ||
30bea14b | 1604 | if (!TEST_true(BN_mod_mul(ret, a, b, m, ctx)) |
8d1ebff4 RS |
1605 | || !equalBN("A * B (mod M)", mod_mul, ret)) |
1606 | goto err; | |
1607 | ||
1608 | if (BN_is_odd(m)) { | |
1609 | /* Reduce |a| and |b| and test the Montgomery version. */ | |
1610 | BN_MONT_CTX *mont = BN_MONT_CTX_new(); | |
1611 | BIGNUM *a_tmp = BN_new(); | |
1612 | BIGNUM *b_tmp = BN_new(); | |
30bea14b | 1613 | |
8d1ebff4 | 1614 | if (mont == NULL || a_tmp == NULL || b_tmp == NULL |
30bea14b RS |
1615 | || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) |
1616 | || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) | |
1617 | || !TEST_true(BN_nnmod(b_tmp, b, m, ctx)) | |
1618 | || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) | |
1619 | || !TEST_true(BN_to_montgomery(b_tmp, b_tmp, mont, ctx)) | |
1620 | || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, b_tmp, | |
1621 | mont, ctx)) | |
1622 | || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) | |
1623 | || !equalBN("A * B (mod M) (mont)", mod_mul, ret)) | |
8d1ebff4 | 1624 | st = 0; |
30bea14b | 1625 | else |
8d1ebff4 | 1626 | st = 1; |
8d1ebff4 RS |
1627 | BN_MONT_CTX_free(mont); |
1628 | BN_free(a_tmp); | |
1629 | BN_free(b_tmp); | |
1630 | if (st == 0) | |
1631 | goto err; | |
1632 | } | |
1633 | ||
1634 | st = 1; | |
fe16ae5f | 1635 | err: |
8d1ebff4 RS |
1636 | BN_free(a); |
1637 | BN_free(b); | |
1638 | BN_free(m); | |
1639 | BN_free(mod_mul); | |
1640 | BN_free(ret); | |
1641 | return st; | |
1642 | } | |
1643 | ||
1644 | static int file_modexp(STANZA *s) | |
1645 | { | |
30bea14b RS |
1646 | BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL; |
1647 | BIGNUM *b = NULL, *c = NULL, *d = NULL; | |
8d1ebff4 RS |
1648 | int st = 0; |
1649 | ||
30bea14b RS |
1650 | if (!TEST_ptr(a = getBN(s, "A")) |
1651 | || !TEST_ptr(e = getBN(s, "E")) | |
1652 | || !TEST_ptr(m = getBN(s, "M")) | |
1653 | || !TEST_ptr(mod_exp = getBN(s, "ModExp")) | |
1654 | || !TEST_ptr(ret = BN_new()) | |
1655 | || !TEST_ptr(d = BN_new())) | |
8d1ebff4 RS |
1656 | goto err; |
1657 | ||
30bea14b | 1658 | if (!TEST_true(BN_mod_exp(ret, a, e, m, ctx)) |
8d1ebff4 RS |
1659 | || !equalBN("A ^ E (mod M)", mod_exp, ret)) |
1660 | goto err; | |
1661 | ||
1662 | if (BN_is_odd(m)) { | |
30bea14b | 1663 | if (!TEST_true(BN_mod_exp_mont(ret, a, e, m, ctx, NULL)) |
8d1ebff4 | 1664 | || !equalBN("A ^ E (mod M) (mont)", mod_exp, ret) |
30bea14b RS |
1665 | || !TEST_true(BN_mod_exp_mont_consttime(ret, a, e, m, |
1666 | ctx, NULL)) | |
8d1ebff4 RS |
1667 | || !equalBN("A ^ E (mod M) (mont const", mod_exp, ret)) |
1668 | goto err; | |
1669 | } | |
1670 | ||
1671 | /* Regression test for carry propagation bug in sqr8x_reduction */ | |
1672 | BN_hex2bn(&a, "050505050505"); | |
1673 | BN_hex2bn(&b, "02"); | |
1674 | BN_hex2bn(&c, | |
1675 | "4141414141414141414141274141414141414141414141414141414141414141" | |
1676 | "4141414141414141414141414141414141414141414141414141414141414141" | |
1677 | "4141414141414141414141800000000000000000000000000000000000000000" | |
1678 | "0000000000000000000000000000000000000000000000000000000000000000" | |
1679 | "0000000000000000000000000000000000000000000000000000000000000000" | |
1680 | "0000000000000000000000000000000000000000000000000000000001"); | |
9e206ce5 P |
1681 | if (!TEST_true(BN_mod_exp(d, a, b, c, ctx)) |
1682 | || !TEST_true(BN_mul(e, a, a, ctx)) | |
1683 | || !TEST_BN_eq(d, e)) | |
8d1ebff4 | 1684 | goto err; |
8d1ebff4 RS |
1685 | |
1686 | st = 1; | |
fe16ae5f | 1687 | err: |
8d1ebff4 RS |
1688 | BN_free(a); |
1689 | BN_free(b); | |
1690 | BN_free(c); | |
1691 | BN_free(d); | |
1692 | BN_free(e); | |
1693 | BN_free(m); | |
1694 | BN_free(mod_exp); | |
1695 | BN_free(ret); | |
1696 | return st; | |
1697 | } | |
1698 | ||
1699 | static int file_exp(STANZA *s) | |
1700 | { | |
30bea14b | 1701 | BIGNUM *a = NULL, *e = NULL, *exp = NULL, *ret = NULL; |
8d1ebff4 RS |
1702 | int st = 0; |
1703 | ||
30bea14b RS |
1704 | if (!TEST_ptr(a = getBN(s, "A")) |
1705 | || !TEST_ptr(e = getBN(s, "E")) | |
1706 | || !TEST_ptr(exp = getBN(s, "Exp")) | |
1707 | || !TEST_ptr(ret = BN_new())) | |
8d1ebff4 RS |
1708 | goto err; |
1709 | ||
30bea14b | 1710 | if (!TEST_true(BN_exp(ret, a, e, ctx)) |
8d1ebff4 RS |
1711 | || !equalBN("A ^ E", exp, ret)) |
1712 | goto err; | |
1713 | ||
1714 | st = 1; | |
fe16ae5f | 1715 | err: |
8d1ebff4 RS |
1716 | BN_free(a); |
1717 | BN_free(e); | |
1718 | BN_free(exp); | |
1719 | BN_free(ret); | |
1720 | return st; | |
1721 | } | |
1722 | ||
1723 | static int file_modsqrt(STANZA *s) | |
1724 | { | |
30bea14b | 1725 | BIGNUM *a = NULL, *p = NULL, *mod_sqrt = NULL, *ret = NULL, *ret2 = NULL; |
8d1ebff4 RS |
1726 | int st = 0; |
1727 | ||
30bea14b RS |
1728 | if (!TEST_ptr(a = getBN(s, "A")) |
1729 | || !TEST_ptr(p = getBN(s, "P")) | |
1730 | || !TEST_ptr(mod_sqrt = getBN(s, "ModSqrt")) | |
1731 | || !TEST_ptr(ret = BN_new()) | |
1732 | || !TEST_ptr(ret2 = BN_new())) | |
8d1ebff4 RS |
1733 | goto err; |
1734 | ||
1735 | /* There are two possible answers. */ | |
30bea14b RS |
1736 | if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) |
1737 | || !TEST_true(BN_sub(ret2, p, ret))) | |
8d1ebff4 RS |
1738 | goto err; |
1739 | ||
30bea14b | 1740 | /* The first condition should NOT be a test. */ |
8d1ebff4 RS |
1741 | if (BN_cmp(ret2, mod_sqrt) != 0 |
1742 | && !equalBN("sqrt(A) (mod P)", mod_sqrt, ret)) | |
1743 | goto err; | |
1744 | ||
1745 | st = 1; | |
fe16ae5f | 1746 | err: |
8d1ebff4 RS |
1747 | BN_free(a); |
1748 | BN_free(p); | |
1749 | BN_free(mod_sqrt); | |
1750 | BN_free(ret); | |
1751 | BN_free(ret2); | |
1752 | return st; | |
1753 | } | |
1754 | ||
b75d6310 CPG |
1755 | static int file_gcd(STANZA *s) |
1756 | { | |
1757 | BIGNUM *a = NULL, *b = NULL, *gcd = NULL, *ret = NULL; | |
1758 | int st = 0; | |
1759 | ||
1760 | if (!TEST_ptr(a = getBN(s, "A")) | |
1761 | || !TEST_ptr(b = getBN(s, "B")) | |
1762 | || !TEST_ptr(gcd = getBN(s, "GCD")) | |
1763 | || !TEST_ptr(ret = BN_new())) | |
1764 | goto err; | |
1765 | ||
1766 | if (!TEST_true(BN_gcd(ret, a, b, ctx)) | |
1767 | || !equalBN("gcd(A,B)", gcd, ret)) | |
1768 | goto err; | |
1769 | ||
1770 | st = 1; | |
1771 | err: | |
1772 | BN_free(a); | |
1773 | BN_free(b); | |
1774 | BN_free(gcd); | |
1775 | BN_free(ret); | |
1776 | return st; | |
1777 | } | |
1778 | ||
31a80694 | 1779 | static int test_bn2padded(void) |
8d1ebff4 | 1780 | { |
8d1ebff4 | 1781 | uint8_t zeros[256], out[256], reference[128]; |
23750f67 RL |
1782 | size_t bytes; |
1783 | BIGNUM *n; | |
8d1ebff4 RS |
1784 | int st = 0; |
1785 | ||
1786 | /* Test edge case at 0. */ | |
23750f67 | 1787 | if (!TEST_ptr((n = BN_new()))) |
8d1ebff4 | 1788 | goto err; |
23750f67 | 1789 | if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), 0)) |
8d1ebff4 | 1790 | goto err; |
8d1ebff4 | 1791 | memset(out, -1, sizeof(out)); |
23750f67 | 1792 | if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out))) |
8d1ebff4 | 1793 | goto err; |
8d1ebff4 | 1794 | memset(zeros, 0, sizeof(zeros)); |
30bea14b | 1795 | if (!TEST_mem_eq(zeros, sizeof(zeros), out, sizeof(out))) |
8d1ebff4 | 1796 | goto err; |
8d1ebff4 RS |
1797 | |
1798 | /* Test a random numbers at various byte lengths. */ | |
23750f67 | 1799 | for (bytes = 128 - 7; bytes <= 128; bytes++) { |
fe16ae5f NT |
1800 | # define TOP_BIT_ON 0 |
1801 | # define BOTTOM_BIT_NOTOUCH 0 | |
30bea14b | 1802 | if (!TEST_true(BN_rand(n, bytes * 8, TOP_BIT_ON, BOTTOM_BIT_NOTOUCH))) |
8d1ebff4 | 1803 | goto err; |
23750f67 RL |
1804 | if (!TEST_int_eq(BN_num_bytes(n), bytes) |
