Blame - tests/suites/test_suite_mpi.function - mirror/mbed-tls

blob: b699f9c04647d084a19379eeda332d9350692e8f [file] [log] [blame]

Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1	/* BEGIN_HEADER */
Manuel Pégourié-Gonnard	7f80997	2015-03-09 17:05:11 +0000	[diff] [blame]	2	#include "mbedtls/bignum.h"
Gilles Peskine	3cb1e29	2020-11-25 15:37:20 +0100	[diff] [blame]	3	#include "mbedtls/entropy.h"
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	4	#include "bignum_core.h"
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	5	#include "bignum_mod.h"
				6	#include "bignum_mod_raw.h"
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	7	#include "constant_time_internal.h"
				8	#include "test/constant_flow.h"
Janos Follath	64eca05	2018-09-05 17:04:49 +0100	[diff] [blame]	9
Chris Jones	e64a46f	2020-12-03 17:44:03 +0000	[diff] [blame]	10	#if MBEDTLS_MPI_MAX_BITS > 792
				11	#define MPI_MAX_BITS_LARGER_THAN_792
Chris Jones	4592bd8	2020-12-03 14:24:33 +0000	[diff] [blame]	12	#endif
Gabor Mezei	89e3146	2022-08-12 15:36:56 +0200	[diff] [blame]	13
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	14	/* Check the validity of the sign bit in an MPI object. Reject representations
				15	* that are not supported by the rest of the library and indicate a bug when
				16	* constructing the value. */
				17	static int sign_is_valid( const mbedtls_mpi *X )
				18	{
				19	if( X->s != 1 && X->s != -1 )
				20	return( 0 ); // invalid sign bit, e.g. 0
				21	if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
				22	return( 0 ); // negative zero
				23	return( 1 );
				24	}
				25
Janos Follath	64eca05	2018-09-05 17:04:49 +0100	[diff] [blame]	26	typedef struct mbedtls_test_mpi_random
				27	{
				28	data_t *data;
				29	size_t pos;
				30	size_t chunk_len;
				31	} mbedtls_test_mpi_random;
				32
				33	/*
				34	* This function is called by the Miller-Rabin primality test each time it
				35	* chooses a random witness. The witnesses (or non-witnesses as provided by the
				36	* test) are stored in the data member of the state structure. Each number is in
				37	* the format that mbedtls_mpi_read_string understands and is chunk_len long.
				38	*/
				39	int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
				40	unsigned char* buf,
				41	size_t len )
				42	{
				43	mbedtls_test_mpi_random random = (mbedtls_test_mpi_random) state;
				44
				45	if( random == NULL \|\| random->data->x == NULL \|\| buf == NULL )
				46	return( -1 );
				47
				48	if( random->pos + random->chunk_len > random->data->len
				49	\|\| random->chunk_len > len )
				50	{
				51	return( -1 );
				52	}
				53
				54	memset( buf, 0, len );
				55
				56	/* The witness is written to the end of the buffer, since the buffer is
				57	* used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
				58	* Writing the witness to the start of the buffer would result in the
				59	* buffer being 'witness 000...000', which would be treated as
				60	* witness * 2^n for some n. */
				61	memcpy( buf + len - random->chunk_len, &random->data->x[random->pos],
				62	random->chunk_len );
				63
				64	random->pos += random->chunk_len;
				65
				66	return( 0 );
				67	}
Gilles Peskine	3cb1e29	2020-11-25 15:37:20 +0100	[diff] [blame]	68
				69	/* Random generator that is told how many bytes to return. */
				70	static int f_rng_bytes_left( void state, unsigned char buf, size_t len )
				71	{
				72	size_t *bytes_left = state;
				73	size_t i;
				74	for( i = 0; i < len; i++ )
				75	{
				76	if( *bytes_left == 0 )
				77	return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
				78	buf[i] = *bytes_left & 0xff;
				79	--( *bytes_left );
				80	}
				81	return( 0 );
				82	}
				83
Gilles Peskine	eedefa5	2021-04-13 19:50:04 +0200	[diff] [blame]	84	/* Test whether bytes represents (in big-endian base 256) a number b that
				85	* is significantly above a power of 2. That is, b must not have a long run
				86	* of unset bits after the most significant bit.
				87	*
				88	* Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}.
				89	* This function returns 1 if, when drawing a number between 0 and b,
				90	* the probability that this number is at least 2^n is not negligible.
				91	* This probability is (b - 2^n) / b and this function checks that this
				92	* number is above some threshold A. The threshold value is heuristic and
				93	* based on the needs of mpi_random_many().
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	94	*/
				95	static int is_significantly_above_a_power_of_2( data_t *bytes )
				96	{
				97	const uint8_t *p = bytes->x;
				98	size_t len = bytes->len;
				99	unsigned x;
Gilles Peskine	eedefa5	2021-04-13 19:50:04 +0200	[diff] [blame]	100
				101	/* Skip leading null bytes */
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	102	while( len > 0 && p[0] == 0 )
				103	{
				104	++p;
				105	--len;
				106	}
Gilles Peskine	eedefa5	2021-04-13 19:50:04 +0200	[diff] [blame]	107	/* 0 is not significantly above a power of 2 */
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	108	if( len == 0 )
				109	return( 0 );
Gilles Peskine	eedefa5	2021-04-13 19:50:04 +0200	[diff] [blame]	110	/* Extract the (up to) 2 most significant bytes */
				111	if( len == 1 )
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	112	x = p[0];
				113	else
				114	x = ( p[0] << 8 ) \| p[1];
				115
Gilles Peskine	eedefa5	2021-04-13 19:50:04 +0200	[diff] [blame]	116	/* Shift the most significant bit of x to position 8 and mask it out */
				117	while( ( x & 0xfe00 ) != 0 )
				118	x >>= 1;
				119	x &= 0x00ff;
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	120
Gilles Peskine	eedefa5	2021-04-13 19:50:04 +0200	[diff] [blame]	121	/* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above
				122	* a power of 2 iff x is significantly above 0 compared to 2^8.
				123	* Testing x >= 2^4 amounts to picking A = 1/16 in the function
				124	* description above. */
				125	return( x >= 0x10 );
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	126	}
				127
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	128	/* END_HEADER */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	129
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	130	/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	131	* depends_on:MBEDTLS_BIGNUM_C
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	132	* END_DEPENDENCIES
				133	*/
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	134
Hanno Becker	b48e1aa	2018-12-18 23:25:01 +0000	[diff] [blame]	135	/* BEGIN_CASE */
Azim Khan	f1aaec9	2017-05-30 14:23:15 +0100	[diff] [blame]	136	void mpi_null( )
Manuel Pégourié-Gonnard	770b5e1	2015-04-29 17:02:01 +0200	[diff] [blame]	137	{
Manuel Pégourié-Gonnard	da61ed3	2015-04-30 10:28:51 +0200	[diff] [blame]	138	mbedtls_mpi X, Y, Z;
Manuel Pégourié-Gonnard	770b5e1	2015-04-29 17:02:01 +0200	[diff] [blame]	139
Manuel Pégourié-Gonnard	da61ed3	2015-04-30 10:28:51 +0200	[diff] [blame]	140	mbedtls_mpi_init( &X );
				141	mbedtls_mpi_init( &Y );
				142	mbedtls_mpi_init( &Z );
Manuel Pégourié-Gonnard	770b5e1	2015-04-29 17:02:01 +0200	[diff] [blame]	143
Manuel Pégourié-Gonnard	da61ed3	2015-04-30 10:28:51 +0200	[diff] [blame]	144	TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 );
				145	TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 );
Manuel Pégourié-Gonnard	c0696c2	2015-06-18 16:47:17 +0200	[diff] [blame]	146	TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == 0 );
Manuel Pégourié-Gonnard	da61ed3	2015-04-30 10:28:51 +0200	[diff] [blame]	147	TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 );
Manuel Pégourié-Gonnard	770b5e1	2015-04-29 17:02:01 +0200	[diff] [blame]	148
				149	exit:
Manuel Pégourié-Gonnard	da61ed3	2015-04-30 10:28:51 +0200	[diff] [blame]	150	mbedtls_mpi_free( &X );
Manuel Pégourié-Gonnard	770b5e1	2015-04-29 17:02:01 +0200	[diff] [blame]	151	}
				152	/* END_CASE */
				153
				154	/* BEGIN_CASE */
Azim Khan	f1aaec9	2017-05-30 14:23:15 +0100	[diff] [blame]	155	void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
				156	char * input_A, int output_size, int result_read,
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	157	int result_write )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	158	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	159	mbedtls_mpi X;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	160	char str[1000];
Manuel Pégourié-Gonnard	f79b425	2015-06-02 15:41:48 +0100	[diff] [blame]	161	size_t len;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	162
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	163	mbedtls_mpi_init( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	164
Janos Follath	04dadb7	2019-03-06 12:29:37 +0000	[diff] [blame]	165	memset( str, '!', sizeof( str ) );
				166
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	167	TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	168	if( result_read == 0 )
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	169	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	170	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	f79b425	2015-06-02 15:41:48 +0100	[diff] [blame]	171	TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	172	if( result_write == 0 )
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	173	{
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	174	TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
Janos Follath	04dadb7	2019-03-06 12:29:37 +0000	[diff] [blame]	175	TEST_ASSERT( str[len] == '!' );
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	176	}
				177	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	178
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	179	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	180	mbedtls_mpi_free( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	181	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	182	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	183
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	184	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	185	void mpi_read_binary( data_t * buf, char * input_A )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	186	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	187	mbedtls_mpi X;
Janos Follath	e5670f2	2019-02-25 16:11:58 +0000	[diff] [blame]	188	char str[1000];
Manuel Pégourié-Gonnard	f79b425	2015-06-02 15:41:48 +0100	[diff] [blame]	189	size_t len;
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	190
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	191	mbedtls_mpi_init( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	192
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	193
Azim Khan	d30ca13	2017-06-09 04:32:58 +0100	[diff] [blame]	194	TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	195	TEST_ASSERT( sign_is_valid( &X ) );
Werner Lewis	f65a327	2022-07-07 11:38:44 +0100	[diff] [blame]	196	TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
Werner Lewis	dc47fe7	2022-08-01 13:55:41 +0100	[diff] [blame]	197	TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	198
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	199	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	200	mbedtls_mpi_free( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	201	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	202	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	203
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	204	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	205	void mpi_core_io_null()
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	206	{
				207	mbedtls_mpi_uint X = 0;
				208	int ret;
				209
				210	ret = mbedtls_mpi_core_read_be( &X, 1, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	211	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	212	ret = mbedtls_mpi_core_write_be( &X, 1, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	213	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	214
				215	ret = mbedtls_mpi_core_read_be( NULL, 0, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	216	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	217	ret = mbedtls_mpi_core_write_be( NULL, 0, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	218	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	219
				220	ret = mbedtls_mpi_core_read_le( &X, 1, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	221	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	222	ret = mbedtls_mpi_core_write_le( &X, 1, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	223	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	224
				225	ret = mbedtls_mpi_core_read_le( NULL, 0, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	226	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	227	ret = mbedtls_mpi_core_write_le( NULL, 0, NULL, 0 );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	228	TEST_EQUAL( ret, 0 );
Janos Follath	91dc67d	2022-07-22 14:24:58 +0100	[diff] [blame]	229
				230	exit:
				231	;
				232	}
				233	/* END_CASE */
				234
				235	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	236	void mpi_core_io_be( data_t *input, int nb_int, int nx_32_int, int iret,
				237	int oret )
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	238	{
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	239	if( iret != 0 )
				240	TEST_ASSERT( oret == 0 );
				241
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	242	TEST_LE_S( 0, nb_int );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	243	size_t nb = nb_int;
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	244
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	245	unsigned char buf[1024];
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	246	TEST_LE_U( nb, sizeof( buf ) );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	247
Janos Follath	1cb3b97	2022-08-11 10:50:04 +0100	[diff] [blame]	248	/* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need
				249	* to halve the number of limbs to have the same size. */
Janos Follath	6b8e0c2	2022-08-22 09:54:25 +0100	[diff] [blame]	250	size_t nx;
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	251	TEST_LE_S( 0, nx_32_int );
Janos Follath	6b8e0c2	2022-08-22 09:54:25 +0100	[diff] [blame]	252	if( sizeof( mbedtls_mpi_uint ) == 8 )
				253	nx = nx_32_int / 2 + nx_32_int % 2;
				254	else
				255	nx = nx_32_int;
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	256
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	257	mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )];
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	258	TEST_LE_U( nx, sizeof( X ) / sizeof( X[0] ) );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	259
				260	int ret = mbedtls_mpi_core_read_be( X, nx, input->x, input->len );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	261	TEST_EQUAL( ret, iret );
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	262
				263	if( iret == 0 )
				264	{
				265	ret = mbedtls_mpi_core_write_be( X, nx, buf, nb );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	266	TEST_EQUAL( ret, oret );
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	267	}
				268
				269	if( ( iret == 0 ) && ( oret == 0 ) )
				270	{
				271	if( nb > input->len )
				272	{
				273	size_t leading_zeroes = nb - input->len;
				274	TEST_ASSERT( memcmp( buf + nb - input->len, input->x, input->len ) == 0 );
				275	for( size_t i = 0; i < leading_zeroes; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	276	TEST_EQUAL( buf[i], 0 );
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	277	}
				278	else
				279	{
				280	size_t leading_zeroes = input->len - nb;
				281	TEST_ASSERT( memcmp( input->x + input->len - nb, buf, nb ) == 0 );
				282	for( size_t i = 0; i < leading_zeroes; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	283	TEST_EQUAL( input->x[i], 0 );
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	284	}
				285	}
				286
				287	exit:
				288	;
Janos Follath	f1d617d	2022-07-21 09:29:32 +0100	[diff] [blame]	289	}
				290	/* END_CASE */
				291
				292	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	293	void mpi_core_io_le( data_t *input, int nb_int, int nx_32_int, int iret,
				294	int oret )
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	295	{
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	296	if( iret != 0 )
				297	TEST_ASSERT( oret == 0 );
				298
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	299	TEST_LE_S( 0, nb_int );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	300	size_t nb = nb_int;
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	301
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	302	unsigned char buf[1024];
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	303	TEST_LE_U( nb, sizeof( buf ) );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	304
Janos Follath	9dfb562	2022-08-11 12:15:55 +0100	[diff] [blame]	305	/* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need
				306	* to halve the number of limbs to have the same size. */
Janos Follath	6b8e0c2	2022-08-22 09:54:25 +0100	[diff] [blame]	307	size_t nx;
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	308	TEST_LE_S( 0, nx_32_int );
Janos Follath	6b8e0c2	2022-08-22 09:54:25 +0100	[diff] [blame]	309	if( sizeof( mbedtls_mpi_uint ) == 8 )
				310	nx = nx_32_int / 2 + nx_32_int % 2;
				311	else
				312	nx = nx_32_int;
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	313
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	314	mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )];
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	315	TEST_LE_U( nx, sizeof( X ) / sizeof( X[0] ) );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	316
				317	int ret = mbedtls_mpi_core_read_le( X, nx, input->x, input->len );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	318	TEST_EQUAL( ret, iret );
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	319
				320	if( iret == 0 )
				321	{
				322	ret = mbedtls_mpi_core_write_le( X, nx, buf, nb );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	323	TEST_EQUAL( ret, oret );
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	324	}
				325
				326	if( ( iret == 0 ) && ( oret == 0 ) )
				327	{
				328	if( nb > input->len )
				329	{
				330	TEST_ASSERT( memcmp( buf, input->x, input->len ) == 0 );
				331	for( size_t i = input->len; i < nb; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	332	TEST_EQUAL( buf[i], 0 );
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	333	}
				334	else
				335	{
				336	TEST_ASSERT( memcmp( input->x, buf, nb ) == 0 );
				337	for( size_t i = nb; i < input->len; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	338	TEST_EQUAL( input->x[i], 0 );
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	339	}
				340	}
				341
				342	exit:
				343	;
Janos Follath	6ff3536	2022-07-21 15:27:21 +0100	[diff] [blame]	344	}
				345	/* END_CASE */
				346
				347	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	348	void mpi_mod_setup( int ext_rep, int int_rep, int iret )
Janos Follath	1694969	2022-08-08 13:37:20 +0100	[diff] [blame]	349	{
				350	#define MLIMBS 8
				351	mbedtls_mpi_uint mp[MLIMBS];
				352	mbedtls_mpi_mod_modulus m;
				353	int ret;
				354
				355	memset( mp, 0xFF, sizeof(mp) );
				356
				357	mbedtls_mpi_mod_modulus_init( &m );
				358	ret = mbedtls_mpi_mod_modulus_setup( &m, mp, MLIMBS, ext_rep, int_rep );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	359	TEST_EQUAL( ret, iret );
Janos Follath	1694969	2022-08-08 13:37:20 +0100	[diff] [blame]	360
				361	/* Address sanitiser should catch if we try to free mp */
				362	mbedtls_mpi_mod_modulus_free( &m );
				363
				364	/* Make sure that the modulus doesn't have reference to mp anymore */
				365	TEST_ASSERT( m.p != mp );
				366
				367	exit:
				368	/* It should be safe to call an mbedtls free several times */
