TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 449bd8303eed8164b83682d2ce028dca0e49b1fa / . / tests / suites / test_suite_bignum_mod.function
blob: ded4c0cb4c8fadd3074c785517e7dd4157637c14 [file] [log] [blame]
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/entropy.h"
4#include "bignum_mod.h"
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]5#include "bignum_mod_raw.h"
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]6#include "constant_time_internal.h"
7#include "test/constant_flow.h"
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]8
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]9#define TEST_COMPARE_MPI_RESIDUES(a, b) \
10 ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
11 (b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]12
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]13static int test_read_modulus(mbedtls_mpi_mod_modulus *m,
14 mbedtls_mpi_mod_rep_selector int_rep,
15 char *input)
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]16{
17 mbedtls_mpi_uint *p = NULL;
18 size_t limbs;
19
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]20 int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
21 if (ret != 0) {
22 return ret;
23 }
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]24
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]25 return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]26}
27
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]28static int test_read_residue(mbedtls_mpi_mod_residue *r,
29 const mbedtls_mpi_mod_modulus *m,
30 char *input,
31 int skip_limbs_and_value_checks)
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]32{
33 mbedtls_mpi_uint *p = NULL;
34 size_t limbs;
35
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]36 int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
37 if (ret != 0) {
38 return ret;
39 }
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]40
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]41 if (skip_limbs_and_value_checks) {
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]42 r->p = p;
43 r->limbs = limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]44 return 0;
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]45 }
46
47 /* mbedtls_mpi_mod_residue_setup() checks limbs, and that value < m */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]48 return mbedtls_mpi_mod_residue_setup(r, m, p, limbs);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]49}
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]50/* END_HEADER */
51
52/* BEGIN_DEPENDENCIES
53 * depends_on:MBEDTLS_BIGNUM_C
54 * END_DEPENDENCIES
55 */
56
57/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]58void mpi_mod_setup(int int_rep, int iret)
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]59{
60 #define MLIMBS 8
61 mbedtls_mpi_uint mp[MLIMBS];
62 mbedtls_mpi_mod_modulus m;
63 int ret;
64
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]65 memset(mp, 0xFF, sizeof(mp));
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]66
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]67 mbedtls_mpi_mod_modulus_init(&m);
68 ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
69 TEST_EQUAL(ret, iret);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]70
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]71 /* Only test if the constants have been set-up */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]72 if (ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]73 /* Test that the consts have been calculated */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]74 TEST_ASSERT(m.rep.mont.rr != NULL);
75 TEST_ASSERT(m.rep.mont.mm != 0);
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]76
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]77 }
78
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]79 /* Address sanitiser should catch if we try to free mp */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]80 mbedtls_mpi_mod_modulus_free(&m);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]81
82 /* Make sure that the modulus doesn't have reference to mp anymore */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]83 TEST_ASSERT(m.p != mp);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]84
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]85 /* Only test if the constants have been set-up */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]86 if (ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]87 /* Verify the data and pointers allocated have been properly wiped */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]88 TEST_ASSERT(m.rep.mont.rr == NULL);
89 TEST_ASSERT(m.rep.mont.mm == 0);
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]90 }
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]91exit:
92 /* It should be safe to call an mbedtls free several times */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]93 mbedtls_mpi_mod_modulus_free(&m);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]94
95 #undef MLIMBS
96}
97/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]98
99/* BEGIN MERGE SLOT 1 */
100
101/* END MERGE SLOT 1 */
102
103/* BEGIN MERGE SLOT 2 */
104
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]105/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]106void mpi_mod_mul(char *input_A,
107 char *input_B,
108 char *input_N,
109 char *result)
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]110{
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]111 mbedtls_mpi_uint *X = NULL;
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]112
Gabor Mezei78c4fb42022-12-20 18:09:49 +0100[diff] [blame]113 mbedtls_mpi_mod_residue rA = { NULL, 0 };
114 mbedtls_mpi_mod_residue rB = { NULL, 0 };
115 mbedtls_mpi_mod_residue rR = { NULL, 0 };
116 mbedtls_mpi_mod_residue rX = { NULL, 0 };
117
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]118 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]119 mbedtls_mpi_mod_modulus_init(&m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]120
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]121 TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
122 0);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]123
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]124 TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
125 TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
126 TEST_EQUAL(test_read_residue(&rR, &m, result, 0), 0);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]127
128 const size_t limbs = m.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]129 const size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]130
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]131 TEST_EQUAL(rA.limbs, limbs);
132 TEST_EQUAL(rB.limbs, limbs);
133 TEST_EQUAL(rR.limbs, limbs);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]134
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]135 ASSERT_ALLOC(X, limbs);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]136
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]137 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]138
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]139 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), 0);
140 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]141
142 /* alias X to A */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]143 memcpy(rX.p, rA.p, bytes);
144 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rB, &m), 0);
145 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]146
147 /* alias X to B */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]148 memcpy(rX.p, rB.p, bytes);
149 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rX, &m), 0);