1805 | || !TEST_int_eq(BN_bn2bin(n, reference), bytes)) | |
8d1ebff4 | 1806 | goto err; |
8d1ebff4 | 1807 | /* Empty buffer should fail. */ |
23750f67 | 1808 | if (!TEST_int_eq(BN_bn2binpad(n, NULL, 0), -1)) |
8d1ebff4 | 1809 | goto err; |
8d1ebff4 | 1810 | /* One byte short should fail. */ |
23750f67 | 1811 | if (!TEST_int_eq(BN_bn2binpad(n, out, bytes - 1), -1)) |
8d1ebff4 | 1812 | goto err; |
8d1ebff4 | 1813 | /* Exactly right size should encode. */ |
23750f67 RL |
1814 | if (!TEST_int_eq(BN_bn2binpad(n, out, bytes), bytes) |
1815 | || !TEST_mem_eq(out, bytes, reference, bytes)) | |
8d1ebff4 | 1816 | goto err; |
8d1ebff4 | 1817 | /* Pad up one byte extra. */ |
23750f67 | 1818 | if (!TEST_int_eq(BN_bn2binpad(n, out, bytes + 1), bytes + 1) |
30bea14b RS |
1819 | || !TEST_mem_eq(out + 1, bytes, reference, bytes) |
1820 | || !TEST_mem_eq(out, 1, zeros, 1)) | |
8d1ebff4 | 1821 | goto err; |
8d1ebff4 | 1822 | /* Pad up to 256. */ |
23750f67 | 1823 | if (!TEST_int_eq(BN_bn2binpad(n, out, sizeof(out)), sizeof(out)) |
30bea14b RS |
1824 | || !TEST_mem_eq(out + sizeof(out) - bytes, bytes, |
1825 | reference, bytes) | |
23750f67 | 1826 | || !TEST_mem_eq(out, sizeof(out) - bytes, |
30bea14b | 1827 | zeros, sizeof(out) - bytes)) |
8d1ebff4 | 1828 | goto err; |
8d1ebff4 RS |
1829 | } |
1830 | ||
1831 | st = 1; | |
fe16ae5f | 1832 | err: |
8d1ebff4 RS |
1833 | BN_free(n); |
1834 | return st; | |
8d1ebff4 RS |
1835 | } |
1836 | ||
5288303d RL |
1837 | static const MPITEST kSignedTests_BE[] = { |
1838 | {"-1", "\xff", 1}, | |
1839 | {"0", "", 0}, | |
1840 | {"1", "\x01", 1}, | |
1841 | /* | |
1842 | * The above cover the basics, now let's go for possible bignum | |
1843 | * chunk edges and other word edges (for a broad definition of | |
1844 | * "word", i.e. 1 byte included). | |
1845 | */ | |
1846 | /* 1 byte edge */ | |
1847 | {"127", "\x7f", 1}, | |
1848 | {"-127", "\x81", 1}, | |
1849 | {"128", "\x00\x80", 2}, | |
1850 | {"-128", "\x80", 1}, | |
1851 | {"129", "\x00\x81", 2}, | |
1852 | {"-129", "\xff\x7f", 2}, | |
1853 | {"255", "\x00\xff", 2}, | |
1854 | {"-255", "\xff\x01", 2}, | |
1855 | {"256", "\x01\x00", 2}, | |
1856 | {"-256", "\xff\x00", 2}, | |
1857 | /* 2 byte edge */ | |
1858 | {"32767", "\x7f\xff", 2}, | |
1859 | {"-32767", "\x80\x01", 2}, | |
1860 | {"32768", "\x00\x80\x00", 3}, | |
1861 | {"-32768", "\x80\x00", 2}, | |
1862 | {"32769", "\x00\x80\x01", 3}, | |
1863 | {"-32769", "\xff\x7f\xff", 3}, | |
1864 | {"65535", "\x00\xff\xff", 3}, | |
1865 | {"-65535", "\xff\x00\x01", 3}, | |
1866 | {"65536", "\x01\x00\x00", 3}, | |
1867 | {"-65536", "\xff\x00\x00", 3}, | |
1868 | /* 4 byte edge */ | |
1869 | {"2147483647", "\x7f\xff\xff\xff", 4}, | |
1870 | {"-2147483647", "\x80\x00\x00\x01", 4}, | |
1871 | {"2147483648", "\x00\x80\x00\x00\x00", 5}, | |
1872 | {"-2147483648", "\x80\x00\x00\x00", 4}, | |
1873 | {"2147483649", "\x00\x80\x00\x00\x01", 5}, | |
1874 | {"-2147483649", "\xff\x7f\xff\xff\xff", 5}, | |
1875 | {"4294967295", "\x00\xff\xff\xff\xff", 5}, | |
1876 | {"-4294967295", "\xff\x00\x00\x00\x01", 5}, | |
1877 | {"4294967296", "\x01\x00\x00\x00\x00", 5}, | |
1878 | {"-4294967296", "\xff\x00\x00\x00\x00", 5}, | |
1879 | /* 8 byte edge */ | |
1880 | {"9223372036854775807", "\x7f\xff\xff\xff\xff\xff\xff\xff", 8}, | |
1881 | {"-9223372036854775807", "\x80\x00\x00\x00\x00\x00\x00\x01", 8}, | |
1882 | {"9223372036854775808", "\x00\x80\x00\x00\x00\x00\x00\x00\x00", 9}, | |
1883 | {"-9223372036854775808", "\x80\x00\x00\x00\x00\x00\x00\x00", 8}, | |
1884 | {"9223372036854775809", "\x00\x80\x00\x00\x00\x00\x00\x00\x01", 9}, | |
1885 | {"-9223372036854775809", "\xff\x7f\xff\xff\xff\xff\xff\xff\xff", 9}, | |
1886 | {"18446744073709551615", "\x00\xff\xff\xff\xff\xff\xff\xff\xff", 9}, | |
1887 | {"-18446744073709551615", "\xff\x00\x00\x00\x00\x00\x00\x00\x01", 9}, | |
1888 | {"18446744073709551616", "\x01\x00\x00\x00\x00\x00\x00\x00\x00", 9}, | |
1889 | {"-18446744073709551616", "\xff\x00\x00\x00\x00\x00\x00\x00\x00", 9}, | |
1890 | }; | |
1891 | ||
1892 | static int copy_reversed(uint8_t *dst, uint8_t *src, size_t len) | |
1893 | { | |
1894 | for (dst += len - 1; len > 0; src++, dst--, len--) | |
1895 | *dst = *src; | |
1896 | return 1; | |
1897 | } | |
1898 | ||
1899 | static int test_bn2signed(int i) | |
1900 | { | |
1901 | uint8_t scratch[10], reversed[10]; | |
1902 | const MPITEST *test = &kSignedTests_BE[i]; | |
1903 | BIGNUM *bn = NULL, *bn2 = NULL; | |
1904 | int st = 0; | |
1905 | ||
1906 | if (!TEST_ptr(bn = BN_new()) | |
1907 | || !TEST_true(BN_asc2bn(&bn, test->base10))) | |
1908 | goto err; | |
1909 | ||
1910 | /* | |
1911 | * Check BN_signed_bn2bin() / BN_signed_bin2bn() | |
1912 | * The interesting stuff happens in the last bytes of the buffers, | |
1913 | * the beginning is just padding (i.e. sign extension). | |
1914 | */ | |
1915 | i = sizeof(scratch) - test->mpi_len; | |
1916 | if (!TEST_int_eq(BN_signed_bn2bin(bn, scratch, sizeof(scratch)), | |
1917 | sizeof(scratch)) | |
1918 | || !TEST_true(copy_reversed(reversed, scratch, sizeof(scratch))) | |
1919 | || !TEST_mem_eq(test->mpi, test->mpi_len, scratch + i, test->mpi_len)) | |
1920 | goto err; | |
1921 | ||
1922 | if (!TEST_ptr(bn2 = BN_signed_bin2bn(scratch, sizeof(scratch), NULL)) | |
1923 | || !TEST_BN_eq(bn, bn2)) | |
1924 | goto err; | |
1925 | ||
1926 | BN_free(bn2); | |
1927 | bn2 = NULL; | |
1928 | ||
1929 | /* Check that a parse of the reversed buffer works too */ | |
1930 | if (!TEST_ptr(bn2 = BN_signed_lebin2bn(reversed, sizeof(reversed), NULL)) | |
1931 | || !TEST_BN_eq(bn, bn2)) | |
1932 | goto err; | |
1933 | ||
1934 | BN_free(bn2); | |
1935 | bn2 = NULL; | |
1936 | ||
1937 | /* | |
1938 | * Check BN_signed_bn2lebin() / BN_signed_lebin2bn() | |
1939 | * The interesting stuff happens in the first bytes of the buffers, | |
1940 | * the end is just padding (i.e. sign extension). | |
1941 | */ | |
1942 | i = sizeof(reversed) - test->mpi_len; | |
1943 | if (!TEST_int_eq(BN_signed_bn2lebin(bn, scratch, sizeof(scratch)), | |
1944 | sizeof(scratch)) | |
1945 | || !TEST_true(copy_reversed(reversed, scratch, sizeof(scratch))) | |
1946 | || !TEST_mem_eq(test->mpi, test->mpi_len, reversed + i, test->mpi_len)) | |
1947 | goto err; | |
1948 | ||
1949 | if (!TEST_ptr(bn2 = BN_signed_lebin2bn(scratch, sizeof(scratch), NULL)) | |
1950 | || !TEST_BN_eq(bn, bn2)) | |
1951 | goto err; | |
1952 | ||
1953 | BN_free(bn2); | |
1954 | bn2 = NULL; | |
1955 | ||
1956 | /* Check that a parse of the reversed buffer works too */ | |
1957 | if (!TEST_ptr(bn2 = BN_signed_bin2bn(reversed, sizeof(reversed), NULL)) | |
1958 | || !TEST_BN_eq(bn, bn2)) | |
1959 | goto err; | |
1960 | ||
1961 | st = 1; | |
1962 | err: | |
1963 | BN_free(bn2); | |
1964 | BN_free(bn); | |
1965 | return st; | |
1966 | } | |
1967 | ||
31a80694 | 1968 | static int test_dec2bn(void) |
8d1ebff4 RS |
1969 | { |
1970 | BIGNUM *bn = NULL; | |
1971 | int st = 0; | |
1972 | ||
30bea14b | 1973 | if (!TEST_int_eq(parsedecBN(&bn, "0"), 1) |
dc352c19 P |
1974 | || !TEST_BN_eq_word(bn, 0) |
1975 | || !TEST_BN_eq_zero(bn) | |
1976 | || !TEST_BN_le_zero(bn) | |
1977 | || !TEST_BN_ge_zero(bn) | |
1978 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 1979 | goto err; |
8d1ebff4 | 1980 | BN_free(bn); |
dc352c19 | 1981 | bn = NULL; |
8d1ebff4 | 1982 | |
30bea14b | 1983 | if (!TEST_int_eq(parsedecBN(&bn, "256"), 3) |
dc352c19 P |
1984 | || !TEST_BN_eq_word(bn, 256) |
1985 | || !TEST_BN_ge_zero(bn) | |
1986 | || !TEST_BN_gt_zero(bn) | |
1987 | || !TEST_BN_ne_zero(bn) | |