				369	mbedtls_mpi_mod_modulus_free( &m );
				370
				371	#undef MLIMBS
				372	}
				373	/* END_CASE */
				374
				375
				376	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	377	void mpi_mod_raw_io( data_t *input, int nb_int, int nx_32_int,
				378	int iendian, int iret, int oret )
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	379	{
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	380	if( iret != 0 )
				381	TEST_ASSERT( oret == 0 );
				382
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	383	TEST_LE_S( 0, nb_int );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	384	size_t nb = nb_int;
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	385
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	386	unsigned char buf[1024];
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	387	TEST_LE_U( nb, sizeof( buf ) );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	388
Gabor Mezei	7f08178	2022-08-12 18:00:33 +0200	[diff] [blame]	389	/* nx_32_int is the number of 32 bit limbs, if we have 64 bit limbs we need
				390	* to halve the number of limbs to have the same size. */
Janos Follath	6b8e0c2	2022-08-22 09:54:25 +0100	[diff] [blame]	391	size_t nx;
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	392	TEST_LE_S( 0, nx_32_int );
Janos Follath	6b8e0c2	2022-08-22 09:54:25 +0100	[diff] [blame]	393	if( sizeof( mbedtls_mpi_uint ) == 8 )
				394	nx = nx_32_int / 2 + nx_32_int % 2;
				395	else
				396	nx = nx_32_int;
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	397
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	398	mbedtls_mpi_uint X[sizeof( buf ) / sizeof( mbedtls_mpi_uint )];
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	399	TEST_LE_U( nx, sizeof( X ) / sizeof( X[0] ) );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	400
				401	int endian;
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	402	if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID )
				403	endian = MBEDTLS_MPI_MOD_EXT_REP_LE;
				404	else
				405	endian = iendian;
				406
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	407	mbedtls_mpi_mod_modulus m;
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	408	mbedtls_mpi_mod_modulus_init( &m );
Janos Follath	8162064	2022-08-15 11:13:38 +0100	[diff] [blame]	409	mbedtls_mpi_uint init[sizeof( X ) / sizeof( X[0] )];
				410	memset( init, 0xFF, sizeof( init ) );
				411	int ret = mbedtls_mpi_mod_modulus_setup( &m, init, nx, endian,
				412	MBEDTLS_MPI_MOD_REP_MONTGOMERY );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	413	TEST_EQUAL( ret, 0 );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	414
				415	if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0 )
				416	m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID;
				417
				418	ret = mbedtls_mpi_mod_raw_read( X, &m, input->x, input->len );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	419	TEST_EQUAL( ret, iret );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	420
				421	if( iret == 0 )
				422	{
				423	if( iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && oret != 0 )
				424	m.ext_rep = MBEDTLS_MPI_MOD_EXT_REP_INVALID;
				425
				426	ret = mbedtls_mpi_mod_raw_write( X, &m, buf, nb );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	427	TEST_EQUAL( ret, oret );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	428	}
				429
				430	if( ( iret == 0 ) && ( oret == 0 ) )
				431	{
				432	if( nb > input->len )
				433	{
				434	if( endian == MBEDTLS_MPI_MOD_EXT_REP_BE )
				435	{
				436	size_t leading_zeroes = nb - input->len;
				437	TEST_ASSERT( memcmp( buf + nb - input->len, input->x, input->len ) == 0 );
				438	for( size_t i = 0; i < leading_zeroes; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	439	TEST_EQUAL( buf[i], 0 );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	440	}
				441	else
				442	{
				443	TEST_ASSERT( memcmp( buf, input->x, input->len ) == 0 );
				444	for( size_t i = input->len; i < nb; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	445	TEST_EQUAL( buf[i], 0 );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	446	}
				447	}
				448	else
				449	{
				450	if( endian == MBEDTLS_MPI_MOD_EXT_REP_BE )
				451	{
				452	size_t leading_zeroes = input->len - nb;
				453	TEST_ASSERT( memcmp( input->x + input->len - nb, buf, nb ) == 0 );
				454	for( size_t i = 0; i < leading_zeroes; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	455	TEST_EQUAL( input->x[i], 0 );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	456	}
				457	else
				458	{
				459	TEST_ASSERT( memcmp( input->x, buf, nb ) == 0 );
				460	for( size_t i = nb; i < input->len; i++ )
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	461	TEST_EQUAL( input->x[i], 0 );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	462	}
				463	}
				464	}
				465
				466	exit:
				467	mbedtls_mpi_mod_modulus_free( &m );
Gabor Mezei	23a1ce9	2022-08-02 11:54:44 +0200	[diff] [blame]	468	}
				469	/* END_CASE */
				470
				471	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	472	void mpi_read_binary_le( data_t * buf, char * input_A )
Janos Follath	a778a94	2019-02-13 10:28:28 +0000	[diff] [blame]	473	{
				474	mbedtls_mpi X;
Janos Follath	e5670f2	2019-02-25 16:11:58 +0000	[diff] [blame]	475	char str[1000];
Janos Follath	a778a94	2019-02-13 10:28:28 +0000	[diff] [blame]	476	size_t len;
				477
				478	mbedtls_mpi_init( &X );
				479
				480
				481	TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	482	TEST_ASSERT( sign_is_valid( &X ) );
Werner Lewis	f65a327	2022-07-07 11:38:44 +0100	[diff] [blame]	483	TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
Werner Lewis	dc47fe7	2022-08-01 13:55:41 +0100	[diff] [blame]	484	TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
Janos Follath	a778a94	2019-02-13 10:28:28 +0000	[diff] [blame]	485
				486	exit:
				487	mbedtls_mpi_free( &X );
				488	}
				489	/* END_CASE */
				490
				491	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	492	void mpi_write_binary( char * input_X, data_t * input_A,
				493	int output_size, int result )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	494	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	495	mbedtls_mpi X;
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	496	unsigned char buf[1000];
Paul Bakker	f4a3f30	2011-04-24 15:53:29 +0000	[diff] [blame]	497	size_t buflen;
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	498
				499	memset( buf, 0x00, 1000 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	500
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	501	mbedtls_mpi_init( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	502
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	503	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Manuel Pégourié-Gonnard	e670f90	2015-10-30 09:23:19 +0100	[diff] [blame]	504
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	505	buflen = mbedtls_mpi_size( &X );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	506	if( buflen > (size_t) output_size )
				507	buflen = (size_t) output_size;
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	508
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	509	TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	510	if( result == 0)
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	511	{
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	512
Ronald Cron	2dbba99	2020-06-10 11:42:32 +0200	[diff] [blame]	513	TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
				514	buflen, input_A->len ) == 0 );
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	515	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	516
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	517	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	518	mbedtls_mpi_free( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	519	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	520	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	521
Janos Follath	e344d0f	2019-02-19 16:17:40 +0000	[diff] [blame]	522	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	523	void mpi_write_binary_le( char * input_X, data_t * input_A,
				524	int output_size, int result )
Janos Follath	e344d0f	2019-02-19 16:17:40 +0000	[diff] [blame]	525	{
				526	mbedtls_mpi X;
				527	unsigned char buf[1000];
				528	size_t buflen;
				529
				530	memset( buf, 0x00, 1000 );
				531
				532	mbedtls_mpi_init( &X );
				533
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	534	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Janos Follath	e344d0f	2019-02-19 16:17:40 +0000	[diff] [blame]	535
				536	buflen = mbedtls_mpi_size( &X );
				537	if( buflen > (size_t) output_size )
				538	buflen = (size_t) output_size;
				539
				540	TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
				541	if( result == 0)
				542	{
				543
Ronald Cron	2dbba99	2020-06-10 11:42:32 +0200	[diff] [blame]	544	TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
				545	buflen, input_A->len ) == 0 );
Janos Follath	e344d0f	2019-02-19 16:17:40 +0000	[diff] [blame]	546	}
				547
				548	exit:
				549	mbedtls_mpi_free( &X );
				550	}
				551	/* END_CASE */
				552
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	553	/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	554	void mpi_read_file( char * input_file, data_t * input_A, int result )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	555	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	556	mbedtls_mpi X;
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	557	unsigned char buf[1000];
Paul Bakker	f4a3f30	2011-04-24 15:53:29 +0000	[diff] [blame]	558	size_t buflen;
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	559	FILE *file;
Manuel Pégourié-Gonnard	e43187d	2015-02-14 16:01:34 +0000	[diff] [blame]	560	int ret;
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	561
				562	memset( buf, 0x00, 1000 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	563
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	564	mbedtls_mpi_init( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	565
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	566	file = fopen( input_file, "r" );
Paul Bakker	8a0c0a9	2014-04-17 16:08:20 +0200	[diff] [blame]	567	TEST_ASSERT( file != NULL );
Werner Lewis	f65a327	2022-07-07 11:38:44 +0100	[diff] [blame]	568	ret = mbedtls_mpi_read_file( &X, 16, file );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	569	fclose(file);
Manuel Pégourié-Gonnard	e43187d	2015-02-14 16:01:34 +0000	[diff] [blame]	570	TEST_ASSERT( ret == result );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	571
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	572	if( result == 0 )
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	573	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	574	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	575	buflen = mbedtls_mpi_size( &X );
				576	TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	577
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	578
Ronald Cron	2dbba99	2020-06-10 11:42:32 +0200	[diff] [blame]	579	TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
				580	buflen, input_A->len ) == 0 );
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	581	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	582
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	583	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	584	mbedtls_mpi_free( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	585	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	586	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	587
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	588	/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	589	void mpi_write_file( char * input_X, char * output_file )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	590	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	591	mbedtls_mpi X, Y;
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	592	FILE file_out, file_in;
Manuel Pégourié-Gonnard	ac5361f	2015-06-24 01:08:09 +0200	[diff] [blame]	593	int ret;
Paul Bakker	69998dd	2009-07-11 19:15:20 +0000	[diff] [blame]	594
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	595	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	596
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	597	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	598
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	599	file_out = fopen( output_file, "w" );
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	600	TEST_ASSERT( file_out != NULL );
Werner Lewis	f65a327	2022-07-07 11:38:44 +0100	[diff] [blame]	601	ret = mbedtls_mpi_write_file( NULL, &X, 16, file_out );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	602	fclose(file_out);
Manuel Pégourié-Gonnard	ac5361f	2015-06-24 01:08:09 +0200	[diff] [blame]	603	TEST_ASSERT( ret == 0 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	604
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	605	file_in = fopen( output_file, "r" );
Paul Bakker	5690efc	2011-05-26 13:16:06 +0000	[diff] [blame]	606	TEST_ASSERT( file_in != NULL );
Werner Lewis	f65a327	2022-07-07 11:38:44 +0100	[diff] [blame]	607	ret = mbedtls_mpi_read_file( &Y, 16, file_in );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	608	fclose(file_in);
Manuel Pégourié-Gonnard	ac5361f	2015-06-24 01:08:09 +0200	[diff] [blame]	609	TEST_ASSERT( ret == 0 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	610
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	611	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	612
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	613	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	614	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	615	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	616	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	617
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	618	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	619	void mpi_get_bit( char * input_X, int pos, int val )
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	620	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	621	mbedtls_mpi X;
				622	mbedtls_mpi_init( &X );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	623	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	624	TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val );
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	625
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	626	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	627	mbedtls_mpi_free( &X );
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	628	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	629	/* END_CASE */
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	630
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	631	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	632	void mpi_set_bit( char * input_X, int pos, int val,
				633	char * output_Y, int result )
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	634	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	635	mbedtls_mpi X, Y;
				636	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	637
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	638	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				639	TEST_ASSERT( mbedtls_test_read_mpi( &Y, output_Y ) == 0 );
Paul Bakker	ec5ceb6	2016-07-14 12:47:07 +0100	[diff] [blame]	640	TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result );
				641
				642	if( result == 0 )
				643	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	644	TEST_ASSERT( sign_is_valid( &X ) );
Paul Bakker	ec5ceb6	2016-07-14 12:47:07 +0100	[diff] [blame]	645	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
				646	}
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	647
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	648	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	649	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	650	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	651	/* END_CASE */
Paul Bakker	2f5947e	2011-05-18 15:47:11 +0000	[diff] [blame]	652
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	653	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	654	void mpi_lsb( char * input_X, int nr_bits )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	655	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	656	mbedtls_mpi X;
				657	mbedtls_mpi_init( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	658
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	659	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	660	TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	661
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	662	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	663	mbedtls_mpi_free( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	664	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	665	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	666
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	667	/* BEGIN_CASE */
Gilles Peskine	b50e433	2022-10-09 21:17:26 +0200	[diff] [blame]	668	void mpi_core_bitlen( char *input_X, int nr_bits )
				669	{
				670	mbedtls_mpi_uint *X = NULL;
				671	size_t limbs;
				672
				673	TEST_EQUAL( mbedtls_test_read_mpi_core( &X, &limbs, input_X ), 0 );
				674	TEST_EQUAL( mbedtls_mpi_core_bitlen( X, limbs ), nr_bits );
				675
				676	exit:
				677	mbedtls_free( X );
				678	}
				679	/* END_CASE */
				680
				681	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	682	void mpi_bitlen( char * input_X, int nr_bits )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	683	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	684	mbedtls_mpi X;
				685	mbedtls_mpi_init( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	686
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	687	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Manuel Pégourié-Gonnard	c0696c2	2015-06-18 16:47:17 +0200	[diff] [blame]	688	TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	689
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	690	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	691	mbedtls_mpi_free( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	692	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	693	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	694
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	695	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	696	void mpi_gcd( char * input_X, char * input_Y,
				697	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	698	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	699	mbedtls_mpi A, X, Y, Z;
				700	mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	701
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	702	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				703	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				704	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	705	TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	706	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	707	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	708
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	709	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	710	mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	711	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	712	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	713
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	714	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	715	void mpi_cmp_int( int input_X, int input_A, int result_CMP )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	716	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	717	mbedtls_mpi X;
				718	mbedtls_mpi_init( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	719
