tests/suites/test_suite_bignum.function

/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
#include "mbedtls/entropy.h"
#include "constant_time_internal.h"
#include "bignum_core.h"
#include "test/constant_flow.h"

#if MBEDTLS_MPI_MAX_BITS > 792
#define MPI_MAX_BITS_LARGER_THAN_792
#endif

/* Check the validity of the sign bit in an MPI object. Reject representations
 * that are not supported by the rest of the library and indicate a bug when
 * constructing the value. */
static int sign_is_valid( const mbedtls_mpi *X )
{
    /* Only +1 and -1 are valid sign bits, not e.g. 0 */
    if( X->s != 1 && X->s != -1 )
        return( 0 );

    /* The value 0 must be represented with the sign +1. A "negative zero"
     * with s=-1 is an invalid representation. Forbid that. As an exception,
     * we sometimes test the robustness of library functions when given
     * a negative zero input. If a test case has a negative zero as input,
     * we don't mind if the function has a negative zero output. */
    if( ! mbedtls_test_case_uses_negative_0 &&
        mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
    {
        return( 0 );
    }

    return( 1 );
}

typedef struct mbedtls_test_mpi_random
{
    data_t *data;
    size_t  pos;
    size_t  chunk_len;
} mbedtls_test_mpi_random;

/*
 * This function is called by the Miller-Rabin primality test each time it
 * chooses a random witness. The witnesses (or non-witnesses as provided by the
 * test) are stored in the data member of the state structure. Each number is in
 * the format that mbedtls_mpi_read_string understands and is chunk_len long.
 */
int mbedtls_test_mpi_miller_rabin_determinizer( void* state,
                                                unsigned char* buf,
                                                size_t len )
{
    mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random*) state;

    if( random == NULL || random->data->x == NULL || buf == NULL )
        return( -1 );

    if( random->pos + random->chunk_len > random->data->len
            || random->chunk_len > len )
    {
        return( -1 );
    }

    memset( buf, 0, len );

    /* The witness is written to the end of the buffer, since the buffer is
     * used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
     * Writing the witness to the start of the buffer would result in the
     * buffer being 'witness 000...000', which would be treated as
     * witness * 2^n for some n. */
    memcpy( buf + len - random->chunk_len, &random->data->x[random->pos],
            random->chunk_len );

    random->pos += random->chunk_len;

    return( 0 );
}

/* Random generator that is told how many bytes to return. */
static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len )
{
    size_t *bytes_left = state;
    size_t i;
    for( i = 0; i < len; i++ )
    {
        if( *bytes_left == 0 )
            return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
        buf[i] = *bytes_left & 0xff;
        --( *bytes_left );
    }
    return( 0 );
}

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_BIGNUM_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void mpi_null(  )
{
    mbedtls_mpi X, Y, Z;

    mbedtls_mpi_init( &X );
    mbedtls_mpi_init( &Y );
    mbedtls_mpi_init( &Z );

    TEST_ASSERT( mbedtls_mpi_get_bit( &X, 42 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_lsb( &X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_size( &X ) == 0 );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
                            char * input_A, int output_size, int result_read,
                            int result_write )
{
    mbedtls_mpi X;
    char str[1000];
    size_t len;

    mbedtls_mpi_init( &X );

    memset( str, '!', sizeof( str ) );

    TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
    if( result_read == 0 )
    {
        TEST_ASSERT( sign_is_valid( &X ) );
        TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write );
        if( result_write == 0 )
        {
            TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
            TEST_ASSERT( str[len] == '!' );
        }
    }

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_read_binary( data_t * buf, char * input_A )
{
    mbedtls_mpi X;
    char str[1000];
    size_t len;

    mbedtls_mpi_init( &X );


    TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
    TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_read_binary_le( data_t * buf, char * input_A )
{
    mbedtls_mpi X;
    char str[1000];
    size_t len;

    mbedtls_mpi_init( &X );


    TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_write_string( &X, 16, str, sizeof( str ), &len ) == 0 );
    TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_write_binary( char * input_X, data_t * input_A,
                       int output_size, int result )
{
    mbedtls_mpi X;
    unsigned char buf[1000];
    size_t buflen;

    memset( buf, 0x00, 1000 );