1988 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 1989 | goto err; |
8d1ebff4 | 1990 | BN_free(bn); |
dc352c19 | 1991 | bn = NULL; |
8d1ebff4 | 1992 | |
30bea14b | 1993 | if (!TEST_int_eq(parsedecBN(&bn, "-42"), 3) |
dc352c19 P |
1994 | || !TEST_BN_abs_eq_word(bn, 42) |
1995 | || !TEST_BN_lt_zero(bn) | |
1996 | || !TEST_BN_le_zero(bn) | |
1997 | || !TEST_BN_ne_zero(bn) | |
1998 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 1999 | goto err; |
8d1ebff4 | 2000 | BN_free(bn); |
dc352c19 P |
2001 | bn = NULL; |
2002 | ||
2003 | if (!TEST_int_eq(parsedecBN(&bn, "1"), 1) | |
2004 | || !TEST_BN_eq_word(bn, 1) | |
2005 | || !TEST_BN_ne_zero(bn) | |
2006 | || !TEST_BN_gt_zero(bn) | |
2007 | || !TEST_BN_ge_zero(bn) | |
2008 | || !TEST_BN_eq_one(bn) | |
2009 | || !TEST_BN_odd(bn)) | |
2010 | goto err; | |
2011 | BN_free(bn); | |
2012 | bn = NULL; | |
8d1ebff4 | 2013 | |
30bea14b | 2014 | if (!TEST_int_eq(parsedecBN(&bn, "-0"), 2) |
dc352c19 P |
2015 | || !TEST_BN_eq_zero(bn) |
2016 | || !TEST_BN_ge_zero(bn) | |
2017 | || !TEST_BN_le_zero(bn) | |
2018 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 2019 | goto err; |
8d1ebff4 | 2020 | BN_free(bn); |
dc352c19 | 2021 | bn = NULL; |
8d1ebff4 | 2022 | |
30bea14b | 2023 | if (!TEST_int_eq(parsedecBN(&bn, "42trailing garbage is ignored"), 2) |
dc352c19 P |
2024 | || !TEST_BN_abs_eq_word(bn, 42) |
2025 | || !TEST_BN_ge_zero(bn) | |
2026 | || !TEST_BN_gt_zero(bn) | |
2027 | || !TEST_BN_ne_zero(bn) | |
2028 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 2029 | goto err; |
8d1ebff4 RS |
2030 | |
2031 | st = 1; | |
fe16ae5f | 2032 | err: |
8d1ebff4 RS |
2033 | BN_free(bn); |
2034 | return st; | |
2035 | } | |
2036 | ||
31a80694 | 2037 | static int test_hex2bn(void) |
8d1ebff4 RS |
2038 | { |
2039 | BIGNUM *bn = NULL; | |
30bea14b | 2040 | int st = 0; |
8d1ebff4 | 2041 | |
30bea14b | 2042 | if (!TEST_int_eq(parseBN(&bn, "0"), 1) |
dc352c19 P |
2043 | || !TEST_BN_eq_zero(bn) |
2044 | || !TEST_BN_ge_zero(bn) | |
2045 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 2046 | goto err; |
8d1ebff4 | 2047 | BN_free(bn); |
dc352c19 | 2048 | bn = NULL; |
8d1ebff4 | 2049 | |
30bea14b | 2050 | if (!TEST_int_eq(parseBN(&bn, "256"), 3) |
dc352c19 P |
2051 | || !TEST_BN_eq_word(bn, 0x256) |
2052 | || !TEST_BN_ge_zero(bn) | |
2053 | || !TEST_BN_gt_zero(bn) | |
2054 | || !TEST_BN_ne_zero(bn) | |
2055 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 2056 | goto err; |
8d1ebff4 | 2057 | BN_free(bn); |
dc352c19 | 2058 | bn = NULL; |
8d1ebff4 | 2059 | |
30bea14b | 2060 | if (!TEST_int_eq(parseBN(&bn, "-42"), 3) |
dc352c19 P |
2061 | || !TEST_BN_abs_eq_word(bn, 0x42) |
2062 | || !TEST_BN_lt_zero(bn) | |
2063 | || !TEST_BN_le_zero(bn) | |
2064 | || !TEST_BN_ne_zero(bn) | |
2065 | || !TEST_BN_even(bn)) | |
2066 | goto err; | |
2067 | BN_free(bn); | |
2068 | bn = NULL; | |
2069 | ||
2070 | if (!TEST_int_eq(parseBN(&bn, "cb"), 2) | |
2071 | || !TEST_BN_eq_word(bn, 0xCB) | |
2072 | || !TEST_BN_ge_zero(bn) | |
2073 | || !TEST_BN_gt_zero(bn) | |
2074 | || !TEST_BN_ne_zero(bn) | |
2075 | || !TEST_BN_odd(bn)) | |
8d1ebff4 | 2076 | goto err; |
8d1ebff4 | 2077 | BN_free(bn); |
dc352c19 | 2078 | bn = NULL; |
8d1ebff4 | 2079 | |
30bea14b | 2080 | if (!TEST_int_eq(parseBN(&bn, "-0"), 2) |
dc352c19 P |
2081 | || !TEST_BN_eq_zero(bn) |
2082 | || !TEST_BN_ge_zero(bn) | |
2083 | || !TEST_BN_le_zero(bn) | |
2084 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 2085 | goto err; |
8d1ebff4 | 2086 | BN_free(bn); |
dc352c19 | 2087 | bn = NULL; |
8d1ebff4 | 2088 | |
30bea14b | 2089 | if (!TEST_int_eq(parseBN(&bn, "abctrailing garbage is ignored"), 3) |
dc352c19 P |
2090 | || !TEST_BN_eq_word(bn, 0xabc) |
2091 | || !TEST_BN_ge_zero(bn) | |
2092 | || !TEST_BN_gt_zero(bn) | |
2093 | || !TEST_BN_ne_zero(bn) | |
2094 | || !TEST_BN_even(bn)) | |
8d1ebff4 | 2095 | goto err; |
8d1ebff4 RS |
2096 | st = 1; |
2097 | ||
fe16ae5f | 2098 | err: |
8d1ebff4 RS |
2099 | BN_free(bn); |
2100 | return st; | |
2101 | } | |
2102 | ||
31a80694 | 2103 | static int test_asc2bn(void) |
8d1ebff4 | 2104 | { |
30bea14b | 2105 | BIGNUM *bn = NULL; |
8d1ebff4 RS |
2106 | int st = 0; |
2107 | ||
30bea14b | 2108 | if (!TEST_ptr(bn = BN_new())) |
8d1ebff4 | 2109 | goto err; |
8d1ebff4 | 2110 | |
30bea14b | 2111 | if (!TEST_true(BN_asc2bn(&bn, "0")) |
dc352c19 P |
2112 | || !TEST_BN_eq_zero(bn) |
2113 | || !TEST_BN_ge_zero(bn)) | |
8d1ebff4 | 2114 | goto err; |
8d1ebff4 | 2115 | |
30bea14b | 2116 | if (!TEST_true(BN_asc2bn(&bn, "256")) |
dc352c19 P |
2117 | || !TEST_BN_eq_word(bn, 256) |
2118 | || !TEST_BN_ge_zero(bn)) | |
8d1ebff4 | 2119 | goto err; |
8d1ebff4 | 2120 | |
30bea14b | 2121 | if (!TEST_true(BN_asc2bn(&bn, "-42")) |
dc352c19 P |
2122 | || !TEST_BN_abs_eq_word(bn, 42) |
2123 | || !TEST_BN_lt_zero(bn)) | |
8d1ebff4 | 2124 | goto err; |
8d1ebff4 | 2125 | |
30bea14b | 2126 | if (!TEST_true(BN_asc2bn(&bn, "0x1234")) |
dc352c19 P |
2127 | || !TEST_BN_eq_word(bn, 0x1234) |
2128 | || !TEST_BN_ge_zero(bn)) | |
8d1ebff4 | 2129 | goto err; |
8d1ebff4 | 2130 | |
30bea14b | 2131 | if (!TEST_true(BN_asc2bn(&bn, "0X1234")) |
dc352c19 P |
2132 | || !TEST_BN_eq_word(bn, 0x1234) |
2133 | || !TEST_BN_ge_zero(bn)) | |
8d1ebff4 | 2134 | goto err; |
8d1ebff4 | 2135 | |
30bea14b | 2136 | if (!TEST_true(BN_asc2bn(&bn, "-0xabcd")) |
dc352c19 P |
2137 | || !TEST_BN_abs_eq_word(bn, 0xabcd) |
2138 | || !TEST_BN_lt_zero(bn)) | |
8d1ebff4 | 2139 | goto err; |
8d1ebff4 | 2140 | |
30bea14b | 2141 | if (!TEST_true(BN_asc2bn(&bn, "-0")) |
dc352c19 P |
2142 | || !TEST_BN_eq_zero(bn) |
2143 | || !TEST_BN_ge_zero(bn)) | |
30bea14b RS |
2144 | goto err; |
2145 | ||
2146 | if (!TEST_true(BN_asc2bn(&bn, "123trailing garbage is ignored")) | |
dc352c19 P |
2147 | || !TEST_BN_eq_word(bn, 123) |
2148 | || !TEST_BN_ge_zero(bn)) | |
8d1ebff4 | 2149 | goto err; |
8d1ebff4 RS |
2150 | |
2151 | st = 1; | |
fe16ae5f | 2152 | err: |
8d1ebff4 RS |
2153 | BN_free(bn); |
2154 | return st; | |
2155 | } | |
2156 | ||
2157 | static const MPITEST kMPITests[] = { | |
2158 | {"0", "\x00\x00\x00\x00", 4}, | |
2159 | {"1", "\x00\x00\x00\x01\x01", 5}, | |
2160 | {"-1", "\x00\x00\x00\x01\x81", 5}, | |
2161 | {"128", "\x00\x00\x00\x02\x00\x80", 6}, | |
2162 | {"256", "\x00\x00\x00\x02\x01\x00", 6}, | |
2163 | {"-256", "\x00\x00\x00\x02\x81\x00", 6}, | |
2164 | }; | |
2165 | ||
30bea14b | 2166 | static int test_mpi(int i) |
8d1ebff4 RS |
2167 | { |
2168 | uint8_t scratch[8]; | |
30bea14b | 2169 | const MPITEST *test = &kMPITests[i]; |
8d1ebff4 | 2170 | size_t mpi_len, mpi_len2; |
30bea14b | 2171 | BIGNUM *bn = NULL; |
8d1ebff4 RS |
2172 | BIGNUM *bn2 = NULL; |
2173 | int st = 0; | |
2174 | ||
30bea14b RS |
2175 | if (!TEST_ptr(bn = BN_new()) |
2176 | || !TEST_true(BN_asc2bn(&bn, test->base10))) | |
2177 | goto err; | |
2178 | mpi_len = BN_bn2mpi(bn, NULL); | |
2179 | if (!TEST_size_t_le(mpi_len, sizeof(scratch))) | |
2180 | goto err; | |
8d1ebff4 | 2181 | |
30bea14b RS |
2182 | if (!TEST_size_t_eq(mpi_len2 = BN_bn2mpi(bn, scratch), mpi_len) |
2183 | || !TEST_mem_eq(test->mpi, test->mpi_len, scratch, mpi_len)) | |
2184 | goto err; | |
8d1ebff4 | 2185 | |
30bea14b RS |
2186 | if (!TEST_ptr(bn2 = BN_mpi2bn(scratch, mpi_len, NULL))) |
2187 | goto err; | |
8d1ebff4 | 2188 | |
dc352c19 | 2189 | if (!TEST_BN_eq(bn, bn2)) { |
8d1ebff4 | 2190 | BN_free(bn2); |
30bea14b | 2191 | goto err; |
8d1ebff4 | 2192 | } |
30bea14b | 2193 | BN_free(bn2); |
8d1ebff4 RS |
2194 | |
2195 | st = 1; | |
fe16ae5f | 2196 | err: |
8d1ebff4 RS |
2197 | BN_free(bn); |
2198 | return st; | |
0f113f3e | 2199 | } |