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	720	TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0);
				721	TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_A ) == result_CMP);
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	722
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	723	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	724	mbedtls_mpi_free( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	725	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	726	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	727
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	728	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	729	void mpi_cmp_mpi( char * input_X, char * input_Y,
				730	int input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	731	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	732	mbedtls_mpi X, Y;
				733	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	734
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	735	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				736	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	737	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	738
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	739	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	740	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	741	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	742	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	743
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	744	/* BEGIN_CASE */
Gilles Peskine	c5772a1	2022-10-09 21:14:09 +0200	[diff] [blame]	745	void mpi_core_lt_ct( char input_X, char input_Y, int exp_ret )
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	746	{
Gilles Peskine	5bbdfce	2022-09-20 21:39:25 +0200	[diff] [blame]	747	mbedtls_mpi_uint *X = NULL;
				748	size_t X_limbs;
				749	mbedtls_mpi_uint *Y = NULL;
				750	size_t Y_limbs;
				751	int ret;
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	752
Gilles Peskine	5bbdfce	2022-09-20 21:39:25 +0200	[diff] [blame]	753	TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &X, &X_limbs, input_X ) );
				754	TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &Y, &Y_limbs, input_Y ) );
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	755
Gilles Peskine	5bbdfce	2022-09-20 21:39:25 +0200	[diff] [blame]	756	/* We need two same-length limb arrays */
				757	TEST_EQUAL( X_limbs, Y_limbs );
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	758
Gilles Peskine	5bbdfce	2022-09-20 21:39:25 +0200	[diff] [blame]	759	TEST_CF_SECRET( X, X_limbs * sizeof( mbedtls_mpi_uint ) );
				760	TEST_CF_SECRET( Y, X_limbs * sizeof( mbedtls_mpi_uint ) );
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	761
Gilles Peskine	5bbdfce	2022-09-20 21:39:25 +0200	[diff] [blame]	762	ret = mbedtls_mpi_core_lt_ct( X, Y, X_limbs );
Janos Follath	494a6d2	2022-08-22 09:36:17 +0100	[diff] [blame]	763	TEST_EQUAL( ret, exp_ret );
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	764
				765	exit:
Gilles Peskine	5bbdfce	2022-09-20 21:39:25 +0200	[diff] [blame]	766	mbedtls_free( X );
				767	mbedtls_free( Y );
Janos Follath	23bdeca	2022-07-22 18:24:06 +0100	[diff] [blame]	768	}
				769	/* END_CASE */
				770
				771	/* BEGIN_CASE */
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	772	void mpi_core_cond_assign( data_t * input_X,
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	773	data_t * input_Y,
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	774	int input_bytes )
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	775	{
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	776	mbedtls_mpi_uint *X = NULL;
				777	mbedtls_mpi_uint *Y = NULL;
Gabor Mezei	f5ca726	2022-09-30 14:28:26 +0200	[diff] [blame]	778	size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
				779	size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	780	size_t limbs = limbs_X;
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	781	size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
				782	size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
				783	size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	784
Gabor Mezei	d71eb0c	2022-10-10 13:09:04 +0200	[diff] [blame]	785	TEST_EQUAL( limbs_X, limbs_Y );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	786	TEST_ASSERT( copy_limbs <= limbs );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	787
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	788	ASSERT_ALLOC( X, limbs );
				789	ASSERT_ALLOC( Y, limbs );
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	790
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	791	TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs, input_X->x, input_X->len )
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	792	== 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	793
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	794	TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs, input_Y->x, input_Y->len )
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	795	== 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	796
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	797	/* condition is false */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	798	TEST_CF_SECRET( X, bytes );
				799	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	800
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	801	mbedtls_mpi_core_cond_assign( X, Y, copy_limbs, 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	802
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	803	TEST_CF_PUBLIC( X, bytes );
				804	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	805
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	806	TEST_ASSERT( memcmp( X, Y, bytes ) != 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	807
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	808	/* condition is true */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	809	TEST_CF_SECRET( X, bytes );
				810	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	811
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	812	mbedtls_mpi_core_cond_assign( X, Y, copy_limbs, 1 );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	813
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	814	TEST_CF_PUBLIC( X, bytes );
				815	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	816
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	817	/* Check if the given length is copied even it is smaller
Gabor Mezei	4dceede	2022-10-18 16:44:17 +0200	[diff] [blame]	818	than the length of the given MPIs. */
Gabor Mezei	0c74e08	2022-10-17 16:09:58 +0200	[diff] [blame]	819	if( copy_limbs < limbs )
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	820	{
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	821	ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes );
				822	TEST_ASSERT( memcmp( X, Y, bytes ) != 0 );
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	823	}
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	824	else
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	825	ASSERT_COMPARE( X, bytes, Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	826
				827	exit:
Gabor Mezei	8b05e3b	2022-09-28 12:37:02 +0200	[diff] [blame]	828	mbedtls_free( X );
				829	mbedtls_free( Y );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	830	}
				831	/* END_CASE */
				832
				833	/* BEGIN_CASE */
				834	void mpi_core_cond_swap( data_t * input_X,
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	835	data_t * input_Y,
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	836	int input_bytes )
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	837	{
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	838	mbedtls_mpi_uint *tmp_X = NULL;
				839	mbedtls_mpi_uint *tmp_Y = NULL;
				840	mbedtls_mpi_uint *X = NULL;
				841	mbedtls_mpi_uint *Y = NULL;
Gabor Mezei	f5ca726	2022-09-30 14:28:26 +0200	[diff] [blame]	842	size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
				843	size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	844	size_t limbs = limbs_X;
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	845	size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
				846	size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
				847	size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	848
Gabor Mezei	d71eb0c	2022-10-10 13:09:04 +0200	[diff] [blame]	849	TEST_EQUAL( limbs_X, limbs_Y );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	850	TEST_ASSERT( copy_limbs <= limbs );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	851
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	852	ASSERT_ALLOC( tmp_X, limbs );
				853	ASSERT_ALLOC( tmp_Y, limbs );
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	854
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	855	TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs,
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	856	input_X->x, input_X->len )
				857	== 0 );
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	858	ASSERT_ALLOC( X, limbs );
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	859	memcpy( X, tmp_X, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	860
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	861	TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs,
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	862	input_Y->x, input_Y->len )
				863	== 0 );
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	864	ASSERT_ALLOC( Y, limbs );
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	865	memcpy( Y, tmp_Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	866
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	867	/* condition is false */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	868	TEST_CF_SECRET( X, bytes );
				869	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	870
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	871	mbedtls_mpi_core_cond_swap( X, Y, copy_limbs, 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	872
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	873	TEST_CF_PUBLIC( X, bytes );
				874	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	875
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	876	ASSERT_COMPARE( X, bytes, tmp_X, bytes );
				877	ASSERT_COMPARE( Y, bytes, tmp_Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	878
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	879	/* condition is true */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	880	TEST_CF_SECRET( X, bytes );
				881	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	882
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	883	mbedtls_mpi_core_cond_swap( X, Y, copy_limbs, 1 );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	884
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	885	TEST_CF_PUBLIC( X, bytes );
				886	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	887
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	888	/* Check if the given length is copied even it is smaller
				889	than the length of the given MPIs. */
Gabor Mezei	0c74e08	2022-10-17 16:09:58 +0200	[diff] [blame]	890	if( copy_limbs < limbs )
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	891	{
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	892	ASSERT_COMPARE( X, copy_bytes, tmp_Y, copy_bytes );
				893	ASSERT_COMPARE( Y, copy_bytes, tmp_X, copy_bytes );
				894	TEST_ASSERT( memcmp( X, tmp_X, bytes ) != 0 );
				895	TEST_ASSERT( memcmp( X, tmp_Y, bytes ) != 0 );
				896	TEST_ASSERT( memcmp( Y, tmp_X, bytes ) != 0 );
				897	TEST_ASSERT( memcmp( Y, tmp_Y, bytes ) != 0 );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	898	}
				899	else
				900	{
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	901	ASSERT_COMPARE( X, bytes, tmp_Y, bytes );
				902	ASSERT_COMPARE( Y, bytes, tmp_X, bytes );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	903	}
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	904
				905	exit:
Gabor Mezei	8b05e3b	2022-09-28 12:37:02 +0200	[diff] [blame]	906	mbedtls_free( tmp_X );
				907	mbedtls_free( tmp_Y );
				908	mbedtls_free( X );
				909	mbedtls_free( Y );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	910	}
				911	/* END_CASE */
				912
				913	/* BEGIN_CASE */
				914	void mpi_mod_raw_cond_assign( data_t * input_X,
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	915	data_t * input_Y,
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	916	int input_bytes )
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	917	{
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	918	mbedtls_mpi_uint *X = NULL;
				919	mbedtls_mpi_uint *Y = NULL;
Gabor Mezei	ec5685f	2022-09-30 14:41:13 +0200	[diff] [blame]	920	mbedtls_mpi_uint *buff_m = NULL;
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	921	mbedtls_mpi_mod_modulus m;
Gabor Mezei	f5ca726	2022-09-30 14:28:26 +0200	[diff] [blame]	922	size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
				923	size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	924	size_t limbs = limbs_X;
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	925	size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
				926	size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
				927	size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	928
Gabor Mezei	d71eb0c	2022-10-10 13:09:04 +0200	[diff] [blame]	929	TEST_EQUAL( limbs_X, limbs_Y );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	930	TEST_ASSERT( copy_limbs <= limbs );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	931
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	932	ASSERT_ALLOC( X, limbs );
				933	ASSERT_ALLOC( Y, limbs );
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	934
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	935	ASSERT_ALLOC( buff_m, limbs );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	936	mbedtls_mpi_mod_modulus_init( &m );
				937	TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	938	&m, buff_m, copy_limbs,
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	939	MBEDTLS_MPI_MOD_EXT_REP_BE,
				940	MBEDTLS_MPI_MOD_REP_MONTGOMERY )
				941	== 0 );
				942
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	943	TEST_ASSERT( mbedtls_mpi_core_read_be( X, limbs,
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	944	input_X->x, input_X->len )
				945	== 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	946
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	947	TEST_ASSERT( mbedtls_mpi_core_read_be( Y, limbs,
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	948	input_Y->x, input_Y->len )
				949	== 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	950
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	951	/* condition is false */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	952	TEST_CF_SECRET( X, bytes );
				953	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	954
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	955	mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	956
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	957	TEST_CF_PUBLIC( X, bytes );
				958	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	959
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	960	TEST_ASSERT( memcmp( X, Y, bytes ) != 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	961
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	962	/* condition is true */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	963	TEST_CF_SECRET( X, bytes );
				964	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	965
				966	mbedtls_mpi_mod_raw_cond_assign( X, Y, &m, 1 );
				967
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	968	TEST_CF_PUBLIC( X, bytes );
				969	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	970
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	971	/* Check if the given length is copied even it is smaller
				972	than the length of the given MPIs. */
Gabor Mezei	0c74e08	2022-10-17 16:09:58 +0200	[diff] [blame]	973	if( copy_limbs <limbs )
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	974	{
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	975	ASSERT_COMPARE( X, copy_bytes, Y, copy_bytes );
				976	TEST_ASSERT( memcmp( X, Y, bytes ) != 0 );
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	977	}
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	978	else
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	979	ASSERT_COMPARE( X, bytes, Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	980
				981	exit:
Gabor Mezei	8b05e3b	2022-09-28 12:37:02 +0200	[diff] [blame]	982	mbedtls_free( X );
				983	mbedtls_free( Y );
				984
				985	mbedtls_mpi_mod_modulus_free( &m );
Gabor Mezei	ec5685f	2022-09-30 14:41:13 +0200	[diff] [blame]	986	mbedtls_free( buff_m );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	987	}
				988	/* END_CASE */
				989
				990	/* BEGIN_CASE */
				991	void mpi_mod_raw_cond_swap( data_t * input_X,
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	992	data_t * input_Y,
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	993	int input_bytes )
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	994	{
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	995	mbedtls_mpi_uint *tmp_X = NULL;
				996	mbedtls_mpi_uint *tmp_Y = NULL;
				997	mbedtls_mpi_uint *X = NULL;
				998	mbedtls_mpi_uint *Y = NULL;
Gabor Mezei	ec5685f	2022-09-30 14:41:13 +0200	[diff] [blame]	999	mbedtls_mpi_uint *buff_m = NULL;
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1000	mbedtls_mpi_mod_modulus m;
Gabor Mezei	f5ca726	2022-09-30 14:28:26 +0200	[diff] [blame]	1001	size_t limbs_X = CHARS_TO_LIMBS( input_X->len );
				1002	size_t limbs_Y = CHARS_TO_LIMBS( input_Y->len );
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	1003	size_t limbs = limbs_X;
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1004	size_t copy_limbs = CHARS_TO_LIMBS( input_bytes );
				1005	size_t bytes = limbs * sizeof( mbedtls_mpi_uint );
				1006	size_t copy_bytes = copy_limbs * sizeof( mbedtls_mpi_uint );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1007
Gabor Mezei	d71eb0c	2022-10-10 13:09:04 +0200	[diff] [blame]	1008	TEST_EQUAL( limbs_X, limbs_Y );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	1009	TEST_ASSERT( copy_limbs <= limbs );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1010
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	1011	ASSERT_ALLOC( tmp_X, limbs );
				1012	ASSERT_ALLOC( tmp_Y, limbs );
Gabor Mezei	a758488	2022-09-27 13:18:02 +0200	[diff] [blame]	1013
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	1014	ASSERT_ALLOC( buff_m, copy_limbs );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1015	mbedtls_mpi_mod_modulus_init( &m );
				1016	TEST_ASSERT( mbedtls_mpi_mod_modulus_setup(
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	1017	&m, buff_m, copy_limbs,
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1018	MBEDTLS_MPI_MOD_EXT_REP_BE,
				1019	MBEDTLS_MPI_MOD_REP_MONTGOMERY )
				1020	== 0 );
				1021
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	1022	TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_X, limbs, input_X->x, input_X->len )
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	1023	== 0 );
Gabor Mezei	8bcd7cc	2022-10-14 16:18:10 +0200	[diff] [blame]	1024	ASSERT_ALLOC( X, limbs );
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1025	memcpy( X, tmp_X, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1026
Gabor Mezei	6546a6c	2022-09-30 14:55:16 +0200	[diff] [blame]	1027	TEST_ASSERT( mbedtls_mpi_core_read_be( tmp_Y, limbs, input_Y->x, input_Y->len )
Gabor Mezei	027d696	2022-09-16 17:16:27 +0200	[diff] [blame]	1028	== 0 );
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1029	ASSERT_ALLOC( Y, bytes );
				1030	memcpy( Y, tmp_Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1031