    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    buflen = mbedtls_mpi_size( &X );
    if( buflen > (size_t) output_size )
        buflen = (size_t) output_size;

    TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == result );
    if( result == 0)
    {

        TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
                                          buflen, input_A->len ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_write_binary_le( char * input_X, data_t * input_A,
                          int output_size, int result )
{
    mbedtls_mpi X;
    unsigned char buf[1000];
    size_t buflen;

    memset( buf, 0x00, 1000 );

    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    buflen = mbedtls_mpi_size( &X );
    if( buflen > (size_t) output_size )
        buflen = (size_t) output_size;

    TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
    if( result == 0)
    {

        TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
                                          buflen, input_A->len ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mpi_read_file( char * input_file, data_t * input_A, int result )
{
    mbedtls_mpi X;
    unsigned char buf[1000];
    size_t buflen;
    FILE *file;
    int ret;

    memset( buf, 0x00, 1000 );

    mbedtls_mpi_init( &X );

    file = fopen( input_file, "r" );
    TEST_ASSERT( file != NULL );
    ret = mbedtls_mpi_read_file( &X, 16, file );
    fclose(file);
    TEST_ASSERT( ret == result );

    if( result == 0 )
    {
        TEST_ASSERT( sign_is_valid( &X ) );
        buflen = mbedtls_mpi_size( &X );
        TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );


        TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
                                          buflen, input_A->len ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mpi_write_file( char * input_X, char * output_file )
{
    mbedtls_mpi X, Y;
    FILE *file_out, *file_in;
    int ret;

    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    file_out = fopen( output_file, "w" );
    TEST_ASSERT( file_out != NULL );
    ret = mbedtls_mpi_write_file( NULL, &X, 16, file_out );
    fclose(file_out);
    TEST_ASSERT( ret == 0 );

    file_in = fopen( output_file, "r" );
    TEST_ASSERT( file_in != NULL );
    ret = mbedtls_mpi_read_file( &Y, 16, file_in );
    fclose(file_in);
    TEST_ASSERT( ret == 0 );

    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_get_bit( char * input_X, int pos, int val )
{
    mbedtls_mpi X;
    mbedtls_mpi_init( &X );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_set_bit( char * input_X, int pos, int val,
                  char * output_Y, int result )
{
    mbedtls_mpi X, Y;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, output_Y ) == 0 );
    TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result );

    if( result == 0 )
    {
        TEST_ASSERT( sign_is_valid( &X ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_lsb( char * input_X, int nr_bits )
{
    mbedtls_mpi X;
    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_bitlen( char * input_X, int nr_bits )
{
    mbedtls_mpi X;
    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_gcd( char * input_X, char * input_Y,
              char * input_A )
{
    mbedtls_mpi A, X, Y, Z;
    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

exit:
    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_cmp_int( int input_X, int input_A, int result_CMP )
{
    mbedtls_mpi X;
    mbedtls_mpi_init( &X  );

    TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0);
    TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_A ) == result_CMP);

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_cmp_mpi( char * input_X, char * input_Y,
                  int input_A )
{
    mbedtls_mpi X, Y;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_lt_mpi_ct( int size_X, char * input_X,
                    int size_Y, char * input_Y,
                    int input_ret, int input_err )
{
    unsigned ret = -1;
    unsigned input_uret = input_ret;
    mbedtls_mpi X, Y;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );

    TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );

    TEST_ASSERT( mbedtls_mpi_lt_mpi_ct( &X, &Y, &ret ) == input_err );
    if( input_err == 0 )
        TEST_ASSERT( ret == input_uret );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_cmp_abs( char * input_X, char * input_Y,
                  int input_A )
{
    mbedtls_mpi X, Y;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_copy( char *src_hex, char *dst_hex )
{
    mbedtls_mpi src, dst, ref;
    mbedtls_mpi_init( &src );
    mbedtls_mpi_init( &dst );
    mbedtls_mpi_init( &ref );

    TEST_ASSERT( mbedtls_test_read_mpi( &src, src_hex ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &ref, dst_hex ) == 0 );

    /* mbedtls_mpi_copy() */
    TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
    TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 );
    TEST_ASSERT( sign_is_valid( &dst ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );

    /* mbedtls_mpi_safe_cond_assign(), assignment done */
    mbedtls_mpi_free( &dst );
    TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
    TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 );
    TEST_ASSERT( sign_is_valid( &dst ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );

    /* mbedtls_mpi_safe_cond_assign(), assignment not done */
    mbedtls_mpi_free( &dst );
    TEST_ASSERT( mbedtls_test_read_mpi( &dst, dst_hex ) == 0 );
    TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 );
    TEST_ASSERT( sign_is_valid( &dst ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 );

exit:
    mbedtls_mpi_free( &src );
    mbedtls_mpi_free( &dst );
    mbedtls_mpi_free( &ref );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_copy_self( char *input_X )
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init( &A );
    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );

    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_X ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );

exit:
    mbedtls_mpi_free( &A );
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_swap( char *X_hex, char *Y_hex )
{
    mbedtls_mpi X, Y, X0, Y0;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
    mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );

    TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y0, Y_hex ) == 0 );

    /* mbedtls_mpi_swap() */
    TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
    mbedtls_mpi_swap( &X, &Y );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( sign_is_valid( &Y ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );

    /* mbedtls_mpi_safe_cond_swap(), swap done */
    mbedtls_mpi_free( &X );
    mbedtls_mpi_free( &Y );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
    TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( sign_is_valid( &Y ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );

    /* mbedtls_mpi_safe_cond_swap(), swap not done */
    mbedtls_mpi_free( &X );
    mbedtls_mpi_free( &Y );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, Y_hex ) == 0 );
    TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( sign_is_valid( &Y ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
    mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_swap_self( char *X_hex )
{
    mbedtls_mpi X, X0;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, X_hex ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &X0, X_hex ) == 0 );

    mbedtls_mpi_swap( &X, &X );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_shrink( int before, int used, int min, int after )
{
    mbedtls_mpi X;
    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 );
    if( used > 0 )
    {
        size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint );
        TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 );
    }
    TEST_EQUAL( X.n, (size_t) before );
    TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 );
    TEST_EQUAL( X.n, (size_t) after );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_add_mpi( char * input_X, char * input_Y,
                  char * input_A )
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

    /* result == first operand */
    TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    /* result == second operand */
    TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Y ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_add_mpi_inplace( char * input_X, char * input_A )
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
}
/* END_CASE */


/* BEGIN_CASE */
void mpi_add_abs( char * input_X, char * input_Y,
                  char * input_A )
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

    /* result == first operand */
    TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    /* result == second operand */
    TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Y ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_add_int( char * input_X, int input_Y,
                  char * input_A )
{
    mbedtls_mpi X, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_sub_mpi( char * input_X, char * input_Y,
                  char * input_A )
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

    /* result == first operand */
    TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    /* result == second operand */
    TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Y ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_sub_abs( char * input_X, char * input_Y,
                  char * input_A, int sub_result )
{
    mbedtls_mpi X, Y, Z, A;
    int res;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );

    res = mbedtls_mpi_sub_abs( &Z, &X, &Y );
    TEST_ASSERT( res == sub_result );
    TEST_ASSERT( sign_is_valid( &Z ) );
    if( res == 0 )
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

    /* result == first operand */
    TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
    TEST_ASSERT( sign_is_valid( &X ) );
    if( sub_result == 0 )
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    /* result == second operand */
    TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
    TEST_ASSERT( sign_is_valid( &Y ) );
    if( sub_result == 0 )
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_sub_int( char * input_X, int input_Y,
                  char * input_A )
{
    mbedtls_mpi X, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mul_mpi( char * input_X, char * input_Y,
                  char * input_A )
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mul_int( char * input_X, int input_Y,
                  char * input_A, char * result_comparison )
{
    mbedtls_mpi X, Z, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 );
    TEST_ASSERT( sign_is_valid( &Z ) );
    if( strcmp( result_comparison, "==" ) == 0 )
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
    else if( strcmp( result_comparison, "!=" ) == 0 )
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) != 0 );
    else
        TEST_ASSERT( "unknown operator" == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_div_mpi( char * input_X, char * input_Y,
                  char * input_A, char * input_B,
                  int div_result )
{
    mbedtls_mpi X, Y, Q, R, A, B;
    int res;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R );
    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
    res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y );
    TEST_ASSERT( res == div_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &Q ) );
        TEST_ASSERT( sign_is_valid( &R ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R );
    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &B );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_div_int( char * input_X, int input_Y,
                  char * input_A, char * input_B,
                  int div_result )
{
    mbedtls_mpi X, Q, R, A, B;
    int res;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A );
    mbedtls_mpi_init( &B );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &B, input_B ) == 0 );
    res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y );
    TEST_ASSERT( res == div_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &Q ) );
        TEST_ASSERT( sign_is_valid( &R ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &R ); mbedtls_mpi_free( &A );
    mbedtls_mpi_free( &B );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mod_mpi( char * input_X, char * input_Y,
                  char * input_A, int div_result )
{
    mbedtls_mpi X, Y, A;
    int res;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    res = mbedtls_mpi_mod_mpi( &X, &X, &Y );
    TEST_ASSERT( res == div_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &X ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mod_int( char * input_X, char * input_Y,
                  char * input_A, int mod_result )
{
    mbedtls_mpi X;
    mbedtls_mpi Y;
    mbedtls_mpi A;
    int res;
    mbedtls_mpi_uint r;