bdec3c53 | 2200 | |
31a80694 | 2201 | static int test_rand(void) |
0f113f3e | 2202 | { |
30bea14b | 2203 | BIGNUM *bn = NULL; |
8d1ebff4 | 2204 | int st = 0; |
0f113f3e | 2205 | |
30bea14b | 2206 | if (!TEST_ptr(bn = BN_new())) |
8d1ebff4 | 2207 | return 0; |
0f113f3e | 2208 | |
30bea14b RS |
2209 | /* Test BN_rand for degenerate cases with |top| and |bottom| parameters. */ |
2210 | if (!TEST_false(BN_rand(bn, 0, 0 /* top */ , 0 /* bottom */ )) | |
2211 | || !TEST_false(BN_rand(bn, 0, 1 /* top */ , 1 /* bottom */ )) | |
2212 | || !TEST_true(BN_rand(bn, 1, 0 /* top */ , 0 /* bottom */ )) | |
dc352c19 | 2213 | || !TEST_BN_eq_one(bn) |
30bea14b RS |
2214 | || !TEST_false(BN_rand(bn, 1, 1 /* top */ , 0 /* bottom */ )) |
2215 | || !TEST_true(BN_rand(bn, 1, -1 /* top */ , 1 /* bottom */ )) | |
dc352c19 | 2216 | || !TEST_BN_eq_one(bn) |
30bea14b | 2217 | || !TEST_true(BN_rand(bn, 2, 1 /* top */ , 0 /* bottom */ )) |
dc352c19 | 2218 | || !TEST_BN_eq_word(bn, 3)) |
8d1ebff4 | 2219 | goto err; |
0f113f3e | 2220 | |
8d1ebff4 | 2221 | st = 1; |
fe16ae5f | 2222 | err: |
8d1ebff4 RS |
2223 | BN_free(bn); |
2224 | return st; | |
2225 | } | |
2226 | ||
bb5b3e6d P |
2227 | /* |
2228 | * Run some statistical tests to provide a degree confidence that the | |
5d2f3e4a P |
2229 | * BN_rand_range() function works as expected. The test cases and |
2230 | * critical values are generated by the bn_rand_range script. | |
bb5b3e6d | 2231 | * |
5d2f3e4a P |
2232 | * Each individual test is a Chi^2 goodness of fit for a specified number |
2233 | * of samples and range. The samples are assumed to be independent and | |
2234 | * that they are from a discrete uniform distribution. | |
bb5b3e6d | 2235 | * |
5d2f3e4a P |
2236 | * Some of these individual tests are expected to fail, the success/failure |
2237 | * of each is an independent Bernoulli trial. The number of such successes | |
2238 | * will form a binomial distribution. The count of the successes is compared | |
2239 | * against a precomputed critical value to determine the overall outcome. | |
bb5b3e6d | 2240 | */ |
5d2f3e4a | 2241 | struct rand_range_case { |
bb5b3e6d P |
2242 | unsigned int range; |
2243 | unsigned int iterations; | |
2244 | double critical; | |
bb5b3e6d P |
2245 | }; |
2246 | ||
5d2f3e4a P |
2247 | #include "bn_rand_range.h" |
2248 | ||
2249 | static int test_rand_range_single(size_t n) | |
bb5b3e6d P |
2250 | { |
2251 | const unsigned int range = rand_range_cases[n].range; | |
2252 | const unsigned int iterations = rand_range_cases[n].iterations; | |
2253 | const double critical = rand_range_cases[n].critical; | |
2254 | const double expected = iterations / (double)range; | |
2255 | double sum = 0; | |
2256 | BIGNUM *rng = NULL, *val = NULL; | |
2257 | size_t *counts; | |
2258 | unsigned int i, v; | |
2259 | int res = 0; | |
2260 | ||
2261 | if (!TEST_ptr(counts = OPENSSL_zalloc(sizeof(*counts) * range)) | |
2262 | || !TEST_ptr(rng = BN_new()) | |
2263 | || !TEST_ptr(val = BN_new()) | |
2264 | || !TEST_true(BN_set_word(rng, range))) | |
2265 | goto err; | |
2266 | for (i = 0; i < iterations; i++) { | |
2267 | if (!TEST_true(BN_rand_range(val, rng)) | |
2268 | || !TEST_uint_lt(v = (unsigned int)BN_get_word(val), range)) | |
2269 | goto err; | |
2270 | counts[v]++; | |
2271 | } | |
2272 | ||
bb5b3e6d P |
2273 | for (i = 0; i < range; i++) { |
2274 | const double delta = counts[i] - expected; | |
2275 | sum += delta * delta; | |
2276 | } | |
2277 | sum /= expected; | |
bb5b3e6d | 2278 | |
5d2f3e4a P |
2279 | if (sum > critical) { |
2280 | TEST_info("Chi^2 test negative %.4f > %4.f", sum, critical); | |
2281 | TEST_note("test case %zu range %u iterations %u", n + 1, range, | |
2282 | iterations); | |
2283 | goto err; | |
2284 | } | |
2285 | ||
2286 | res = 1; | |
bb5b3e6d P |
2287 | err: |
2288 | BN_free(rng); | |
2289 | BN_free(val); | |
2290 | OPENSSL_free(counts); | |
2291 | return res; | |
2292 | } | |
2293 | ||
5d2f3e4a P |
2294 | static int test_rand_range(void) |
2295 | { | |
2296 | int n_success = 0; | |
2297 | size_t i; | |
2298 | ||
2299 | for (i = 0; i < OSSL_NELEM(rand_range_cases); i++) | |
2300 | n_success += test_rand_range_single(i); | |
2301 | if (TEST_int_ge(n_success, binomial_critical)) | |
2302 | return 1; | |
79c44b4e | 2303 | TEST_note("This test is expected to fail by chance 0.01%% of the time."); |
5d2f3e4a P |
2304 | return 0; |
2305 | } | |
2306 | ||
31a80694 | 2307 | static int test_negzero(void) |
8d1ebff4 | 2308 | { |
30bea14b | 2309 | BIGNUM *a = NULL, *b = NULL, *c = NULL, *d = NULL; |
8d1ebff4 RS |
2310 | BIGNUM *numerator = NULL, *denominator = NULL; |
2311 | int consttime, st = 0; | |
2312 | ||
30bea14b RS |
2313 | if (!TEST_ptr(a = BN_new()) |
2314 | || !TEST_ptr(b = BN_new()) | |
2315 | || !TEST_ptr(c = BN_new()) | |
2316 | || !TEST_ptr(d = BN_new())) | |
8d1ebff4 RS |
2317 | goto err; |
2318 | ||
2319 | /* Test that BN_mul never gives negative zero. */ | |
30bea14b | 2320 | if (!TEST_true(BN_set_word(a, 1))) |
8d1ebff4 RS |
2321 | goto err; |
2322 | BN_set_negative(a, 1); | |
2323 | BN_zero(b); | |
30bea14b | 2324 | if (!TEST_true(BN_mul(c, a, b, ctx))) |
8d1ebff4 | 2325 | goto err; |
dc352c19 P |
2326 | if (!TEST_BN_eq_zero(c) |
2327 | || !TEST_BN_ge_zero(c)) | |
8d1ebff4 | 2328 | goto err; |
8d1ebff4 RS |
2329 | |
2330 | for (consttime = 0; consttime < 2; consttime++) { | |
30bea14b RS |
2331 | if (!TEST_ptr(numerator = BN_new()) |
2332 | || !TEST_ptr(denominator = BN_new())) | |
0f113f3e | 2333 | goto err; |
8d1ebff4 RS |
2334 | if (consttime) { |
2335 | BN_set_flags(numerator, BN_FLG_CONSTTIME); | |
2336 | BN_set_flags(denominator, BN_FLG_CONSTTIME); | |
2337 | } | |
2338 | /* Test that BN_div never gives negative zero in the quotient. */ | |
30bea14b RS |
2339 | if (!TEST_true(BN_set_word(numerator, 1)) |
2340 | || !TEST_true(BN_set_word(denominator, 2))) | |
0f113f3e | 2341 | goto err; |
8d1ebff4 | 2342 | BN_set_negative(numerator, 1); |
30bea14b | 2343 | if (!TEST_true(BN_div(a, b, numerator, denominator, ctx)) |
dc352c19 P |
2344 | || !TEST_BN_eq_zero(a) |
2345 | || !TEST_BN_ge_zero(a)) | |
0f113f3e | 2346 | goto err; |
0f113f3e | 2347 | |
8d1ebff4 | 2348 | /* Test that BN_div never gives negative zero in the remainder. */ |
30bea14b RS |
2349 | if (!TEST_true(BN_set_word(denominator, 1)) |
2350 | || !TEST_true(BN_div(a, b, numerator, denominator, ctx)) | |
dc352c19 P |
2351 | || !TEST_BN_eq_zero(b) |
2352 | || !TEST_BN_ge_zero(b)) | |
0f113f3e | 2353 | goto err; |
8d1ebff4 RS |
2354 | BN_free(numerator); |
2355 | BN_free(denominator); | |
2356 | numerator = denominator = NULL; | |
2357 | } | |
0f113f3e | 2358 | |
8d1ebff4 RS |
2359 | /* Test that BN_set_negative will not produce a negative zero. */ |
2360 | BN_zero(a); | |
2361 | BN_set_negative(a, 1); | |
30bea14b | 2362 | if (BN_is_negative(a)) |
8d1ebff4 | 2363 | goto err; |
8d1ebff4 | 2364 | st = 1; |
30bea14b | 2365 | |
fe16ae5f | 2366 | err: |
23a1d5e9 RS |
2367 | BN_free(a); |
2368 | BN_free(b); | |
8d1ebff4 RS |
2369 | BN_free(c); |
2370 | BN_free(d); | |
2371 | BN_free(numerator); | |
2372 | BN_free(denominator); | |
2373 | return st; | |
0f113f3e | 2374 | } |
c7820896 | 2375 | |
31a80694 | 2376 | static int test_badmod(void) |
0f113f3e | 2377 | { |
30bea14b RS |
2378 | BIGNUM *a = NULL, *b = NULL, *zero = NULL; |
2379 | BN_MONT_CTX *mont = NULL; | |
8d1ebff4 | 2380 | int st = 0; |
0f113f3e | 2381 | |
30bea14b RS |
2382 | if (!TEST_ptr(a = BN_new()) |
2383 | || !TEST_ptr(b = BN_new()) | |
2384 | || !TEST_ptr(zero = BN_new()) | |
2385 | || !TEST_ptr(mont = BN_MONT_CTX_new())) | |