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	1032	/* condition is false */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1033	TEST_CF_SECRET( X, bytes );
				1034	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1035
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	1036	mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 0 );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1037
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1038	TEST_CF_PUBLIC( X, bytes );
				1039	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1040
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1041	ASSERT_COMPARE( X, bytes, tmp_X, bytes );
				1042	ASSERT_COMPARE( Y, bytes, tmp_Y, bytes );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1043
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	1044	/* condition is true */
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1045	TEST_CF_SECRET( X, bytes );
				1046	TEST_CF_SECRET( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	1047
				1048	mbedtls_mpi_mod_raw_cond_swap( X, Y, &m, 1 );
				1049
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1050	TEST_CF_PUBLIC( X, bytes );
				1051	TEST_CF_PUBLIC( Y, bytes );
Gabor Mezei	821d151	2022-09-27 12:41:28 +0200	[diff] [blame]	1052
Gabor Mezei	a67a1a3	2022-10-10 15:25:59 +0200	[diff] [blame]	1053	/* Check if the given length is copied even it is smaller
				1054	than the length of the given MPIs. */
Gabor Mezei	0c74e08	2022-10-17 16:09:58 +0200	[diff] [blame]	1055	if( copy_limbs < limbs )
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	1056	{
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1057	ASSERT_COMPARE( X, copy_bytes, tmp_Y, copy_bytes );
				1058	ASSERT_COMPARE( Y, copy_bytes, tmp_X, copy_bytes );
				1059	TEST_ASSERT( memcmp( X, tmp_X, bytes ) != 0 );
				1060	TEST_ASSERT( memcmp( X, tmp_Y, bytes ) != 0 );
				1061	TEST_ASSERT( memcmp( Y, tmp_X, bytes ) != 0 );
				1062	TEST_ASSERT( memcmp( Y, tmp_Y, bytes ) != 0 );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	1063	}
				1064	else
				1065	{
Gabor Mezei	ffb4aa0	2022-10-14 16:39:04 +0200	[diff] [blame]	1066	ASSERT_COMPARE( X, bytes, tmp_Y, bytes );
				1067	ASSERT_COMPARE( Y, bytes, tmp_X, bytes );
Gabor Mezei	02e5d43	2022-10-03 16:45:11 +0200	[diff] [blame]	1068	}
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1069
				1070	exit:
Gabor Mezei	8b05e3b	2022-09-28 12:37:02 +0200	[diff] [blame]	1071	mbedtls_free( tmp_X );
				1072	mbedtls_free( tmp_Y );
				1073	mbedtls_free( X );
				1074	mbedtls_free( Y );
				1075
				1076	mbedtls_mpi_mod_modulus_free( &m );
Gabor Mezei	ec5685f	2022-09-30 14:41:13 +0200	[diff] [blame]	1077	mbedtls_free( buff_m );
Gabor Mezei	b27b1c5	2022-09-12 16:36:48 +0200	[diff] [blame]	1078	}
				1079	/* END_CASE */
				1080
				1081	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1082	void mpi_lt_mpi_ct( int size_X, char * input_X,
				1083	int size_Y, char * input_Y,
				1084	int input_ret, int input_err )
Janos Follath	385d5b8	2019-09-11 16:07:14 +0100	[diff] [blame]	1085	{
Gilles Peskine	0deccf1	2020-09-02 15:18:07 +0200	[diff] [blame]	1086	unsigned ret = -1;
Janos Follath	0e5532d	2019-10-11 14:21:53 +0100	[diff] [blame]	1087	unsigned input_uret = input_ret;
Janos Follath	385d5b8	2019-09-11 16:07:14 +0100	[diff] [blame]	1088	mbedtls_mpi X, Y;
				1089	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
				1090
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1091	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1092	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
Janos Follath	385d5b8	2019-09-11 16:07:14 +0100	[diff] [blame]	1093
Gilles Peskine	9018b11	2020-01-21 16:30:53 +0100	[diff] [blame]	1094	TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
				1095	TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
Janos Follath	385d5b8	2019-09-11 16:07:14 +0100	[diff] [blame]	1096
Janos Follath	0e5532d	2019-10-11 14:21:53 +0100	[diff] [blame]	1097	TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
Janos Follath	385d5b8	2019-09-11 16:07:14 +0100	[diff] [blame]	1098	if( input_err == 0 )
Janos Follath	0e5532d	2019-10-11 14:21:53 +0100	[diff] [blame]	1099	TEST_ASSERT( ret == input_uret );
Janos Follath	385d5b8	2019-09-11 16:07:14 +0100	[diff] [blame]	1100
				1101	exit:
				1102	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
				1103	}
				1104	/* END_CASE */
				1105
				1106	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1107	void mpi_cmp_abs( char * input_X, char * input_Y,
				1108	int input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1109	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1110	mbedtls_mpi X, Y;
				1111	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1112
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1113	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1114	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1115	TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1116
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1117	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1118	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1119	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1120	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1121
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1122	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1123	void mpi_copy( char src_hex, char dst_hex )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1124	{
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1125	mbedtls_mpi src, dst, ref;
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1126	mbedtls_mpi_init( &src );
				1127	mbedtls_mpi_init( &dst );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1128	mbedtls_mpi_init( &ref );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1129
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1130	TEST_ASSERT( mbedtls_test_read_mpi( &src, src_hex ) == 0 );
				1131	TEST_ASSERT( mbedtls_test_read_mpi( &ref, dst_hex ) == 0 );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1132
				1133	/* mbedtls_mpi_copy() */
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1134	TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1135	TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 );
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1136	TEST_ASSERT( sign_is_valid( &dst ) );
				1137	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1138
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1139	/* mbedtls_mpi_safe_cond_assign(), assignment done */
				1140	mbedtls_mpi_free( &dst );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1141	TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1142	TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 );
				1143	TEST_ASSERT( sign_is_valid( &dst ) );
				1144	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
				1145
				1146	/* mbedtls_mpi_safe_cond_assign(), assignment not done */
				1147	mbedtls_mpi_free( &dst );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1148	TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1149	TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 );
				1150	TEST_ASSERT( sign_is_valid( &dst ) );
				1151	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 );
				1152
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1153	exit:
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1154	mbedtls_mpi_free( &src );
				1155	mbedtls_mpi_free( &dst );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1156	mbedtls_mpi_free( &ref );
Gilles Peskine	7428b45	2020-01-20 21:01:51 +0100	[diff] [blame]	1157	}
				1158	/* END_CASE */
				1159
				1160	/* BEGIN_CASE */
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1161	void mpi_copy_self( char *input_X )
Gilles Peskine	7428b45	2020-01-20 21:01:51 +0100	[diff] [blame]	1162	{
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1163	mbedtls_mpi X, A;
				1164	mbedtls_mpi_init( &A );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1165	mbedtls_mpi_init( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	1166
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1167	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1168	TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1169
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1170	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_X ) == 0 );
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1171	TEST_ASSERT( sign_is_valid( &X ) );
				1172	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1173
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1174	exit:
Gilles Peskine	90ec8e8	2021-06-10 15:17:30 +0200	[diff] [blame]	1175	mbedtls_mpi_free( &A );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1176	mbedtls_mpi_free( &X );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	1177	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1178	/* END_CASE */
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	1179
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1180	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1181	void mpi_swap( char X_hex, char Y_hex )
Gilles Peskine	fc1eeef	2021-06-10 22:29:57 +0200	[diff] [blame]	1182	{
				1183	mbedtls_mpi X, Y, X0, Y0;
				1184	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
				1185	mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
				1186
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1187	TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
				1188	TEST_ASSERT( mbedtls_test_read_mpi( &Y0, Y_hex ) == 0 );
Gilles Peskine	fc1eeef	2021-06-10 22:29:57 +0200	[diff] [blame]	1189
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1190	/* mbedtls_mpi_swap() */
Tom Cosgrove	c71ca0c	2022-09-15 15:38:17 +0100	[diff] [blame]	1191	TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
				1192	TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
Gilles Peskine	fc1eeef	2021-06-10 22:29:57 +0200	[diff] [blame]	1193	mbedtls_mpi_swap( &X, &Y );
				1194	TEST_ASSERT( sign_is_valid( &X ) );
				1195	TEST_ASSERT( sign_is_valid( &Y ) );
				1196	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
				1197	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
				1198
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1199	/* mbedtls_mpi_safe_cond_swap(), swap done */
				1200	mbedtls_mpi_free( &X );
				1201	mbedtls_mpi_free( &Y );
Tom Cosgrove	c71ca0c	2022-09-15 15:38:17 +0100	[diff] [blame]	1202	TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
				1203	TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1204	TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
				1205	TEST_ASSERT( sign_is_valid( &X ) );
				1206	TEST_ASSERT( sign_is_valid( &Y ) );
				1207	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
				1208	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
				1209
				1210	/* mbedtls_mpi_safe_cond_swap(), swap not done */
				1211	mbedtls_mpi_free( &X );
				1212	mbedtls_mpi_free( &Y );
Tom Cosgrove	c71ca0c	2022-09-15 15:38:17 +0100	[diff] [blame]	1213	TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
				1214	TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
Gilles Peskine	d0722f8	2021-06-10 23:00:33 +0200	[diff] [blame]	1215	TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
				1216	TEST_ASSERT( sign_is_valid( &X ) );
				1217	TEST_ASSERT( sign_is_valid( &Y ) );
				1218	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
				1219	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 );
				1220
Gilles Peskine	fc1eeef	2021-06-10 22:29:57 +0200	[diff] [blame]	1221	exit:
				1222	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
				1223	mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
				1224	}
				1225	/* END_CASE */
				1226
				1227	/* BEGIN_CASE */
				1228	void mpi_swap_self( char *X_hex )
				1229	{
				1230	mbedtls_mpi X, X0;
				1231	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
				1232
Tom Cosgrove	c71ca0c	2022-09-15 15:38:17 +0100	[diff] [blame]	1233	TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1234	TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
Gilles Peskine	fc1eeef	2021-06-10 22:29:57 +0200	[diff] [blame]	1235
				1236	mbedtls_mpi_swap( &X, &X );
				1237	TEST_ASSERT( sign_is_valid( &X ) );
				1238	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
				1239
				1240	exit:
				1241	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
				1242	}
				1243	/* END_CASE */
				1244
				1245	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1246	void mpi_shrink( int before, int used, int min, int after )
Manuel Pégourié-Gonnard	5868163	2013-11-21 10:39:37 +0100	[diff] [blame]	1247	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1248	mbedtls_mpi X;
				1249	mbedtls_mpi_init( &X );
Manuel Pégourié-Gonnard	5868163	2013-11-21 10:39:37 +0100	[diff] [blame]	1250
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1251	TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 );
Gilles Peskine	e109175	2021-06-15 21:19:18 +0200	[diff] [blame]	1252	if( used > 0 )
				1253	{
				1254	size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint );
				1255	TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 );
				1256	}
				1257	TEST_EQUAL( X.n, (size_t) before );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1258	TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 );
Gilles Peskine	e109175	2021-06-15 21:19:18 +0200	[diff] [blame]	1259	TEST_EQUAL( X.n, (size_t) after );
Manuel Pégourié-Gonnard	5868163	2013-11-21 10:39:37 +0100	[diff] [blame]	1260
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1261	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1262	mbedtls_mpi_free( &X );
Manuel Pégourié-Gonnard	5868163	2013-11-21 10:39:37 +0100	[diff] [blame]	1263	}
				1264	/* END_CASE */
				1265
				1266	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1267	void mpi_add_mpi( char * input_X, char * input_Y,
				1268	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1269	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1270	mbedtls_mpi X, Y, Z, A;
				1271	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1272
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1273	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1274	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1275	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1276	TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1277	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1278	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1279
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1280	/* result == first operand */
				1281	TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1282	TEST_ASSERT( sign_is_valid( &X ) );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1283	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1284	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1285
				1286	/* result == second operand */
				1287	TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1288	TEST_ASSERT( sign_is_valid( &Y ) );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1289	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
				1290
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1291	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1292	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1293	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1294	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1295
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1296	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1297	void mpi_add_mpi_inplace( char * input_X, char * input_A )
Janos Follath	044a86b	2015-10-25 10:58:03 +0100	[diff] [blame]	1298	{
				1299	mbedtls_mpi X, A;
				1300	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
				1301
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1302	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Janos Follath	6cbacec	2015-10-25 12:29:13 +0100	[diff] [blame]	1303
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1304	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Janos Follath	6cbacec	2015-10-25 12:29:13 +0100	[diff] [blame]	1305	TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 );
				1306	TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1307	TEST_ASSERT( sign_is_valid( &X ) );
Janos Follath	6cbacec	2015-10-25 12:29:13 +0100	[diff] [blame]	1308
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1309	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Janos Follath	6cbacec	2015-10-25 12:29:13 +0100	[diff] [blame]	1310	TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1311	TEST_ASSERT( sign_is_valid( &X ) );
Janos Follath	6cbacec	2015-10-25 12:29:13 +0100	[diff] [blame]	1312	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
				1313
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1314	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Janos Follath	044a86b	2015-10-25 10:58:03 +0100	[diff] [blame]	1315	TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1316	TEST_ASSERT( sign_is_valid( &X ) );
Janos Follath	044a86b	2015-10-25 10:58:03 +0100	[diff] [blame]	1317	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
				1318
				1319	exit:
				1320	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
				1321	}
				1322	/* END_CASE */
				1323
				1324
				1325	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1326	void mpi_add_abs( char * input_X, char * input_Y,
				1327	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1328	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1329	mbedtls_mpi X, Y, Z, A;
				1330	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1331
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1332	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1333	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1334	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1335	TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1336	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1337	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1338
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1339	/* result == first operand */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1340	TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1341	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1342	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1343	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1344
				1345	/* result == second operand */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1346	TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1347	TEST_ASSERT( sign_is_valid( &Y ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1348	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1349
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1350	exit:
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1351	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	1352	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1353	/* END_CASE */
Paul Bakker	ba48cb2	2009-07-12 11:01:32 +0000	[diff] [blame]	1354
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1355	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1356	void mpi_add_int( char * input_X, int input_Y,
				1357	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1358	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1359	mbedtls_mpi X, Z, A;
				1360	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1361
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1362	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1363	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1364	TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1365	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1366	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1367