    mbedtls_mpi_init( &X );
    mbedtls_mpi_init( &Y );
    mbedtls_mpi_init( &A );

    /* We use MPIs to read Y and A since the test framework limits us to
     * ints, so we can't have 64-bit values */
    TEST_EQUAL( mbedtls_test_read_mpi( &X, input_X ), 0 );
    TEST_EQUAL( mbedtls_test_read_mpi( &Y, input_Y ), 0 );
    TEST_EQUAL( mbedtls_test_read_mpi( &A, input_A ), 0 );

    TEST_EQUAL( Y.n, 1 );
    TEST_EQUAL( A.n, 1 );

    /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */

    /* Since we're converting sign+magnitude to two's complement, we lose one
     * bit of value in the output. This means there are some values we can't
     * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically
     * invalid test cases, so could be considered "won't happen", but they are
     * easy to test for, and this helps guard against human error. */

    mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
    TEST_ASSERT( y >= 0 );      /* If y < 0 here, we can't make negative y */
    if( Y.s == -1 )
        y = -y;

    mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
    TEST_ASSERT( a >= 0 );      /* Same goes for a */
    if( A.s == -1 )
        a = -a;

    res = mbedtls_mpi_mod_int( &r, &X, y );
    TEST_EQUAL( res, mod_result );
    if( res == 0 )
    {
        TEST_EQUAL( r, a );
    }

exit:
    mbedtls_mpi_free( &X );
    mbedtls_mpi_free( &Y );
    mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_exp_mod( char * input_A, char * input_E,
                  char * input_N, char * input_X,
                  int exp_result )
{
    mbedtls_mpi A, E, N, RR, Z, X;
    int res;
    mbedtls_mpi_init( &A  ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
    mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &E, input_E ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &N, input_N ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );

    res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL );
    TEST_ASSERT( res == exp_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &Z ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
    }

    /* Now test again with the speed-up parameter supplied as an output. */
    res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
    TEST_ASSERT( res == exp_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &Z ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
    }

    /* Now test again with the speed-up parameter supplied in calculated form. */
    res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
    TEST_ASSERT( res == exp_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &Z ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
    }

exit:
    mbedtls_mpi_free( &A  ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
    mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes,
                       char * input_RR, int exp_result )
{
    mbedtls_mpi A, E, N, RR, Z;
    mbedtls_mpi_init( &A  ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
    mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z );

    /* Set A to 2^(A_bytes - 1) + 1 */
    TEST_ASSERT( mbedtls_mpi_lset( &A, 1 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_shift_l( &A, ( A_bytes * 8 ) - 1 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_set_bit( &A, 0, 1 ) == 0 );

    /* Set E to 2^(E_bytes - 1) + 1 */
    TEST_ASSERT( mbedtls_mpi_lset( &E, 1 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_shift_l( &E, ( E_bytes * 8 ) - 1 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 1 ) == 0 );

    /* Set N to 2^(N_bytes - 1) + 1 */
    TEST_ASSERT( mbedtls_mpi_lset( &N, 1 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_shift_l( &N, ( N_bytes * 8 ) - 1 ) == 0 );
    TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );

    if( strlen( input_RR ) )
        TEST_ASSERT( mbedtls_test_read_mpi( &RR, input_RR ) == 0 );

    TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );

exit:
    mbedtls_mpi_free( &A  ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N );
    mbedtls_mpi_free( &RR ); mbedtls_mpi_free( &Z );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_inv_mod( char * input_X, char * input_Y,
                  char * input_A, int div_result )
{
    mbedtls_mpi X, Y, Z, A;
    int res;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &Y, input_Y ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    res = mbedtls_mpi_inv_mod( &Z, &X, &Y );
    TEST_ASSERT( res == div_result );
    if( res == 0 )
    {
        TEST_ASSERT( sign_is_valid( &Z ) );
        TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
    }

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_is_prime( char * input_X, int div_result )
{
    mbedtls_mpi X;
    int res;
    mbedtls_mpi_init( &X );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
    TEST_ASSERT( res == div_result );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_is_prime_det( data_t * input_X, data_t * witnesses,
                       int chunk_len, int rounds )
{
    mbedtls_mpi X;
    int res;
    mbedtls_test_mpi_random rand;

    mbedtls_mpi_init( &X );
    rand.data = witnesses;
    rand.pos = 0;
    rand.chunk_len = chunk_len;

    TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
    res = mbedtls_mpi_is_prime_ext( &X, rounds - 1,
                                    mbedtls_test_mpi_miller_rabin_determinizer,
                                    &rand );
    TEST_ASSERT( res == 0 );

    rand.data = witnesses;
    rand.pos = 0;
    rand.chunk_len = chunk_len;

    res = mbedtls_mpi_is_prime_ext( &X, rounds,
                                    mbedtls_test_mpi_miller_rabin_determinizer,
                                    &rand );
    TEST_ASSERT( res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_gen_prime( int bits, int flags, int ref_ret )
{
    mbedtls_mpi X;
    int my_ret;

    mbedtls_mpi_init( &X );

    my_ret = mbedtls_mpi_gen_prime( &X, bits, flags,
                                    mbedtls_test_rnd_std_rand, NULL );
    TEST_ASSERT( my_ret == ref_ret );

    if( ref_ret == 0 )
    {
        size_t actual_bits = mbedtls_mpi_bitlen( &X );

        TEST_ASSERT( actual_bits >= (size_t) bits );
        TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
        TEST_ASSERT( sign_is_valid( &X ) );

        TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
                                               mbedtls_test_rnd_std_rand,
                                               NULL ) == 0 );
        if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH )
        {
            /* X = ( X - 1 ) / 2 */
            TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
            TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
                                                   mbedtls_test_rnd_std_rand,
                                                   NULL ) == 0 );
        }
    }

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_shift_l( char * input_X, int shift_X,
                  char * input_A )
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_shift_r( char * input_X, int shift_X,
                  char * input_A )
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );

    TEST_ASSERT( mbedtls_test_read_mpi( &X, input_X ) == 0 );
    TEST_ASSERT( mbedtls_test_read_mpi( &A, input_A ) == 0 );
    TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 );
    TEST_ASSERT( sign_is_valid( &X ) );
    TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );

exit:
    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &A );
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_fill_random( int wanted_bytes, int rng_bytes,
                      int before, int expected_ret )
{
    mbedtls_mpi X;
    int ret;
    size_t bytes_left = rng_bytes;
    mbedtls_mpi_init( &X );

    if( before != 0 )
    {
        /* Set X to sign(before) * 2^(|before|-1) */
        TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 );
        if( before < 0 )
            before = - before;
        TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 );
    }

    ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
                                   f_rng_bytes_left, &bytes_left );
    TEST_ASSERT( ret == expected_ret );

    if( expected_ret == 0 )
    {
        /* mbedtls_mpi_fill_random is documented to use bytes from the RNG
         * as a big-endian representation of the number. We know when
         * our RNG function returns null bytes, so we know how many
         * leading zero bytes the number has. */
        size_t leading_zeros = 0;
        if( wanted_bytes > 0 && rng_bytes % 256 == 0 )
            leading_zeros = 1;
        TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
                     (size_t) wanted_bytes );
        TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
        TEST_ASSERT( sign_is_valid( &X ) );
    }