0f113f3e | 2386 | goto err; |
8d1ebff4 | 2387 | BN_zero(zero); |
0f113f3e | 2388 | |
30bea14b | 2389 | if (!TEST_false(BN_div(a, b, BN_value_one(), zero, ctx))) |
8d1ebff4 | 2390 | goto err; |
8d1ebff4 | 2391 | ERR_clear_error(); |
0f113f3e | 2392 | |
30bea14b | 2393 | if (!TEST_false(BN_mod_mul(a, BN_value_one(), BN_value_one(), zero, ctx))) |
8d1ebff4 | 2394 | goto err; |
8d1ebff4 | 2395 | ERR_clear_error(); |
0f113f3e | 2396 | |
30bea14b | 2397 | if (!TEST_false(BN_mod_exp(a, BN_value_one(), BN_value_one(), zero, ctx))) |
8d1ebff4 | 2398 | goto err; |
8d1ebff4 | 2399 | ERR_clear_error(); |
0f113f3e | 2400 | |
30bea14b RS |
2401 | if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), |
2402 | zero, ctx, NULL))) | |
8d1ebff4 | 2403 | goto err; |
8d1ebff4 | 2404 | ERR_clear_error(); |
0f113f3e | 2405 | |
30bea14b | 2406 | if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), |
fe16ae5f | 2407 | zero, ctx, NULL))) |
8d1ebff4 | 2408 | goto err; |
8d1ebff4 | 2409 | ERR_clear_error(); |
0f113f3e | 2410 | |
30bea14b | 2411 | if (!TEST_false(BN_MONT_CTX_set(mont, zero, ctx))) |
8d1ebff4 | 2412 | goto err; |
8d1ebff4 | 2413 | ERR_clear_error(); |
0f113f3e | 2414 | |
8d1ebff4 | 2415 | /* Some operations also may not be used with an even modulus. */ |
30bea14b | 2416 | if (!TEST_true(BN_set_word(b, 16))) |
8d1ebff4 | 2417 | goto err; |
0f113f3e | 2418 | |
30bea14b | 2419 | if (!TEST_false(BN_MONT_CTX_set(mont, b, ctx))) |
8d1ebff4 | 2420 | goto err; |
8d1ebff4 | 2421 | ERR_clear_error(); |
0f113f3e | 2422 | |
30bea14b RS |
2423 | if (!TEST_false(BN_mod_exp_mont(a, BN_value_one(), BN_value_one(), |
2424 | b, ctx, NULL))) | |
8d1ebff4 | 2425 | goto err; |
8d1ebff4 RS |
2426 | ERR_clear_error(); |
2427 | ||
30bea14b | 2428 | if (!TEST_false(BN_mod_exp_mont_consttime(a, BN_value_one(), BN_value_one(), |
fe16ae5f | 2429 | b, ctx, NULL))) |
8d1ebff4 | 2430 | goto err; |
8d1ebff4 RS |
2431 | ERR_clear_error(); |
2432 | ||
2433 | st = 1; | |
fe16ae5f | 2434 | err: |
23a1d5e9 | 2435 | BN_free(a); |
8d1ebff4 RS |
2436 | BN_free(b); |
2437 | BN_free(zero); | |
2438 | BN_MONT_CTX_free(mont); | |
2439 | return st; | |
0f113f3e MC |
2440 | } |
2441 | ||
31a80694 | 2442 | static int test_expmodzero(void) |
0f113f3e | 2443 | { |
30bea14b | 2444 | BIGNUM *a = NULL, *r = NULL, *zero = NULL; |
8d1ebff4 | 2445 | int st = 0; |
0f113f3e | 2446 | |
30bea14b RS |
2447 | if (!TEST_ptr(zero = BN_new()) |
2448 | || !TEST_ptr(a = BN_new()) | |
2449 | || !TEST_ptr(r = BN_new())) | |
0f113f3e | 2450 | goto err; |
8d1ebff4 RS |
2451 | BN_zero(zero); |
2452 | ||
30bea14b | 2453 | if (!TEST_true(BN_mod_exp(r, a, zero, BN_value_one(), NULL)) |
dc352c19 | 2454 | || !TEST_BN_eq_zero(r) |
30bea14b RS |
2455 | || !TEST_true(BN_mod_exp_mont(r, a, zero, BN_value_one(), |
2456 | NULL, NULL)) | |
dc352c19 | 2457 | || !TEST_BN_eq_zero(r) |
30bea14b RS |
2458 | || !TEST_true(BN_mod_exp_mont_consttime(r, a, zero, |
2459 | BN_value_one(), | |
2460 | NULL, NULL)) | |
dc352c19 | 2461 | || !TEST_BN_eq_zero(r) |
30bea14b RS |
2462 | || !TEST_true(BN_mod_exp_mont_word(r, 42, zero, |
2463 | BN_value_one(), NULL, NULL)) | |
dc352c19 | 2464 | || !TEST_BN_eq_zero(r)) |
0f113f3e | 2465 | goto err; |
0f113f3e | 2466 | |
8d1ebff4 | 2467 | st = 1; |
fe16ae5f | 2468 | err: |
8d1ebff4 RS |
2469 | BN_free(zero); |
2470 | BN_free(a); | |
2471 | BN_free(r); | |
2472 | return st; | |
0f113f3e MC |
2473 | } |
2474 | ||
adf65243 MC |
2475 | static int test_expmodone(void) |
2476 | { | |
2477 | int ret = 0, i; | |
2478 | BIGNUM *r = BN_new(); | |
2479 | BIGNUM *a = BN_new(); | |
2480 | BIGNUM *p = BN_new(); | |
2481 | BIGNUM *m = BN_new(); | |
2482 | ||
2483 | if (!TEST_ptr(r) | |
2484 | || !TEST_ptr(a) | |
2485 | || !TEST_ptr(p) | |
2486 | || !TEST_ptr(p) | |
2487 | || !TEST_ptr(m) | |
2488 | || !TEST_true(BN_set_word(a, 1)) | |
2489 | || !TEST_true(BN_set_word(p, 0)) | |
2490 | || !TEST_true(BN_set_word(m, 1))) | |
2491 | goto err; | |
2492 | ||
2493 | /* Calculate r = 1 ^ 0 mod 1, and check the result is always 0 */ | |
2494 | for (i = 0; i < 2; i++) { | |
2495 | if (!TEST_true(BN_mod_exp(r, a, p, m, NULL)) | |
2496 | || !TEST_BN_eq_zero(r) | |
2497 | || !TEST_true(BN_mod_exp_mont(r, a, p, m, NULL, NULL)) | |
2498 | || !TEST_BN_eq_zero(r) | |
2499 | || !TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, NULL, NULL)) | |
2500 | || !TEST_BN_eq_zero(r) | |
2501 | || !TEST_true(BN_mod_exp_mont_word(r, 1, p, m, NULL, NULL)) | |
2502 | || !TEST_BN_eq_zero(r) | |
2503 | || !TEST_true(BN_mod_exp_simple(r, a, p, m, NULL)) | |
2504 | || !TEST_BN_eq_zero(r) | |
2505 | || !TEST_true(BN_mod_exp_recp(r, a, p, m, NULL)) | |
2506 | || !TEST_BN_eq_zero(r)) | |
2507 | goto err; | |
2508 | /* Repeat for r = 1 ^ 0 mod -1 */ | |
2509 | if (i == 0) | |
2510 | BN_set_negative(m, 1); | |
2511 | } | |
2512 | ||
2513 | ret = 1; | |
fe16ae5f | 2514 | err: |
adf65243 MC |
2515 | BN_free(r); |
2516 | BN_free(a); | |
2517 | BN_free(p); | |
2518 | BN_free(m); | |
2519 | return ret; | |
2520 | } | |
2521 | ||
291f616c | 2522 | static int test_smallprime(int kBits) |
8ff70f33 | 2523 | { |
30bea14b | 2524 | BIGNUM *r; |
8d1ebff4 | 2525 | int st = 0; |
8ff70f33 | 2526 | |
291f616c BE |
2527 | if (!TEST_ptr(r = BN_new())) |
2528 | goto err; | |
2529 | ||
2530 | if (kBits <= 1) { | |
2531 | if (!TEST_false(BN_generate_prime_ex(r, kBits, 0, | |
2532 | NULL, NULL, NULL))) | |
2533 | goto err; | |
2534 | } else { | |
2535 | if (!TEST_true(BN_generate_prime_ex(r, kBits, 0, | |
2536 | NULL, NULL, NULL)) | |
2537 | || !TEST_int_eq(BN_num_bits(r), kBits)) | |
2538 | goto err; | |
2539 | } | |
2540 | ||
2541 | st = 1; | |
2542 | err: | |
2543 | BN_free(r); | |
2544 | return st; | |
2545 | } | |
2546 | ||
2547 | static int test_smallsafeprime(int kBits) | |
2548 | { | |
2549 | BIGNUM *r; | |
2550 | int st = 0; | |
2551 | ||
2552 | if (!TEST_ptr(r = BN_new())) | |
8d1ebff4 | 2553 | goto err; |
8ff70f33 | 2554 | |
291f616c BE |
2555 | if (kBits <= 5 && kBits != 3) { |
2556 | if (!TEST_false(BN_generate_prime_ex(r, kBits, 1, | |
2557 | NULL, NULL, NULL))) | |
2558 | goto err; | |
2559 | } else { | |
2560 | if (!TEST_true(BN_generate_prime_ex(r, kBits, 1, | |
2561 | NULL, NULL, NULL)) | |
2562 | || !TEST_int_eq(BN_num_bits(r), kBits)) | |
2563 | goto err; | |
2564 | } | |
2565 | ||
8d1ebff4 | 2566 | st = 1; |
fe16ae5f | 2567 | err: |
8d1ebff4 RS |
2568 | BN_free(r); |
2569 | return st; | |
2570 | } | |
8ff70f33 | 2571 | |
7d79d13a SL |
2572 | static int primes[] = { 2, 3, 5, 7, 17863 }; |
2573 | ||
2574 | static int test_is_prime(int i) | |
6e64c560 AL |
2575 | { |
2576 | int ret = 0; | |
30bea14b | 2577 | BIGNUM *r = NULL; |
7d79d13a | 2578 | int trial; |
6e64c560 | 2579 | |
7d79d13a | 2580 | if (!TEST_ptr(r = BN_new())) |
6e64c560 | 2581 | goto err; |
6e64c560 | 2582 | |
7d79d13a SL |
2583 | for (trial = 0; trial <= 1; ++trial) { |
2584 | if (!TEST_true(BN_set_word(r, primes[i])) | |
42619397 | 2585 | || !TEST_int_eq(BN_check_prime(r, ctx, NULL), |
7d79d13a SL |
2586 | 1)) |
2587 | goto err; | |
2588 | } | |
2589 | ||
6e64c560 | 2590 | ret = 1; |
fe16ae5f | 2591 | err: |
7d79d13a SL |
2592 | BN_free(r); |
2593 | return ret; | |
2594 | } | |
6e64c560 | 2595 | |
7d79d13a SL |
2596 | static int not_primes[] = { -1, 0, 1, 4 }; |
2597 | ||
2598 | static int test_not_prime(int i) | |
2599 | { | |
2600 | int ret = 0; | |
2601 | BIGNUM *r = NULL; | |
2602 | int trial; | |
2603 | ||
2604 | if (!TEST_ptr(r = BN_new())) | |
2605 | goto err; | |
2606 | ||
2607 | for (trial = 0; trial <= 1; ++trial) { | |