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1368	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1369	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1370	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1371	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1372
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1373	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1374	void mpi_sub_mpi( char * input_X, char * input_Y,
				1375	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1376	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1377	mbedtls_mpi X, Y, Z, A;
				1378	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1379
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1380	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1381	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1382	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1383	TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1384	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1385	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1386
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1387	/* result == first operand */
				1388	TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1389	TEST_ASSERT( sign_is_valid( &X ) );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1390	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1391	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1392
				1393	/* result == second operand */
				1394	TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1395	TEST_ASSERT( sign_is_valid( &Y ) );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1396	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
				1397
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1398	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1399	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1400	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1401	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1402
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1403	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1404	void mpi_sub_abs( char * input_X, char * input_Y,
				1405	char * input_A, int sub_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1406	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1407	mbedtls_mpi X, Y, Z, A;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1408	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1409	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1410
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1411	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1412	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1413	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	e670f90	2015-10-30 09:23:19 +0100	[diff] [blame]	1414
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1415	res = mbedtls_mpi_sub_abs( &Z, &X, &Y );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1416	TEST_ASSERT( res == sub_result );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1417	TEST_ASSERT( sign_is_valid( &Z ) );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1418	if( res == 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1419	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1420
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1421	/* result == first operand */
				1422	TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1423	TEST_ASSERT( sign_is_valid( &X ) );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1424	if( sub_result == 0 )
				1425	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1426	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1427
				1428	/* result == second operand */
				1429	TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1430	TEST_ASSERT( sign_is_valid( &Y ) );
Gilles Peskine	56f943a	2020-07-23 01:18:11 +0200	[diff] [blame]	1431	if( sub_result == 0 )
				1432	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
				1433
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1434	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1435	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1436	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1437	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1438
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1439	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1440	void mpi_sub_int( char * input_X, int input_Y,
				1441	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1442	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1443	mbedtls_mpi X, Z, A;
				1444	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1445
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1446	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1447	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1448	TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1449	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1450	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1451
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1452	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1453	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1454	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1455	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1456
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1457	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1458	void mpi_mul_mpi( char * input_X, char * input_Y,
				1459	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1460	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1461	mbedtls_mpi X, Y, Z, A;
				1462	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1463
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1464	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1465	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1466	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1467	TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1468	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1469	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1470
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1471	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1472	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1473	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1474	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1475
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1476	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1477	void mpi_mul_int( char * input_X, int input_Y,
				1478	char * input_A, char * result_comparison )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1479	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1480	mbedtls_mpi X, Z, A;
				1481	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1482
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1483	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1484	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1485	TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1486	TEST_ASSERT( sign_is_valid( &Z ) );
Paul Bakker	dbd443d	2013-08-16 13:38:47 +0200	[diff] [blame]	1487	if( strcmp( result_comparison, "==" ) == 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1488	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	dbd443d	2013-08-16 13:38:47 +0200	[diff] [blame]	1489	else if( strcmp( result_comparison, "!=" ) == 0 )
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1490	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) != 0 );
Paul Bakker	dbd443d	2013-08-16 13:38:47 +0200	[diff] [blame]	1491	else
				1492	TEST_ASSERT( "unknown operator" == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1493
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1494	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1495	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1496	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1497	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1498
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1499	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1500	void mpi_div_mpi( char * input_X, char * input_Y,
				1501	char * input_A, char * input_B,
				1502	int div_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1503	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1504	mbedtls_mpi X, Y, Q, R, A, B;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1505	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1506	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R );
				1507	mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1508
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1509	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1510	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1511	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
				1512	TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1513	res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1514	TEST_ASSERT( res == div_result );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1515	if( res == 0 )
				1516	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1517	TEST_ASSERT( sign_is_valid( &Q ) );
				1518	TEST_ASSERT( sign_is_valid( &R ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1519	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
				1520	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1521	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1522
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1523	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1524	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R );
				1525	mbedtls_mpi_free( &A ); mbedtls_mpi_free( &B );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1526	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1527	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1528
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1529	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1530	void mpi_div_int( char * input_X, int input_Y,
				1531	char * input_A, char * input_B,
				1532	int div_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1533	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1534	mbedtls_mpi X, Q, R, A, B;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1535	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1536	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A );
				1537	mbedtls_mpi_init( &B );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1538
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1539	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1540	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
				1541	TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1542	res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1543	TEST_ASSERT( res == div_result );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1544	if( res == 0 )
				1545	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1546	TEST_ASSERT( sign_is_valid( &Q ) );
				1547	TEST_ASSERT( sign_is_valid( &R ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1548	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
				1549	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1550	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1551
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1552	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1553	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &A );
				1554	mbedtls_mpi_free( &B );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1555	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1556	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1557
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1558	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1559	void mpi_mod_mpi( char * input_X, char * input_Y,
				1560	char * input_A, int div_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1561	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1562	mbedtls_mpi X, Y, A;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1563	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1564	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1565
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1566	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1567	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1568	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1569	res = mbedtls_mpi_mod_mpi( &X, &X, &Y );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1570	TEST_ASSERT( res == div_result );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1571	if( res == 0 )
				1572	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1573	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1574	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1575	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1576
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1577	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1578	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1579	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1580	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1581
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1582	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1583	void mpi_mod_int( char * input_X, int input_Y,
				1584	int input_A, int div_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1585	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1586	mbedtls_mpi X;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1587	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1588	mbedtls_mpi_uint r;
				1589	mbedtls_mpi_init( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1590
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1591	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1592	res = mbedtls_mpi_mod_int( &r, &X, input_Y );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1593	TEST_ASSERT( res == div_result );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1594	if( res == 0 )
				1595	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1596	TEST_ASSERT( r == (mbedtls_mpi_uint) input_A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1597	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1598
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1599	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1600	mbedtls_mpi_free( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1601	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1602	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1603
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1604	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1605	void mpi_exp_mod( char * input_A, char * input_E,
				1606	char * input_N, char * input_X,
				1607	int exp_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1608	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1609	mbedtls_mpi A, E, N, RR, Z, X;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1610	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1611	mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
				1612	mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1613
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1614	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
				1615	TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
				1616	TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
				1617	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1618
Gilles Peskine	342f71b	2021-06-09 18:31:35 +0200	[diff] [blame]	1619	res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL );
Gilles Peskine	722c62c	2021-06-15 21:55:05 +0200	[diff] [blame]	1620	TEST_ASSERT( res == exp_result );
Gilles Peskine	342f71b	2021-06-09 18:31:35 +0200	[diff] [blame]	1621	if( res == 0 )
				1622	{
				1623	TEST_ASSERT( sign_is_valid( &Z ) );
				1624	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
				1625	}
				1626
				1627	/* Now test again with the speed-up parameter supplied as an output. */
				1628	res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
Gilles Peskine	722c62c	2021-06-15 21:55:05 +0200	[diff] [blame]	1629	TEST_ASSERT( res == exp_result );
Gilles Peskine	342f71b	2021-06-09 18:31:35 +0200	[diff] [blame]	1630	if( res == 0 )
				1631	{
				1632	TEST_ASSERT( sign_is_valid( &Z ) );
				1633	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
				1634	}
				1635
				1636	/* Now test again with the speed-up parameter supplied in calculated form. */
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1637	res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
Gilles Peskine	722c62c	2021-06-15 21:55:05 +0200	[diff] [blame]	1638	TEST_ASSERT( res == exp_result );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1639	if( res == 0 )
				1640	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1641	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1642	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1643	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1644
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1645	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1646	mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
				1647	mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1648	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1649	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1650
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1651	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1652	void mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes,
				1653	char * input_RR, int exp_result )
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1654	{
				1655	mbedtls_mpi A, E, N, RR, Z;
				1656	mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
				1657	mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z );
				1658
Chris Jones	aa850cd	2020-12-03 11:35:41 +0000	[diff] [blame]	1659	/* Set A to 2^(A_bytes - 1) + 1 */
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1660	TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 );
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1661	TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 );
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1662	TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 );
Chris Jones	aa850cd	2020-12-03 11:35:41 +0000	[diff] [blame]	1663
				1664	/* Set E to 2^(E_bytes - 1) + 1 */
				1665	TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 );
				1666	TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 );
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1667	TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 );
Chris Jones	aa850cd	2020-12-03 11:35:41 +0000	[diff] [blame]	1668
				1669	/* Set N to 2^(N_bytes - 1) + 1 */
				1670	TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 );
				1671	TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 );
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1672	TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
				1673
				1674	if( strlen( input_RR ) )
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1675	TEST_ASSERT( mbedtls_test_read_mpi( &RR, input_RR ) == 0 );
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1676
Chris Jones	aa850cd	2020-12-03 11:35:41 +0000	[diff] [blame]	1677	TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
Chris Jones	d10b331	2020-12-02 10:41:50 +0000	[diff] [blame]	1678
				1679	exit:
				1680	mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
				1681	mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z );
				1682	}
				1683	/* END_CASE */
				1684
				1685	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1686	void mpi_inv_mod( char * input_X, char * input_Y,
				1687	char * input_A, int div_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1688	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1689	mbedtls_mpi X, Y, Z, A;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1690	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1691	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1692