exit:
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE */
void most_negative_mpi_sint( )
{
    /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We
     * guarantee that mbedtls_mpi_sint is a two's complement type, so this
     * is a valid value. However, negating it (`-n`) has undefined behavior
     * (although in practice `-n` evaluates to the value n).
     *
     * This function has ad hoc tests for this value. It's separated from other
     * functions because the test framework makes it hard to pass this value
     * into test cases.
     *
     * In the comments here:
     * - biL = number of bits in limbs
     * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range)
     * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range)
     */

    mbedtls_mpi A, R, X;
    mbedtls_mpi_init( &A );
    mbedtls_mpi_init( &R );
    mbedtls_mpi_init( &X );

    mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << ( biL - 1 );
    const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1;
    const mbedtls_mpi_sint most_negative = - most_positive - 1;
    TEST_EQUAL( (mbedtls_mpi_uint) most_negative,
                (mbedtls_mpi_uint) 1 << ( biL - 1 ) );
    TEST_EQUAL( (mbedtls_mpi_uint) most_negative << 1, 0 );

    /* Test mbedtls_mpi_lset() */
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
    TEST_EQUAL( A.s, -1 );
    TEST_EQUAL( A.n, 1 );
    TEST_EQUAL( A.p[0], most_positive_plus_1 );

    /* Test mbedtls_mpi_cmp_int(): -p == -p */
    TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 0 );

    /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */
    A.p[0] = most_positive_plus_1 + 1;
    TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), -1 );

    /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */
    A.p[0] = most_positive_plus_1 - 1;
    TEST_EQUAL( mbedtls_mpi_cmp_int( &A, most_negative ), 1 );

    /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
    TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );

    /* Test mbedtls_mpi_add_int(): (0) + (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
    TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, most_negative ), 0 );

    /* Test mbedtls_mpi_add_int(): (-p) + (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_add_int( &X, &A, most_negative ), 0 );
    TEST_EQUAL( X.s, -1 );
    TEST_EQUAL( X.n, 2 );
    TEST_EQUAL( X.p[0], 0 );
    TEST_EQUAL( X.p[1], 1 );

    /* Test mbedtls_mpi_sub_int(): (p) - (-p) */
    mbedtls_mpi_free( &X );
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
    TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
    TEST_EQUAL( X.s, 1 );
    TEST_EQUAL( X.n, 1 );
    TEST_EQUAL( X.p[0], ~(mbedtls_mpi_uint)0 );

    /* Test mbedtls_mpi_sub_int(): (0) - (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, 0 ), 0 );
    TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
    TEST_EQUAL( X.s, 1 );
    TEST_EQUAL( X.n, 1 );
    TEST_EQUAL( X.p[0], most_positive_plus_1 );

    /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_sub_int( &X, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );

    /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, -most_positive ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );

    /* Test mbedtls_mpi_div_int(): (-p) / (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );

    /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */
    TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 2 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );

    /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */
    TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, -most_positive ), 0 );

    /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */
    TEST_EQUAL( mbedtls_mpi_lset( &A, most_positive ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, 0 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, most_positive ), 0 );

    /* Test mbedtls_mpi_div_int(): (p) / (-p) */
    TEST_EQUAL( mbedtls_mpi_add_int( &A, &A, 1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );

    /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */
    TEST_EQUAL( mbedtls_mpi_shift_l( &A, 1 ), 0 );
    TEST_EQUAL( mbedtls_mpi_div_int( &X, &R, &A, most_negative ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &X, -2 ), 0 );
    TEST_EQUAL( mbedtls_mpi_cmp_int( &R, 0 ), 0 );

    /* Test mbedtls_mpi_mod_int(): never valid */
    TEST_EQUAL( mbedtls_mpi_mod_int( X.p, &A, most_negative ),
                MBEDTLS_ERR_MPI_NEGATIVE_VALUE );

    /* Test mbedtls_mpi_random(): never valid */
    TEST_EQUAL( mbedtls_mpi_random( &X, most_negative, &A,
                                    mbedtls_test_rnd_std_rand, NULL ),
                MBEDTLS_ERR_MPI_BAD_INPUT_DATA );

exit:
    mbedtls_mpi_free( &A );
    mbedtls_mpi_free( &R );
    mbedtls_mpi_free( &X );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mpi_selftest(  )
{
    TEST_ASSERT( mbedtls_mpi_self_test( 1 ) == 0 );
}
/* END_CASE */