2608 | if (!TEST_true(BN_set_word(r, not_primes[i])) | |
42619397 | 2609 | || !TEST_false(BN_check_prime(r, ctx, NULL))) |
7d79d13a SL |
2610 | goto err; |
2611 | } | |
2612 | ||
2613 | ret = 1; | |
fe16ae5f | 2614 | err: |
6e64c560 AL |
2615 | BN_free(r); |
2616 | return ret; | |
2617 | } | |
2618 | ||
fe16ae5f NT |
2619 | static int test_ctx_set_ct_flag(BN_CTX *c) |
2620 | { | |
2621 | int st = 0; | |
2622 | size_t i; | |
2623 | BIGNUM *b[15]; | |
2624 | ||
2625 | BN_CTX_start(c); | |
2626 | for (i = 0; i < OSSL_NELEM(b); i++) { | |
2627 | if (!TEST_ptr(b[i] = BN_CTX_get(c))) | |
2628 | goto err; | |
2629 | if (i % 2 == 1) | |
2630 | BN_set_flags(b[i], BN_FLG_CONSTTIME); | |
2631 | } | |
2632 | ||
2633 | st = 1; | |
2634 | err: | |
2635 | BN_CTX_end(c); | |
2636 | return st; | |
2637 | } | |
2638 | ||
2639 | static int test_ctx_check_ct_flag(BN_CTX *c) | |
2640 | { | |
2641 | int st = 0; | |
2642 | size_t i; | |
2643 | BIGNUM *b[30]; | |
2644 | ||
2645 | BN_CTX_start(c); | |
2646 | for (i = 0; i < OSSL_NELEM(b); i++) { | |
2647 | if (!TEST_ptr(b[i] = BN_CTX_get(c))) | |
2648 | goto err; | |
2649 | if (!TEST_false(BN_get_flags(b[i], BN_FLG_CONSTTIME))) | |
2650 | goto err; | |
2651 | } | |
2652 | ||
2653 | st = 1; | |
2654 | err: | |
2655 | BN_CTX_end(c); | |
2656 | return st; | |
2657 | } | |
2658 | ||
2659 | static int test_ctx_consttime_flag(void) | |
2660 | { | |
2661 | /*- | |
2662 | * The constant-time flag should not "leak" among BN_CTX frames: | |
2663 | * | |
2664 | * - test_ctx_set_ct_flag() starts a frame in the given BN_CTX and | |
2665 | * sets the BN_FLG_CONSTTIME flag on some of the BIGNUMs obtained | |
2666 | * from the frame before ending it. | |
2667 | * - test_ctx_check_ct_flag() then starts a new frame and gets a | |
2668 | * number of BIGNUMs from it. In absence of leaks, none of the | |
2669 | * BIGNUMs in the new frame should have BN_FLG_CONSTTIME set. | |
2670 | * | |
2671 | * In actual BN_CTX usage inside libcrypto the leak could happen at | |
2672 | * any depth level in the BN_CTX stack, with varying results | |
2673 | * depending on the patterns of sibling trees of nested function | |
2674 | * calls sharing the same BN_CTX object, and the effect of | |
2675 | * unintended BN_FLG_CONSTTIME on the called BN_* functions. | |
2676 | * | |
2677 | * This simple unit test abstracts away this complexity and verifies | |
2678 | * that the leak does not happen between two sibling functions | |
2679 | * sharing the same BN_CTX object at the same level of nesting. | |
2680 | * | |
2681 | */ | |
2682 | BN_CTX *nctx = NULL; | |
2683 | BN_CTX *sctx = NULL; | |
2684 | size_t i = 0; | |
2685 | int st = 0; | |
2686 | ||
2687 | if (!TEST_ptr(nctx = BN_CTX_new()) | |
2688 | || !TEST_ptr(sctx = BN_CTX_secure_new())) | |
2689 | goto err; | |
2690 | ||
2691 | for (i = 0; i < 2; i++) { | |
2692 | BN_CTX *c = i == 0 ? nctx : sctx; | |
2693 | if (!TEST_true(test_ctx_set_ct_flag(c)) | |
2694 | || !TEST_true(test_ctx_check_ct_flag(c))) | |
2695 | goto err; | |
2696 | } | |
2697 | ||
2698 | st = 1; | |
2699 | err: | |
2700 | BN_CTX_free(nctx); | |
2701 | BN_CTX_free(sctx); | |
2702 | return st; | |
2703 | } | |
2704 | ||
b75d6310 CPG |
2705 | static int test_gcd_prime(void) |
2706 | { | |
2707 | BIGNUM *a = NULL, *b = NULL, *gcd = NULL; | |
2708 | int i, st = 0; | |
2709 | ||
2710 | if (!TEST_ptr(a = BN_new()) | |
2711 | || !TEST_ptr(b = BN_new()) | |
2712 | || !TEST_ptr(gcd = BN_new())) | |
2713 | goto err; | |
2714 | ||
2715 | if (!TEST_true(BN_generate_prime_ex(a, 1024, 0, NULL, NULL, NULL))) | |
2716 | goto err; | |
2717 | for (i = 0; i < NUM0; i++) { | |
2718 | if (!TEST_true(BN_generate_prime_ex(b, 1024, 0, | |
2719 | NULL, NULL, NULL)) | |
2720 | || !TEST_true(BN_gcd(gcd, a, b, ctx)) | |
2721 | || !TEST_true(BN_is_one(gcd))) | |
2722 | goto err; | |
2723 | } | |
2724 | ||
2725 | st = 1; | |
2726 | err: | |
2727 | BN_free(a); | |
2728 | BN_free(b); | |
2729 | BN_free(gcd); | |
2730 | return st; | |
2731 | } | |
2732 | ||
18d42d8d BE |
2733 | typedef struct mod_exp_test_st |
2734 | { | |
2735 | const char *base; | |
2736 | const char *exp; | |
2737 | const char *mod; | |
2738 | const char *res; | |
2739 | } MOD_EXP_TEST; | |
2740 | ||
2741 | static const MOD_EXP_TEST ModExpTests[] = { | |
2742 | /* original test vectors for rsaz_512_sqr bug, by OSS-Fuzz */ | |
2743 | { | |
2744 | "1166180238001879113042182292626169621106255558914000595999312084" | |
2745 | "4627946820899490684928760491249738643524880720584249698100907201" | |
2746 | "002086675047927600340800371", | |
2747 | "8000000000000000000000000000000000000000000000000000000000000000" | |
2748 | "0000000000000000000000000000000000000000000000000000000000000000" | |
2749 | "00000000", | |
2750 | "1340780792684523720980737645613191762604395855615117867483316354" | |
2751 | "3294276330515137663421134775482798690129946803802212663956180562" | |
2752 | "088664022929883876655300863", | |
2753 | "8243904058268085430037326628480645845409758077568738532059032482" | |
2754 | "8294114415890603594730158120426756266457928475330450251339773498" | |
2755 | "26758407619521544102068438" | |
2756 | }, | |
2757 | { | |
2758 | "4974270041410803822078866696159586946995877618987010219312844726" | |
2759 | "0284386121835740784990869050050504348861513337232530490826340663" | |
2760 | "197278031692737429054", | |
2761 | "4974270041410803822078866696159586946995877428188754995041148539" | |
2762 | "1663243362592271353668158565195557417149981094324650322556843202" | |
2763 | "946445882670777892608", | |
2764 | "1340780716511420227215592830971452482815377482627251725537099028" | |
2765 | "4429769497230131760206012644403029349547320953206103351725462999" | |
2766 | "947509743623340557059752191", | |
2767 | "5296244594780707015616522701706118082963369547253192207884519362" | |
2768 | "1767869984947542695665420219028522815539559194793619684334900442" | |
2769 | "49304558011362360473525933" | |
2770 | }, | |
2771 | /* test vectors for rsaz_512_srq bug, with rcx/rbx=1 */ | |
2772 | { /* between first and second iteration */ | |
2773 | "5148719036160389201525610950887605325980251964889646556085286545" | |
2774 | "3931548809178823413169359635978762036512397113080988070677858033" | |
2775 | "36463909753993540214027190", | |
2776 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2777 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2778 | "05973284973216824503042158", | |
2779 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2780 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2781 | "05973284973216824503042159", | |
2782 | "1" | |
2783 | }, | |
2784 | { /* between second and third iteration */ | |
2785 | "8908340854353752577419678771330460827942371434853054158622636544" | |
2786 | "8151360109722890949471912566649465436296659601091730745087014189" | |
2787 | "2672764191218875181826063", | |
2788 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2789 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2790 | "05973284973216824503042158", | |
2791 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2792 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2793 | "05973284973216824503042159", | |
2794 | "1" | |
2795 | }, | |
2796 | { /* between third and fourth iteration */ | |
2797 | "3427446396505596330634350984901719674479522569002785244080234738" | |
2798 | "4288743635435746136297299366444548736533053717416735379073185344" | |
2799 | "26985272974404612945608761", | |
2800 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2801 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2802 | "05973284973216824503042158", | |