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1693	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1694	TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
				1695	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1696	res = mbedtls_mpi_inv_mod( &Z, &X, &Y );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1697	TEST_ASSERT( res == div_result );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1698	if( res == 0 )
				1699	{
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1700	TEST_ASSERT( sign_is_valid( &Z ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1701	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1702	}
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1703
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1704	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1705	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1706	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1707	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1708
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1709	/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1710	void mpi_is_prime( char * input_X, int div_result )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1711	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1712	mbedtls_mpi X;
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1713	int res;
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1714	mbedtls_mpi_init( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1715
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1716	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
Ronald Cron	351f0ee	2020-06-10 12:12:18 +0200	[diff] [blame]	1717	res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1718	TEST_ASSERT( res == div_result );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1719
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1720	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1721	mbedtls_mpi_free( &X );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1722	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1723	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1724
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1725	/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1726	void mpi_is_prime_det( data_t * input_X, data_t * witnesses,
				1727	int chunk_len, int rounds )
Janos Follath	64eca05	2018-09-05 17:04:49 +0100	[diff] [blame]	1728	{
				1729	mbedtls_mpi X;
				1730	int res;
				1731	mbedtls_test_mpi_random rand;
				1732
				1733	mbedtls_mpi_init( &X );
				1734	rand.data = witnesses;
				1735	rand.pos = 0;
				1736	rand.chunk_len = chunk_len;
				1737
				1738	TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
Darryl Green	ac2ead0	2018-10-02 15:30:39 +0100	[diff] [blame]	1739	res = mbedtls_mpi_is_prime_ext( &X, rounds - 1,
				1740	mbedtls_test_mpi_miller_rabin_determinizer,
				1741	&rand );
				1742	TEST_ASSERT( res == 0 );
				1743
				1744	rand.data = witnesses;
				1745	rand.pos = 0;
				1746	rand.chunk_len = chunk_len;
				1747
Janos Follath	a0b67c2	2018-09-18 14:48:23 +0100	[diff] [blame]	1748	res = mbedtls_mpi_is_prime_ext( &X, rounds,
				1749	mbedtls_test_mpi_miller_rabin_determinizer,
Janos Follath	64eca05	2018-09-05 17:04:49 +0100	[diff] [blame]	1750	&rand );
Darryl Green	ac2ead0	2018-10-02 15:30:39 +0100	[diff] [blame]	1751	TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
Janos Follath	64eca05	2018-09-05 17:04:49 +0100	[diff] [blame]	1752
				1753	exit:
				1754	mbedtls_mpi_free( &X );
				1755	}
				1756	/* END_CASE */
				1757
				1758	/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1759	void mpi_gen_prime( int bits, int flags, int ref_ret )
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1760	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1761	mbedtls_mpi X;
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1762	int my_ret;
				1763
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1764	mbedtls_mpi_init( &X );
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1765
Ronald Cron	6c5bd7f	2020-06-10 14:08:26 +0200	[diff] [blame]	1766	my_ret = mbedtls_mpi_gen_prime( &X, bits, flags,
				1767	mbedtls_test_rnd_std_rand, NULL );
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1768	TEST_ASSERT( my_ret == ref_ret );
				1769
				1770	if( ref_ret == 0 )
				1771	{
Manuel Pégourié-Gonnard	c0696c2	2015-06-18 16:47:17 +0200	[diff] [blame]	1772	size_t actual_bits = mbedtls_mpi_bitlen( &X );
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1773
				1774	TEST_ASSERT( actual_bits >= (size_t) bits );
				1775	TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1776	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1777
Ronald Cron	6c5bd7f	2020-06-10 14:08:26 +0200	[diff] [blame]	1778	TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
				1779	mbedtls_test_rnd_std_rand,
				1780	NULL ) == 0 );
Janos Follath	a3cb7eb	2018-08-14 15:31:54 +0100	[diff] [blame]	1781	if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH )
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1782	{
Hanno Becker	d4d6057	2018-01-10 07:12:01 +0000	[diff] [blame]	1783	/* X = ( X - 1 ) / 2 */
				1784	TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
Ronald Cron	6c5bd7f	2020-06-10 14:08:26 +0200	[diff] [blame]	1785	TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
				1786	mbedtls_test_rnd_std_rand,
				1787	NULL ) == 0 );
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1788	}
				1789	}
				1790
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1791	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1792	mbedtls_mpi_free( &X );
Manuel Pégourié-Gonnard	15f58a8	2014-06-16 17:12:40 +0200	[diff] [blame]	1793	}
				1794	/* END_CASE */
				1795
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1796	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1797	void mpi_shift_l( char * input_X, int shift_X,
				1798	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1799	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1800	mbedtls_mpi X, A;
				1801	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1802
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1803	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1804	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1805	TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1806	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1807	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1808
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1809	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1810	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1811	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1812	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1813
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1814	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	1815	void mpi_shift_r( char * input_X, int shift_X,
				1816	char * input_A )
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1817	{
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1818	mbedtls_mpi X, A;
				1819	mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1820
Werner Lewis	19b4cd8	2022-07-07 11:02:27 +0100	[diff] [blame]	1821	TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
				1822	TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1823	TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1824	TEST_ASSERT( sign_is_valid( &X ) );
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1825	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
Paul Bakker	6c591fa	2011-05-05 11:49:20 +0000	[diff] [blame]	1826
Paul Bakker	bd51b26	2014-07-10 15:26:12 +0200	[diff] [blame]	1827	exit:
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	1828	mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1829	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	1830	/* END_CASE */
Paul Bakker	367dae4	2009-06-28 21:50:27 +0000	[diff] [blame]	1831
Gilles Peskine	3cb1e29	2020-11-25 15:37:20 +0100	[diff] [blame]	1832	/* BEGIN_CASE */
Gilles Peskine	422e867	2021-04-02 00:02:27 +0200	[diff] [blame]	1833	void mpi_fill_random( int wanted_bytes, int rng_bytes,
				1834	int before, int expected_ret )
Gilles Peskine	3cb1e29	2020-11-25 15:37:20 +0100	[diff] [blame]	1835	{
				1836	mbedtls_mpi X;
				1837	int ret;
				1838	size_t bytes_left = rng_bytes;
				1839	mbedtls_mpi_init( &X );
				1840
Gilles Peskine	422e867	2021-04-02 00:02:27 +0200	[diff] [blame]	1841	if( before != 0 )
				1842	{
				1843	/* Set X to sign(before) * 2^(\|before\|-1) */
				1844	TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 );
				1845	if( before < 0 )
				1846	before = - before;
				1847	TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 );
				1848	}
				1849
Gilles Peskine	3cb1e29	2020-11-25 15:37:20 +0100	[diff] [blame]	1850	ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
				1851	f_rng_bytes_left, &bytes_left );
				1852	TEST_ASSERT( ret == expected_ret );
				1853
				1854	if( expected_ret == 0 )
				1855	{
				1856	/* mbedtls_mpi_fill_random is documented to use bytes from the RNG
				1857	* as a big-endian representation of the number. We know when
				1858	* our RNG function returns null bytes, so we know how many
				1859	* leading zero bytes the number has. */
				1860	size_t leading_zeros = 0;
				1861	if( wanted_bytes > 0 && rng_bytes % 256 == 0 )
				1862	leading_zeros = 1;
				1863	TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
				1864	(size_t) wanted_bytes );
				1865	TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1866	TEST_ASSERT( sign_is_valid( &X ) );
Gilles Peskine	3cb1e29	2020-11-25 15:37:20 +0100	[diff] [blame]	1867	}
				1868
				1869	exit:
				1870	mbedtls_mpi_free( &X );
				1871	}
				1872	/* END_CASE */
				1873
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	1874	/* BEGIN_CASE */
				1875	void mpi_random_many( int min, data_t *bound_bytes, int iterations )
				1876	{
				1877	/* Generate numbers in the range 1..bound-1. Do it iterations times.
				1878	* This function assumes that the value of bound is at least 2 and
				1879	* that iterations is large enough that a one-in-2^iterations chance
				1880	* effectively never occurs.
				1881	*/
				1882
				1883	mbedtls_mpi upper_bound;
				1884	size_t n_bits;
				1885	mbedtls_mpi result;
				1886	size_t b;
				1887	/* If upper_bound is small, stats[b] is the number of times the value b
				1888	* has been generated. Otherwise stats[b] is the number of times a
				1889	* value with bit b set has been generated. */
				1890	size_t *stats = NULL;
				1891	size_t stats_len;
				1892	int full_stats;
				1893	size_t i;
				1894
				1895	mbedtls_mpi_init( &upper_bound );
				1896	mbedtls_mpi_init( &result );
				1897
				1898	TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
				1899	bound_bytes->x, bound_bytes->len ) );
				1900	n_bits = mbedtls_mpi_bitlen( &upper_bound );
				1901	/* Consider a bound "small" if it's less than 2^5. This value is chosen
				1902	* to be small enough that the probability of missing one value is
				1903	* negligible given the number of iterations. It must be less than
				1904	* 256 because some of the code below assumes that "small" values
				1905	* fit in a byte. */
				1906	if( n_bits <= 5 )
				1907	{
				1908	full_stats = 1;
				1909	stats_len = bound_bytes->x[bound_bytes->len - 1];
				1910	}
				1911	else
				1912	{
				1913	full_stats = 0;
				1914	stats_len = n_bits;
				1915	}
				1916	ASSERT_ALLOC( stats, stats_len );
				1917
				1918	for( i = 0; i < (size_t) iterations; i++ )
				1919	{
				1920	mbedtls_test_set_step( i );
				1921	TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
				1922	mbedtls_test_rnd_std_rand, NULL ) );
				1923
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	1924	TEST_ASSERT( sign_is_valid( &result ) );
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	1925	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
				1926	TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
				1927	if( full_stats )
				1928	{
				1929	uint8_t value;
				1930	TEST_EQUAL( 0, mbedtls_mpi_write_binary( &result, &value, 1 ) );
				1931	TEST_ASSERT( value < stats_len );
				1932	++stats[value];
				1933	}
				1934	else
				1935	{
				1936	for( b = 0; b < n_bits; b++ )
				1937	stats[b] += mbedtls_mpi_get_bit( &result, b );
				1938	}
				1939	}
				1940
				1941	if( full_stats )
				1942	{
Gilles Peskine	d463edf	2021-04-13 20:45:05 +0200	[diff] [blame]	1943	for( b = min; b < stats_len; b++ )
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	1944	{
				1945	mbedtls_test_set_step( 1000000 + b );
				1946	/* Assert that each value has been reached at least once.
				1947	* This is almost guaranteed if the iteration count is large
				1948	* enough. This is a very crude way of checking the distribution.
				1949	*/
				1950	TEST_ASSERT( stats[b] > 0 );
				1951	}
				1952	}
				1953	else
				1954	{
Gilles Peskine	ceefe5d	2021-06-02 21:24:04 +0200	[diff] [blame]	1955	int statistically_safe_all_the_way =
				1956	is_significantly_above_a_power_of_2( bound_bytes );
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	1957	for( b = 0; b < n_bits; b++ )
				1958	{
				1959	mbedtls_test_set_step( 1000000 + b );
				1960	/* Assert that each bit has been set in at least one result and
				1961	* clear in at least one result. Provided that iterations is not
				1962	* too small, it would be extremely unlikely for this not to be
				1963	* the case if the results are uniformly distributed.
				1964	*
				1965	* As an exception, the top bit may legitimately never be set
				1966	* if bound is a power of 2 or only slightly above.
				1967	*/
Gilles Peskine	ceefe5d	2021-06-02 21:24:04 +0200	[diff] [blame]	1968	if( statistically_safe_all_the_way \|\| b != n_bits - 1 )
Gilles Peskine	02ac93a	2021-03-29 22:02:55 +0200	[diff] [blame]	1969	{
				1970	TEST_ASSERT( stats[b] > 0 );
				1971	}
				1972	TEST_ASSERT( stats[b] < (size_t) iterations );
				1973	}
				1974	}
				1975
				1976	exit:
				1977	mbedtls_mpi_free( &upper_bound );
				1978	mbedtls_mpi_free( &result );
				1979	mbedtls_free( stats );
				1980	}
				1981	/* END_CASE */
				1982
Gilles Peskine	1e918f4	2021-03-29 22:14:51 +0200	[diff] [blame]	1983	/* BEGIN_CASE */
Gilles Peskine	422e867	2021-04-02 00:02:27 +0200	[diff] [blame]	1984	void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before )
Gilles Peskine	1a7df4e	2021-04-01 15:57:18 +0200	[diff] [blame]	1985	{
				1986	mbedtls_mpi upper_bound;
				1987	mbedtls_mpi result;
				1988
				1989	mbedtls_mpi_init( &upper_bound );
				1990	mbedtls_mpi_init( &result );
				1991
Gilles Peskine	422e867	2021-04-02 00:02:27 +0200	[diff] [blame]	1992	if( before != 0 )
				1993	{
				1994	/* Set result to sign(before) * 2^(\|before\|-1) */
				1995	TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 );
				1996	if( before < 0 )
				1997	before = - before;
				1998	TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 );
				1999	}
				2000
Gilles Peskine	1a7df4e	2021-04-01 15:57:18 +0200	[diff] [blame]	2001	TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) );
				2002	TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
				2003	bound_bytes->x, bound_bytes->len ) );
				2004	TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
				2005	mbedtls_test_rnd_std_rand, NULL ) );
Gilles Peskine	dffc710	2021-06-10 15:34:15 +0200	[diff] [blame]	2006	TEST_ASSERT( sign_is_valid( &result ) );
Gilles Peskine	1a7df4e	2021-04-01 15:57:18 +0200	[diff] [blame]	2007	TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
				2008	TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
				2009
				2010	exit:
				2011	mbedtls_mpi_free( &upper_bound );
				2012	mbedtls_mpi_free( &result );
				2013	}
				2014	/* END_CASE */
				2015
				2016	/* BEGIN_CASE */
Gilles Peskine	1e918f4	2021-03-29 22:14:51 +0200	[diff] [blame]	2017	void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret )
				2018	{
				2019	mbedtls_mpi upper_bound;
				2020	mbedtls_mpi result;
				2021	int actual_ret;
				2022
				2023	mbedtls_mpi_init( &upper_bound );
				2024	mbedtls_mpi_init( &result );
				2025
				2026	TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
				2027	bound_bytes->x, bound_bytes->len ) );
				2028	actual_ret = mbedtls_mpi_random( &result, min, &upper_bound,
				2029	mbedtls_test_rnd_std_rand, NULL );
				2030	TEST_EQUAL( expected_ret, actual_ret );
				2031
				2032	exit:
				2033	mbedtls_mpi_free( &upper_bound );
				2034	mbedtls_mpi_free( &result );
				2035	}
				2036	/* END_CASE */
				2037
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2038	/* BEGIN_CASE */
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2039	void mpi_core_add_if( char * input_A, char * input_B,
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2040	char * input_S4, int carry4,
				2041	char * input_S8, int carry8 )
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2042	{
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2043	mbedtls_mpi S4, S8, A, B;
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2044	mbedtls_mpi_uint a = NULL; / first value to add */
				2045	mbedtls_mpi_uint b = NULL; / second value to add */
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2046	mbedtls_mpi_uint *sum = NULL;
				2047	mbedtls_mpi_uint d = NULL; / destination - the in/out first operand */
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2048
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2049	mbedtls_mpi_init( &A );
				2050	mbedtls_mpi_init( &B );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2051	mbedtls_mpi_init( &S4 );
				2052	mbedtls_mpi_init( &S8 );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2053
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2054	TEST_EQUAL( 0, mbedtls_test_read_mpi( &A, input_A ) );
				2055	TEST_EQUAL( 0, mbedtls_test_read_mpi( &B, input_B ) );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2056	TEST_EQUAL( 0, mbedtls_test_read_mpi( &S4, input_S4 ) );
				2057	TEST_EQUAL( 0, mbedtls_test_read_mpi( &S8, input_S8 ) );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2058
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2059	/* We only need to work with one of (S4, carry4) or (S8, carry8) depending
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2060	* on sizeof(mbedtls_mpi_uint)
				2061	*/
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2062	mbedtls_mpi *X = ( sizeof(mbedtls_mpi_uint) == 4 ) ? &S4 : &S8;
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2063	mbedtls_mpi_uint carry = ( sizeof(mbedtls_mpi_uint) == 4 ) ? carry4 : carry8;
				2064
				2065	/* All of the inputs are +ve (or zero) */
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2066	TEST_EQUAL( 1, A.s );
				2067	TEST_EQUAL( 1, B.s );
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2068	TEST_EQUAL( 1, X->s );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2069
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2070	/* Test cases are such that A <= B, so #limbs should be <= */
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	2071	TEST_LE_U( A.n, B.n );
				2072	TEST_LE_U( X->n, B.n );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2073
				2074	/* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2075
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2076	/* mbedtls_mpi_core_add_if() uses input arrays of mbedtls_mpi_uints which
				2077	* must be the same size. The MPIs we've read in will only have arrays
				2078	* large enough for the number they represent. Therefore we create new
				2079	* raw arrays of mbedtls_mpi_uints and populate them from the MPIs we've
				2080	* just read in.