2803 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2804 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2805 | "05973284973216824503042159", | |
2806 | "1" | |
2807 | }, | |
2808 | { /* between fourth and fifth iteration */ | |
2809 | "3472743044917564564078857826111874560045331237315597383869652985" | |
2810 | "6919870028890895988478351133601517365908445058405433832718206902" | |
2811 | "4088133164805266956353542", | |
2812 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2813 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2814 | "05973284973216824503042158", | |
2815 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2816 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2817 | "05973284973216824503042159", | |
2818 | "1" | |
2819 | }, | |
2820 | { /* between fifth and sixth iteration */ | |
2821 | "3608632990153469264412378349742339216742409743898601587274768025" | |
2822 | "0110772032985643555192767717344946174122842255204082586753499651" | |
2823 | "14483434992887431333675068", | |
2824 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2825 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2826 | "05973284973216824503042158", | |
2827 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2828 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2829 | "05973284973216824503042159", | |
2830 | "1" | |
2831 | }, | |
2832 | { /* between sixth and seventh iteration */ | |
2833 | "8455374370234070242910508226941981520235709767260723212165264877" | |
2834 | "8689064388017521524568434328264431772644802567028663962962025746" | |
2835 | "9283458217850119569539086", | |
2836 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2837 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2838 | "05973284973216824503042158", | |
2839 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2840 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2841 | "05973284973216824503042159", | |
2842 | "1" | |
2843 | }, | |
2844 | { /* between seventh and eighth iteration */ | |
2845 | "5155371529688532178421209781159131443543419764974688878527112131" | |
2846 | "7446518205609427412336183157918981038066636807317733319323257603" | |
2847 | "04416292040754017461076359", | |
2848 | "1005585594745694782468051874865438459560952436544429503329267108" | |
2849 | "2791323022555160232601405723625177570767523893639864538140315412" | |
2850 | "108959927459825236754563832", | |
2851 | "1005585594745694782468051874865438459560952436544429503329267108" | |
2852 | "2791323022555160232601405723625177570767523893639864538140315412" | |
2853 | "108959927459825236754563833", | |
2854 | "1" | |
2855 | }, | |
2856 | /* test vectors for rsaz_512_srq bug, with rcx/rbx=2 */ | |
2857 | { /* between first and second iteration */ | |
2858 | "3155666506033786929967309937640790361084670559125912405342594979" | |
2859 | "4345142818528956285490897841406338022378565972533508820577760065" | |
2860 | "58494345853302083699912572", | |
2861 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2862 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2863 | "05973284973216824503042158", | |
2864 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2865 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2866 | "05973284973216824503042159", | |
2867 | "1" | |
2868 | }, | |
2869 | { /* between second and third iteration */ | |
2870 | "3789819583801342198190405714582958759005991915505282362397087750" | |
2871 | "4213544724644823098843135685133927198668818185338794377239590049" | |
2872 | "41019388529192775771488319", | |
2873 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2874 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2875 | "05973284973216824503042158", | |
2876 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2877 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2878 | "05973284973216824503042159", | |
2879 | "1" | |
2880 | }, | |
2881 | { /* between third and forth iteration */ | |
2882 | "4695752552040706867080542538786056470322165281761525158189220280" | |
2883 | "4025547447667484759200742764246905647644662050122968912279199065" | |
2884 | "48065034299166336940507214", | |
2885 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2886 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2887 | "05973284973216824503042158", | |
2888 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2889 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2890 | "05973284973216824503042159", | |
2891 | "1" | |
2892 | }, | |
2893 | { /* between forth and fifth iteration */ | |
2894 | "2159140240970485794188159431017382878636879856244045329971239574" | |
2895 | "8919691133560661162828034323196457386059819832804593989740268964" | |
2896 | "74502911811812651475927076", | |
2897 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2898 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2899 | "05973284973216824503042158", | |
2900 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2901 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2902 | "05973284973216824503042159", | |
2903 | "1" | |
2904 | }, | |
2905 | { /* between fifth and sixth iteration */ | |
2906 | "5239312332984325668414624633307915097111691815000872662334695514" | |
2907 | "5436533521392362443557163429336808208137221322444780490437871903" | |
2908 | "99972784701334569424519255", | |
2909 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2910 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2911 | "05973284973216824503042158", | |
2912 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2913 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2914 | "05973284973216824503042159", | |
2915 | "1" | |
2916 | }, | |
2917 | { /* between sixth and seventh iteration */ | |
2918 | "1977953647322612860406858017869125467496941904523063466791308891" | |
2919 | "1172796739058531929470539758361774569875505293428856181093904091" | |
2920 | "33788264851714311303725089", | |
2921 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2922 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2923 | "05973284973216824503042158", | |
2924 | "6703903964971298549787012499102923063739682910296196688861780721" | |
2925 | "8608820150367734884009371490834517138450159290932430254268769414" | |
2926 | "05973284973216824503042159", | |
2927 | "1" | |
2928 | }, | |
2929 | { /* between seventh and eighth iteration */ | |
2930 | "6456987954117763835533395796948878140715006860263624787492985786" | |
2931 | "8514630216966738305923915688821526449499763719943997120302368211" | |
2932 | "04813318117996225041943964", | |
2933 | "1340780792994259709957402499820584612747936582059239337772356144" | |
2934 | "3721764030073546976801874298166903427690031858186486050853753882" | |
2935 | "811946551499689575296532556", | |
2936 | "1340780792994259709957402499820584612747936582059239337772356144" | |
2937 | "3721764030073546976801874298166903427690031858186486050853753882" | |
2938 | "811946551499689575296532557", | |
2939 | "1" | |
2940 | } | |
2941 | }; | |
2942 | ||
2943 | static int test_mod_exp(int i) | |
2944 | { | |
2945 | const MOD_EXP_TEST *test = &ModExpTests[i]; | |
2946 | int res = 0; | |
2947 | BIGNUM* result = NULL; | |
2948 | BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL; | |
2949 | char *s = NULL; | |
2950 | ||
2951 | if (!TEST_ptr(result = BN_new()) | |
2952 | || !TEST_true(BN_dec2bn(&base, test->base)) | |
2953 | || !TEST_true(BN_dec2bn(&exponent, test->exp)) | |
2954 | || !TEST_true(BN_dec2bn(&modulo, test->mod))) | |