				2081	*
				2082	* We generated test data such that B was always >= A, so that's how many
				2083	* limbs each of these need.
				2084	*/
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2085	size_t limbs = B.n;
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2086	size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2087
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2088	/* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */
				2089	ASSERT_ALLOC( a, bytes );
				2090	ASSERT_ALLOC( b, bytes );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2091	ASSERT_ALLOC( sum, bytes );
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2092	ASSERT_ALLOC( d, bytes );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2093
				2094	/* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as
				2095	* processed by mbedtls_mpi_core_add_if()) are little endian, we can just
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2096	* copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC())
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2097	*/
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2098	memcpy( a, A.p, A.n * sizeof(mbedtls_mpi_uint) );
				2099	memcpy( b, B.p, B.n * sizeof(mbedtls_mpi_uint) );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2100	memcpy( sum, X->p, X->n * sizeof(mbedtls_mpi_uint) );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2101
Tom Cosgrove	dbc1561	2022-09-15 15:36:23 +0100	[diff] [blame]	2102	/* The test cases have a <= b to avoid repetition, so we test a + b then,
				2103	* if a != b, b + a. If a == b, we can test when a and b are aliased */
Tom Cosgrove	17f1fdc	2022-09-15 15:23:56 +0100	[diff] [blame]	2104
				2105	/* a + b */
				2106
				2107	/* cond = 0 => d unchanged, no carry */
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2108	memcpy( d, a, bytes );
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2109	TEST_EQUAL( 0, mbedtls_mpi_core_add_if( d, b, limbs, 0 ) );
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2110	ASSERT_COMPARE( d, bytes, a, bytes );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2111
Tom Cosgrove	17f1fdc	2022-09-15 15:23:56 +0100	[diff] [blame]	2112	/* cond = 1 => correct result and carry */
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2113	TEST_EQUAL( carry, mbedtls_mpi_core_add_if( d, b, limbs, 1 ) );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2114	ASSERT_COMPARE( d, bytes, sum, bytes );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2115
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2116	if ( A.n == B.n && memcmp( A.p, B.p, bytes ) == 0 )
				2117	{
Tom Cosgrove	dbc1561	2022-09-15 15:36:23 +0100	[diff] [blame]	2118	/* a == b, so test where a and b are aliased */
				2119
Tom Cosgrove	17f1fdc	2022-09-15 15:23:56 +0100	[diff] [blame]	2120	/* cond = 0 => d unchanged, no carry */
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2121	TEST_EQUAL( 0, mbedtls_mpi_core_add_if( b, b, limbs, 0 ) );
				2122	ASSERT_COMPARE( b, bytes, B.p, bytes );
				2123
Tom Cosgrove	17f1fdc	2022-09-15 15:23:56 +0100	[diff] [blame]	2124	/* cond = 1 => correct result and carry */
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2125	TEST_EQUAL( carry, mbedtls_mpi_core_add_if( b, b, limbs, 1 ) );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2126	ASSERT_COMPARE( b, bytes, sum, bytes );
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2127	}
Tom Cosgrove	dbc1561	2022-09-15 15:36:23 +0100	[diff] [blame]	2128	else
				2129	{
				2130	/* a != b, so test b + a */
				2131
				2132	/* cond = 0 => d unchanged, no carry */
				2133	memcpy( d, b, bytes );
				2134	TEST_EQUAL( 0, mbedtls_mpi_core_add_if( d, a, limbs, 0 ) );
				2135	ASSERT_COMPARE( d, bytes, b, bytes );
				2136
				2137	/* cond = 1 => correct result and carry */
				2138	TEST_EQUAL( carry, mbedtls_mpi_core_add_if( d, a, limbs, 1 ) );
				2139	ASSERT_COMPARE( d, bytes, sum, bytes );
				2140	}
Tom Cosgrove	1135b20	2022-09-02 11:46:18 +0100	[diff] [blame]	2141
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2142	exit:
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2143	mbedtls_free( a );
				2144	mbedtls_free( b );
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2145	mbedtls_free( sum );
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2146	mbedtls_free( d );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2147
Tom Cosgrove	50c477b	2022-09-15 14:28:30 +0100	[diff] [blame]	2148	mbedtls_mpi_free( &S4 );
				2149	mbedtls_mpi_free( &S8 );
Tom Cosgrove	eceb4cc	2022-09-02 10:46:09 +0100	[diff] [blame]	2150	mbedtls_mpi_free( &A );
				2151	mbedtls_mpi_free( &B );
Tom Cosgrove	0cc7865	2022-08-23 16:26:52 +0100	[diff] [blame]	2152	}
				2153	/* END_CASE */
				2154
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2155	/* BEGIN_CASE */
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2156	void mpi_core_sub( char * input_A, char * input_B,
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	2157	char * input_X4, char * input_X8,
				2158	int carry )
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2159	{
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2160	mbedtls_mpi A, B, X4, X8;
				2161	mbedtls_mpi_uint *a = NULL;
				2162	mbedtls_mpi_uint *b = NULL;
				2163	mbedtls_mpi_uint x = NULL; / expected */
				2164	mbedtls_mpi_uint r = NULL; / result */
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2165
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2166	mbedtls_mpi_init( &A );
				2167	mbedtls_mpi_init( &B );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2168	mbedtls_mpi_init( &X4 );
				2169	mbedtls_mpi_init( &X8 );
				2170
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2171	TEST_EQUAL( 0, mbedtls_test_read_mpi( &A, input_A ) );
				2172	TEST_EQUAL( 0, mbedtls_test_read_mpi( &B, input_B ) );
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2173	TEST_EQUAL( 0, mbedtls_test_read_mpi( &X4, input_X4 ) );
				2174	TEST_EQUAL( 0, mbedtls_test_read_mpi( &X8, input_X8 ) );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2175
				2176	/* All of the inputs are +ve (or zero) */
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2177	TEST_EQUAL( 1, A.s );
				2178	TEST_EQUAL( 1, B.s );
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2179	TEST_EQUAL( 1, X4.s );
				2180	TEST_EQUAL( 1, X8.s );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2181
				2182	/* Get the number of limbs we will need */
Tom Cosgrove	e2159f2	2022-09-15 14:40:10 +0100	[diff] [blame]	2183	size_t limbs = MAX( A.n, B.n );
Tom Cosgrove	b0fb17a	2022-09-01 15:04:43 +0100	[diff] [blame]	2184	size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2185
				2186	/* We only need to work with X4 or X8, depending on sizeof(mbedtls_mpi_uint) */
				2187	mbedtls_mpi *X = ( sizeof(mbedtls_mpi_uint) == 4 ) ? &X4 : &X8;
				2188
				2189	/* The result shouldn't have more limbs than the longest input */
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	2190	TEST_LE_U( X->n, limbs );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2191
				2192	/* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2193
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2194	/* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */
				2195	ASSERT_ALLOC( a, bytes );
				2196	ASSERT_ALLOC( b, bytes );
				2197	ASSERT_ALLOC( x, bytes );
				2198	ASSERT_ALLOC( r, bytes );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2199
				2200	/* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2201	* processed by mbedtls_mpi_core_sub()) are little endian, we can just
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2202	* copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC())
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2203	*/
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2204	memcpy( a, A.p, A.n * sizeof(mbedtls_mpi_uint) );
				2205	memcpy( b, B.p, B.n * sizeof(mbedtls_mpi_uint) );
				2206	memcpy( x, X->p, X->n * sizeof(mbedtls_mpi_uint) );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2207
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2208	/* 1a) r = a - b => we should get the correct carry */
Tom Cosgrove	be7209d	2022-09-15 14:32:38 +0100	[diff] [blame]	2209	TEST_EQUAL( carry, mbedtls_mpi_core_sub( r, a, b, limbs ) );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2210
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2211	/* 1b) r = a - b => we should get the correct result */
				2212	ASSERT_COMPARE( r, bytes, x, bytes );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2213
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2214	/* 2 and 3 test "r may be aliased to a or b" */
				2215	/* 2a) r = a; r -= b => we should get the correct carry (use r to avoid clobbering a) */
				2216	memcpy( r, a, bytes );
Tom Cosgrove	be7209d	2022-09-15 14:32:38 +0100	[diff] [blame]	2217	TEST_EQUAL( carry, mbedtls_mpi_core_sub( r, r, b, limbs ) );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2218
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2219	/* 2b) r -= b => we should get the correct result */
				2220	ASSERT_COMPARE( r, bytes, x, bytes );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2221
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2222	/* 3a) r = b; r = a - r => we should get the correct carry (use r to avoid clobbering b) */
				2223	memcpy( r, b, bytes );
Tom Cosgrove	be7209d	2022-09-15 14:32:38 +0100	[diff] [blame]	2224	TEST_EQUAL( carry, mbedtls_mpi_core_sub( r, a, r, limbs ) );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2225
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2226	/* 3b) r = a - b => we should get the correct result */
				2227	ASSERT_COMPARE( r, bytes, x, bytes );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2228
Tom Cosgrove	f2b3818	2022-09-20 09:08:31 +0100	[diff] [blame]	2229	/* 4 tests "r may be aliased to [...] both" */
				2230	if ( A.n == B.n && memcmp( A.p, B.p, bytes ) == 0 )
				2231	{
				2232	memcpy( r, b, bytes );
				2233	TEST_EQUAL( carry, mbedtls_mpi_core_sub( r, r, r, limbs ) );
				2234	ASSERT_COMPARE( r, bytes, x, bytes );
				2235	}
				2236
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2237	exit:
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2238	mbedtls_free( a );
				2239	mbedtls_free( b );
				2240	mbedtls_free( x );
				2241	mbedtls_free( r );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2242
Tom Cosgrove	a043aeb	2022-09-02 10:59:59 +0100	[diff] [blame]	2243	mbedtls_mpi_free( &A );
				2244	mbedtls_mpi_free( &B );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2245	mbedtls_mpi_free( &X4 );
				2246	mbedtls_mpi_free( &X8 );
Tom Cosgrove	2a65b85	2022-08-17 05:43:54 +0100	[diff] [blame]	2247	}
				2248	/* END_CASE */
				2249
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2250	/* BEGIN_CASE */
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2251	void mpi_core_mla( char * input_A, char * input_B, char * input_S,
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	2252	char * input_X4, char * input_cy4,
				2253	char * input_X8, char * input_cy8 )
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2254	{
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2255	/* We are testing A += B * s; A, B are MPIs, s is a scalar.
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2256	*
Tom Cosgrove	359feb0	2022-09-15 14:52:34 +0100	[diff] [blame]	2257	* However, we encode s as an MPI in the .data file as the test framework
				2258	* currently only supports `int`-typed scalars, and that doesn't cover the
				2259	* full range of `mbedtls_mpi_uint`.
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2260	*
				2261	* We also have the different results for sizeof(mbedtls_mpi_uint) == 4 or 8.
				2262	*/
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2263	mbedtls_mpi A, B, S, X4, X8, cy4, cy8;
				2264	mbedtls_mpi_uint *a = NULL;
				2265	mbedtls_mpi_uint *x = NULL;
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2266
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2267	mbedtls_mpi_init( &A );
				2268	mbedtls_mpi_init( &B );
				2269	mbedtls_mpi_init( &S );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2270	mbedtls_mpi_init( &X4 );
				2271	mbedtls_mpi_init( &X8 );
				2272	mbedtls_mpi_init( &cy4 );
				2273	mbedtls_mpi_init( &cy8 );
				2274
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2275	TEST_EQUAL( 0, mbedtls_test_read_mpi( &A, input_A ) );
				2276	TEST_EQUAL( 0, mbedtls_test_read_mpi( &B, input_B ) );
				2277	TEST_EQUAL( 0, mbedtls_test_read_mpi( &S, input_S ) );
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2278	TEST_EQUAL( 0, mbedtls_test_read_mpi( &X4, input_X4 ) );
				2279	TEST_EQUAL( 0, mbedtls_test_read_mpi( &cy4, input_cy4 ) );
				2280	TEST_EQUAL( 0, mbedtls_test_read_mpi( &X8, input_X8 ) );
				2281	TEST_EQUAL( 0, mbedtls_test_read_mpi( &cy8, input_cy8 ) );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2282
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2283	/* The MPI encoding of scalar s must be only 1 limb */
				2284	TEST_EQUAL( 1, S.n );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2285
				2286	/* We only need to work with X4 or X8, and cy4 or cy8, depending on sizeof(mbedtls_mpi_uint) */
				2287	mbedtls_mpi *X = ( sizeof(mbedtls_mpi_uint) == 4 ) ? &X4 : &X8;
				2288	mbedtls_mpi *cy = ( sizeof(mbedtls_mpi_uint) == 4 ) ? &cy4 : &cy8;
				2289
				2290	/* The carry should only have one limb */
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2291	TEST_EQUAL( 1, cy->n );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2292
				2293	/* All of the inputs are +ve (or zero) */
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2294	TEST_EQUAL( 1, A.s );
				2295	TEST_EQUAL( 1, B.s );
				2296	TEST_EQUAL( 1, S.s );
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2297	TEST_EQUAL( 1, X->s );
				2298	TEST_EQUAL( 1, cy->s );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2299
				2300	/* Get the (max) number of limbs we will need */
Tom Cosgrove	e2159f2	2022-09-15 14:40:10 +0100	[diff] [blame]	2301	size_t limbs = MAX( A.n, B.n );
Tom Cosgrove	b0fb17a	2022-09-01 15:04:43 +0100	[diff] [blame]	2302	size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2303
				2304	/* The result shouldn't have more limbs than the longest input */
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	2305	TEST_LE_U( X->n, limbs );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2306
				2307	/* Now let's get arrays of mbedtls_mpi_uints, rather than MPI structures */
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2308
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2309	/* ASSERT_ALLOC() uses calloc() under the hood, so these do get zeroed */
				2310	ASSERT_ALLOC( a, bytes );
				2311	ASSERT_ALLOC( x, bytes );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2312
				2313	/* Populate the arrays. As the mbedtls_mpi_uint[]s in mbedtls_mpis (and as
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2314	* processed by mbedtls_mpi_core_mla()) are little endian, we can just
Tom Cosgrove	2b17792	2022-09-15 14:07:18 +0100	[diff] [blame]	2315	* copy what we have as long as MSBs are 0 (which they are from ASSERT_ALLOC()).
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2316	*/
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2317	memcpy( a, A.p, A.n * sizeof(mbedtls_mpi_uint) );
				2318	memcpy( x, X->p, X->n * sizeof(mbedtls_mpi_uint) );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2319
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2320	/* 1a) A += B * s => we should get the correct carry */
				2321	TEST_EQUAL( mbedtls_mpi_core_mla( a, limbs, B.p, B.n, S.p ), cy->p );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2322
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2323	/* 1b) A += B * s => we should get the correct result */
				2324	ASSERT_COMPARE( a, bytes, x, bytes );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2325
Tom Cosgrove	b0b77e1	2022-09-20 13:33:40 +0100	[diff] [blame]	2326	if ( A.n == B.n && memcmp( A.p, B.p, bytes ) == 0 )
				2327	{
				2328	/* Check when A and B are aliased */
				2329	memcpy( a, A.p, A.n * sizeof(mbedtls_mpi_uint) );
				2330	TEST_EQUAL( mbedtls_mpi_core_mla( a, limbs, a, limbs, S.p ), cy->p );
				2331	ASSERT_COMPARE( a, bytes, x, bytes );
				2332	}
				2333
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2334	exit:
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2335	mbedtls_free( a );
				2336	mbedtls_free( x );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2337
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2338	mbedtls_mpi_free( &A );
				2339	mbedtls_mpi_free( &B );
				2340	mbedtls_mpi_free( &S );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2341	mbedtls_mpi_free( &X4 );
				2342	mbedtls_mpi_free( &X8 );
Tom Cosgrove	42dfac6	2022-09-02 11:16:39 +0100	[diff] [blame]	2343	mbedtls_mpi_free( &cy4 );
				2344	mbedtls_mpi_free( &cy8 );
Tom Cosgrove	659c84a	2022-08-17 05:45:19 +0100	[diff] [blame]	2345	}
				2346	/* END_CASE */
				2347
Tom Cosgrove	79b70f6	2022-08-17 06:17:00 +0100	[diff] [blame]	2348	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	2349	void mpi_montg_init( char * input_N, char * input_mm )
Tom Cosgrove	79b70f6	2022-08-17 06:17:00 +0100	[diff] [blame]	2350	{
				2351	mbedtls_mpi N, mm;
				2352
				2353	mbedtls_mpi_init( &N );
				2354	mbedtls_mpi_init( &mm );
				2355
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2356	TEST_EQUAL( 0, mbedtls_test_read_mpi( &N, input_N ) );
				2357	TEST_EQUAL( 0, mbedtls_test_read_mpi( &mm, input_mm ) );
Tom Cosgrove	79b70f6	2022-08-17 06:17:00 +0100	[diff] [blame]	2358
				2359	/* The MPI encoding of mm should be 1 limb (sizeof(mbedtls_mpi_uint) == 8) or
				2360	* 2 limbs (sizeof(mbedtls_mpi_uint) == 4).
				2361	*
				2362	* The data file contains the expected result for sizeof(mbedtls_mpi_uint) == 8;
				2363	* for sizeof(mbedtls_mpi_uint) == 4 it's just the LSW of this.
				2364	*/
Tom Cosgrove	b2c06f4	2022-08-24 17:45:58 +0100	[diff] [blame]	2365	TEST_ASSERT( mm.n == 1 \|\| mm.n == 2 );
Tom Cosgrove	79b70f6	2022-08-17 06:17:00 +0100	[diff] [blame]	2366
				2367	/* All of the inputs are +ve (or zero) */
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2368	TEST_EQUAL( 1, N.s );
				2369	TEST_EQUAL( 1, mm.s );
Tom Cosgrove	79b70f6	2022-08-17 06:17:00 +0100	[diff] [blame]	2370
Tom Cosgrove	b7438d1	2022-09-15 15:05:59 +0100	[diff] [blame]	2371	/* mbedtls_mpi_core_montmul_init() only returns a result, no error possible */
				2372	mbedtls_mpi_uint result = mbedtls_mpi_core_montmul_init( N.p );
Tom Cosgrove	79b70f6	2022-08-17 06:17:00 +0100	[diff] [blame]	2373
				2374	/* Check we got the correct result */
				2375	TEST_EQUAL( result, mm.p[0] );
				2376
				2377	exit:
				2378	mbedtls_mpi_free( &N );
				2379	mbedtls_mpi_free( &mm );
				2380	}
				2381	/* END_CASE */
				2382
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2383	/* BEGIN_CASE */
Tom Cosgrove	1b2947a	2022-09-02 10:24:55 +0100	[diff] [blame]	2384	void mpi_core_montmul( int limbs_AN4, int limbs_B4,
				2385	int limbs_AN8, int limbs_B8,
				2386	char * input_A,
				2387	char * input_B,
				2388	char * input_N,
				2389	char * input_X4,
				2390	char * input_X8 )
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2391	{
Tom Cosgrove	9384284	2022-08-05 16:59:43 +0100	[diff] [blame]	2392	mbedtls_mpi A, B, N, X4, X8, T, R;
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2393
				2394	mbedtls_mpi_init( &A );
				2395	mbedtls_mpi_init( &B );
				2396	mbedtls_mpi_init( &N );
				2397	mbedtls_mpi_init( &X4 ); /* expected result, sizeof(mbedtls_mpi_uint) == 4 */
				2398	mbedtls_mpi_init( &X8 ); /* expected result, sizeof(mbedtls_mpi_uint) == 8 */
				2399	mbedtls_mpi_init( &T );
Tom Cosgrove	9384284	2022-08-05 16:59:43 +0100	[diff] [blame]	2400	mbedtls_mpi_init( &R ); /* for the result */
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2401
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2402	TEST_EQUAL( 0, mbedtls_test_read_mpi( &A, input_A ) );
				2403	TEST_EQUAL( 0, mbedtls_test_read_mpi( &B, input_B ) );
				2404	TEST_EQUAL( 0, mbedtls_test_read_mpi( &N, input_N ) );
				2405	TEST_EQUAL( 0, mbedtls_test_read_mpi( &X4, input_X4 ) );
				2406	TEST_EQUAL( 0, mbedtls_test_read_mpi( &X8, input_X8 ) );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2407
				2408	mbedtls_mpi *X = ( sizeof(mbedtls_mpi_uint) == 4 ) ? &X4 : &X8;
				2409
				2410	int limbs_AN = ( sizeof(mbedtls_mpi_uint) == 4 ) ? limbs_AN4 : limbs_AN8;
				2411	int limbs_B = ( sizeof(mbedtls_mpi_uint) == 4 ) ? limbs_B4 : limbs_B8;
				2412
Tom Cosgrove	1feb5ac	2022-09-15 14:22:35 +0100	[diff] [blame]	2413	TEST_LE_U( A.n, (size_t)limbs_AN );
				2414	TEST_LE_U( X->n, (size_t)limbs_AN );
				2415	TEST_LE_U( B.n, (size_t)limbs_B );
				2416	TEST_LE_U( limbs_B, limbs_AN );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2417
				2418	/* All of the inputs are +ve (or zero) */
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2419	TEST_EQUAL( 1, A.s );
				2420	TEST_EQUAL( 1, B.s );
				2421	TEST_EQUAL( 1, N.s );
				2422	TEST_EQUAL( 1, X->s );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2423
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2424	TEST_EQUAL( 0, mbedtls_mpi_grow( &A, limbs_AN ) );
				2425	TEST_EQUAL( 0, mbedtls_mpi_grow( &N, limbs_AN ) );
				2426	TEST_EQUAL( 0, mbedtls_mpi_grow( X, limbs_AN ) );
				2427	TEST_EQUAL( 0, mbedtls_mpi_grow( &B, limbs_B ) );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2428
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2429	TEST_EQUAL( 0, mbedtls_mpi_grow( &T, limbs_AN * 2 + 1 ) );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2430
				2431	/* Calculate the Montgomery constant (this is unit tested separately) */
Tom Cosgrove	b7438d1	2022-09-15 15:05:59 +0100	[diff] [blame]	2432	mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init( N.p );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2433
Tom Cosgrove	9339f05	2022-09-01 13:02:53 +0100	[diff] [blame]	2434	TEST_EQUAL( 0, mbedtls_mpi_grow( &R, limbs_AN ) ); /* ensure it's got the right number of limbs */
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2435
Tom Cosgrove	9384284	2022-08-05 16:59:43 +0100	[diff] [blame]	2436	mbedtls_mpi_core_montmul( R.p, A.p, B.p, B.n, N.p, N.n, mm, T.p );
Tom Cosgrove	b0fb17a	2022-09-01 15:04:43 +0100	[diff] [blame]	2437	size_t bytes = N.n * sizeof(mbedtls_mpi_uint);
				2438	ASSERT_COMPARE( R.p, bytes, X->p, bytes );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2439
Tom Cosgrove	ea45c1d	2022-09-20 13:17:51 +0100	[diff] [blame]	2440	/* The output (R, above) may be aliased to A - use R to save the value of A */
				2441
				2442	memcpy( R.p, A.p, bytes );
				2443
				2444	mbedtls_mpi_core_montmul( A.p, A.p, B.p, B.n, N.p, N.n, mm, T.p );
				2445	ASSERT_COMPARE( A.p, bytes, X->p, bytes );
				2446
				2447	memcpy( A.p, R.p, bytes ); /* restore A */
				2448
				2449	/* The output may be aliased to N - use R to save the value of N */
				2450
				2451	memcpy( R.p, N.p, bytes );
				2452
				2453	mbedtls_mpi_core_montmul( N.p, A.p, B.p, B.n, N.p, N.n, mm, T.p );
				2454	ASSERT_COMPARE( N.p, bytes, X->p, bytes );
				2455
				2456	memcpy( N.p, R.p, bytes );
				2457
Tom Cosgrove	ea45c1d	2022-09-20 13:17:51 +0100	[diff] [blame]	2458	if (limbs_AN == limbs_B)
				2459	{
Tom Cosgrove	4386ead	2022-09-29 14:40:21 +0100	[diff] [blame]	2460	/* Test when A aliased to B (requires A == B on input values) */
				2461	if ( memcmp( A.p, B.p, bytes ) == 0 )
				2462	{
				2463	/* Test with A aliased to B and output, since this is permitted -
				2464	* don't bother with yet another test with only A and B aliased */
				2465
				2466	mbedtls_mpi_core_montmul( B.p, B.p, B.p, B.n, N.p, N.n, mm, T.p );
				2467	ASSERT_COMPARE( B.p, bytes, X->p, bytes );
				2468
				2469	memcpy( B.p, A.p, bytes ); /* restore B from equal value A */
				2470	}
				2471
				2472	/* The output may be aliased to B - last test, so we don't save B */
				2473
Tom Cosgrove	ea45c1d	2022-09-20 13:17:51 +0100	[diff] [blame]	2474	mbedtls_mpi_core_montmul( B.p, A.p, B.p, B.n, N.p, N.n, mm, T.p );
				2475	ASSERT_COMPARE( B.p, bytes, X->p, bytes );
				2476	}
				2477
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2478	exit:
				2479	mbedtls_mpi_free( &A );
				2480	mbedtls_mpi_free( &B );
				2481	mbedtls_mpi_free( &N );
				2482	mbedtls_mpi_free( &X4 );
				2483	mbedtls_mpi_free( &X8 );
				2484	mbedtls_mpi_free( &T );
Tom Cosgrove	9384284	2022-08-05 16:59:43 +0100	[diff] [blame]	2485	mbedtls_mpi_free( &R );
Tom Cosgrove	f334d96	2022-08-17 06:29:32 +0100	[diff] [blame]	2486	}
				2487	/* END_CASE */
				2488
Manuel Pégourié-Gonnard	2cf5a7c	2015-04-08 12:49:31 +0200	[diff] [blame]	2489	/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khan	f1aaec9	2017-05-30 14:23:15 +0100	[diff] [blame]	2490	void mpi_selftest( )
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	2491	{
Andres AG	93012e8	2016-09-09 09:10:28 +0100	[diff] [blame]	2492	TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 );
Paul Bakker	e896fea	2009-07-06 06:40:23 +0000	[diff] [blame]	2493	}
Paul Bakker	33b43f1	2013-08-20 11:48:36 +0200	[diff] [blame]	2494	/* END_CASE */