2955 | goto err; | |
2956 | ||
2957 | if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1)) | |
2958 | goto err; | |
2959 | ||
2960 | if (!TEST_ptr(s = BN_bn2dec(result))) | |
2961 | goto err; | |
2962 | ||
2963 | if (!TEST_mem_eq(s, strlen(s), test->res, strlen(test->res))) | |
2964 | goto err; | |
2965 | ||
2966 | res = 1; | |
2967 | ||
2968 | err: | |
2969 | OPENSSL_free(s); | |
2970 | BN_free(result); | |
2971 | BN_free(base); | |
2972 | BN_free(exponent); | |
2973 | BN_free(modulo); | |
2974 | return res; | |
2975 | } | |
2976 | ||
2977 | static int test_mod_exp_consttime(int i) | |
2978 | { | |
2979 | const MOD_EXP_TEST *test = &ModExpTests[i]; | |
2980 | int res = 0; | |
2981 | BIGNUM* result = NULL; | |
2982 | BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL; | |
2983 | char *s = NULL; | |
2984 | ||
2985 | if (!TEST_ptr(result = BN_new()) | |
2986 | || !TEST_true(BN_dec2bn(&base, test->base)) | |
2987 | || !TEST_true(BN_dec2bn(&exponent, test->exp)) | |
2988 | || !TEST_true(BN_dec2bn(&modulo, test->mod))) | |
2989 | goto err; | |
2990 | ||
2991 | BN_set_flags(base, BN_FLG_CONSTTIME); | |
2992 | BN_set_flags(exponent, BN_FLG_CONSTTIME); | |
2993 | BN_set_flags(modulo, BN_FLG_CONSTTIME); | |
2994 | ||
2995 | if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1)) | |
2996 | goto err; | |
2997 | ||
2998 | if (!TEST_ptr(s = BN_bn2dec(result))) | |
2999 | goto err; | |
3000 | ||
3001 | if (!TEST_mem_eq(s, strlen(s), test->res, strlen(test->res))) | |
3002 | goto err; | |
3003 | ||
3004 | res = 1; | |
3005 | ||
3006 | err: | |
3007 | OPENSSL_free(s); | |
3008 | BN_free(result); | |
3009 | BN_free(base); | |
3010 | BN_free(exponent); | |
3011 | BN_free(modulo); | |
3012 | return res; | |
3013 | } | |
3014 | ||
8d1ebff4 | 3015 | static int file_test_run(STANZA *s) |
0f113f3e | 3016 | { |
8d1ebff4 RS |
3017 | static const FILETEST filetests[] = { |
3018 | {"Sum", file_sum}, | |
3019 | {"LShift1", file_lshift1}, | |
3020 | {"LShift", file_lshift}, | |
3021 | {"RShift", file_rshift}, | |
3022 | {"Square", file_square}, | |
3023 | {"Product", file_product}, | |
3024 | {"Quotient", file_quotient}, | |
3025 | {"ModMul", file_modmul}, | |
3026 | {"ModExp", file_modexp}, | |
3027 | {"Exp", file_exp}, | |
3028 | {"ModSqrt", file_modsqrt}, | |
b75d6310 | 3029 | {"GCD", file_gcd}, |
8d1ebff4 RS |
3030 | }; |
3031 | int numtests = OSSL_NELEM(filetests); | |
3032 | const FILETEST *tp = filetests; | |
0f113f3e | 3033 | |
8d1ebff4 | 3034 | for ( ; --numtests >= 0; tp++) { |
30bea14b RS |
3035 | if (findattr(s, tp->name) != NULL) { |
3036 | if (!tp->func(s)) { | |
ae269dd8 RS |
3037 | TEST_info("%s:%d: Failed %s test", |
3038 | s->test_file, s->start, tp->name); | |
30bea14b RS |
3039 | return 0; |
3040 | } | |
3041 | return 1; | |
3042 | } | |
0f113f3e | 3043 | } |
ae269dd8 | 3044 | TEST_info("%s:%d: Unknown test", s->test_file, s->start); |
8d1ebff4 | 3045 | return 0; |
0f113f3e | 3046 | } |
d02b48c6 | 3047 | |
e1cfd184 | 3048 | static int run_file_tests(int i) |
0f113f3e | 3049 | { |
ae269dd8 | 3050 | STANZA *s = NULL; |
ad887416 | 3051 | char *testfile = test_get_argument(i); |
ae269dd8 | 3052 | int c; |
0f113f3e | 3053 | |
ae269dd8 | 3054 | if (!TEST_ptr(s = OPENSSL_zalloc(sizeof(*s)))) |
e1cfd184 | 3055 | return 0; |
ad887416 | 3056 | if (!test_start_file(s, testfile)) { |
ae269dd8 RS |
3057 | OPENSSL_free(s); |
3058 | return 0; | |
3059 | } | |
e1cfd184 | 3060 | |
8d1ebff4 | 3061 | /* Read test file. */ |
ae269dd8 RS |
3062 | while (!BIO_eof(s->fp) && test_readstanza(s)) { |
3063 | if (s->numpairs == 0) | |
8d1ebff4 | 3064 | continue; |
ae269dd8 RS |
3065 | if (!file_test_run(s)) |
3066 | s->errors++; | |
3067 | s->numtests++; | |
3068 | test_clearstanza(s); | |
0f113f3e | 3069 | } |
ae269dd8 RS |
3070 | test_end_file(s); |
3071 | c = s->errors; | |
3072 | OPENSSL_free(s); | |
8d1ebff4 | 3073 | |
ae269dd8 | 3074 | return c == 0; |
0f113f3e | 3075 | } |
d02b48c6 | 3076 | |
5d2f3e4a P |
3077 | typedef enum OPTION_choice { |
3078 | OPT_ERR = -1, | |
3079 | OPT_EOF = 0, | |
3080 | OPT_STOCHASTIC_TESTS, | |
3081 | OPT_TEST_ENUM | |
3082 | } OPTION_CHOICE; | |
3083 | ||
a43ce58f SL |
3084 | const OPTIONS *test_get_options(void) |
3085 | { | |
a43ce58f SL |
3086 | static const OPTIONS test_options[] = { |
3087 | OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), | |
5d2f3e4a | 3088 | { "stochastic", OPT_STOCHASTIC_TESTS, '-', "Run stochastic tests" }, |
a43ce58f SL |
3089 | { OPT_HELP_STR, 1, '-', |
3090 | "file\tFile to run tests on. Normal tests are not run\n" }, | |
3091 | { NULL } | |
3092 | }; | |
3093 | return test_options; | |
3094 | } | |
e1cfd184 | 3095 | |
ad887416 | 3096 | int setup_tests(void) |
0f113f3e | 3097 | { |
5d2f3e4a P |
3098 | OPTION_CHOICE o; |
3099 | int n, stochastic = 0; | |
3100 | ||
3101 | while ((o = opt_next()) != OPT_EOF) { | |
3102 | switch (o) { | |
3103 | case OPT_STOCHASTIC_TESTS: | |
3104 | stochastic = 1; | |
3105 | break; | |
3106 | case OPT_TEST_CASES: | |
3107 | break; | |
3108 | default: | |
3109 | case OPT_ERR: | |
dd6b2706 | 3110 | return 0; |
5d2f3e4a P |
3111 | } |
3112 | } | |
3113 | n = test_get_argument_count(); | |
8d1ebff4 | 3114 | |
e1cfd184 | 3115 | if (!TEST_ptr(ctx = BN_CTX_new())) |
ad887416 | 3116 | return 0; |
e1cfd184 | 3117 | |
ad887416 | 3118 | if (n == 0) { |
e1cfd184 RS |
3119 | ADD_TEST(test_sub); |
3120 | ADD_TEST(test_div_recip); | |
105c8315 P |
3121 | ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests)); |
3122 | ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests)); | |
e1cfd184 RS |
3123 | ADD_TEST(test_mod); |
3124 | ADD_TEST(test_modexp_mont5); | |
3125 | ADD_TEST(test_kronecker); | |
3126 | ADD_TEST(test_rand); | |
3127 | ADD_TEST(test_bn2padded); | |
3128 | ADD_TEST(test_dec2bn); | |
3129 | ADD_TEST(test_hex2bn); | |
3130 | ADD_TEST(test_asc2bn); | |
3131 | ADD_ALL_TESTS(test_mpi, (int)OSSL_NELEM(kMPITests)); | |
5288303d | 3132 | ADD_ALL_TESTS(test_bn2signed, (int)OSSL_NELEM(kSignedTests_BE)); |
e1cfd184 RS |
3133 | ADD_TEST(test_negzero); |
3134 | ADD_TEST(test_badmod); | |
3135 | ADD_TEST(test_expmodzero); | |
adf65243 | 3136 | ADD_TEST(test_expmodone); |
291f616c BE |
3137 | ADD_ALL_TESTS(test_smallprime, 16); |
3138 | ADD_ALL_TESTS(test_smallsafeprime, 16); | |
9e5b50b5 | 3139 | ADD_TEST(test_swap); |
fe16ae5f | 3140 | ADD_TEST(test_ctx_consttime_flag); |
8d1ebff4 | 3141 | #ifndef OPENSSL_NO_EC2M |
e1cfd184 RS |
3142 | ADD_TEST(test_gf2m_add); |
3143 | ADD_TEST(test_gf2m_mod); | |
3144 | ADD_TEST(test_gf2m_mul); | |
3145 | ADD_TEST(test_gf2m_sqr); | |
3146 | ADD_TEST(test_gf2m_modinv); | |
3147 | ADD_TEST(test_gf2m_moddiv); | |
3148 | ADD_TEST(test_gf2m_modexp); | |
3149 | ADD_TEST(test_gf2m_modsqrt); | |
3150 | ADD_TEST(test_gf2m_modsolvequad); | |
8d1ebff4 | 3151 | #endif |
7d79d13a SL |
3152 | ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes)); |
3153 | ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes)); | |
b75d6310 | 3154 | ADD_TEST(test_gcd_prime); |
18d42d8d BE |
3155 | ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests)); |
3156 | ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests)); | |
5d2f3e4a P |
3157 | if (stochastic) |
3158 | ADD_TEST(test_rand_range); | |
e1cfd184 | 3159 | } else { |
ad887416 | 3160 | ADD_ALL_TESTS(run_file_tests, n); |
e1cfd184 | 3161 | } |
ad887416 P |
3162 | return 1; |
3163 | } | |
8d1ebff4 | 3164 | |
ad887416 P |
3165 | void cleanup_tests(void) |
3166 | { | |
8d1ebff4 | 3167 | BN_CTX_free(ctx); |
0f113f3e | 3168 | } |