150 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]151
152 /* A == B: alias A and B */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]153 if (memcmp(rA.p, rB.p, bytes) == 0) {
154 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA, &m), 0);
155 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]156
157 /* X, A, B all aliased together */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]158 memcpy(rX.p, rA.p, bytes);
159 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rX, &m), 0);
160 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]161 }
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]162 /* A != B: test B * A */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]163 else {
164 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rA, &m), 0);
165 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]166
167 /* B * A: alias X to A */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]168 memcpy(rX.p, rA.p, bytes);
169 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rX, &m), 0);
170 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]171
172 /* B + A: alias X to B */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]173 memcpy(rX.p, rB.p, bytes);
174 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rA, &m), 0);
175 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]176 }
177
178exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]179 mbedtls_free(rA.p);
180 mbedtls_free(rB.p);
181 mbedtls_free(rR.p);
182 mbedtls_free(X);
183 mbedtls_free((mbedtls_mpi_uint *) m.p);
Gabor Mezeif9728132022-12-20 13:55:37 +0100[diff] [blame]184
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]185 mbedtls_mpi_mod_modulus_free(&m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]186}
187/* END_CASE */
188
189/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]190void mpi_mod_mul_neg(char *input_A,
191 char *input_B,
192 char *input_N,
193 char *result,
194 int exp_ret)
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]195{
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]196 mbedtls_mpi_uint *X = NULL;
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]197
Gabor Mezei78c4fb42022-12-20 18:09:49 +0100[diff] [blame]198 mbedtls_mpi_mod_residue rA = { NULL, 0 };
199 mbedtls_mpi_mod_residue rB = { NULL, 0 };
200 mbedtls_mpi_mod_residue rR = { NULL, 0 };
201 mbedtls_mpi_mod_residue rX = { NULL, 0 };
202
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]203 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]204 mbedtls_mpi_mod_modulus_init(&m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]205
Gabor Mezeif65c71f2022-12-21 11:54:22 +0100[diff] [blame]206 mbedtls_mpi_mod_modulus fake_m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]207 mbedtls_mpi_mod_modulus_init(&fake_m);
Gabor Mezeif65c71f2022-12-21 11:54:22 +0100[diff] [blame]208
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]209 TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
210 0);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]211
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]212 TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
213 TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
214 TEST_EQUAL(test_read_residue(&rR, &m, result, 1), 0);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]215
216 const size_t limbs = m.limbs;
217
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]218 ASSERT_ALLOC(X, limbs);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]219
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]220 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]221 rX.limbs = rR.limbs;
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]222
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]223 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), exp_ret);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]224
225 /* Check when m is not initialized */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]226 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &fake_m),
227 MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]228
229exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]230 mbedtls_free(rA.p);
231 mbedtls_free(rB.p);
232 mbedtls_free(rR.p);
233 mbedtls_free(X);
234 mbedtls_free((mbedtls_mpi_uint *) m.p);
Gabor Mezeif9728132022-12-20 13:55:37 +0100[diff] [blame]235
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]236 mbedtls_mpi_mod_modulus_free(&m);
237 mbedtls_mpi_mod_modulus_free(&fake_m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]238}
239/* END_CASE */
240
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]241/* END MERGE SLOT 2 */
242
243/* BEGIN MERGE SLOT 3 */
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]244/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]245void mpi_mod_sub(char *input_N,
246 char *input_A, char *input_B,
247 char *input_D, int expected_ret)
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]248{
249 mbedtls_mpi_mod_residue a = { NULL, 0 };
250 mbedtls_mpi_mod_residue b = { NULL, 0 };
251 mbedtls_mpi_mod_residue d = { NULL, 0 };
252 mbedtls_mpi_mod_residue x = { NULL, 0 };
253 mbedtls_mpi_uint *X_raw = NULL;
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]254
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]255 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]256 mbedtls_mpi_mod_modulus_init(&m);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]257
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]258 TEST_EQUAL(0,
259 test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]260
261 /* test_read_residue() normally checks that inputs have the same number of
262 * limbs as the modulus. For negative testing we can ask it to skip this
263 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]264 TEST_EQUAL(0, test_read_residue(&a, &m, input_A, expected_ret != 0));
265 TEST_EQUAL(0, test_read_residue(&b, &m, input_B, expected_ret != 0));
266 TEST_EQUAL(0, test_read_residue(&d, &m, input_D, expected_ret != 0));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]267
268 size_t limbs = m.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]269 size_t bytes = limbs * sizeof(*X_raw);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]270
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]271 if (expected_ret == 0) {
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]272 /* Negative test with too many limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]273 ASSERT_ALLOC(X_raw, limbs + 1);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]274
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]275 x.p = X_raw;
276 x.limbs = limbs + 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]277 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
278 mbedtls_mpi_mod_sub(&x, &a, &b, &m));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]279
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]280 mbedtls_free(X_raw);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]281 X_raw = NULL;
282
283 /* Negative test with too few limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]284 if (limbs > 1) {
285 ASSERT_ALLOC(X_raw, limbs - 1);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]286
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]287 x.p = X_raw;
288 x.limbs = limbs - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]289 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
290 mbedtls_mpi_mod_sub(&x, &a, &b, &m));
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]291
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]292 mbedtls_free(X_raw);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]293 X_raw = NULL;
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]294 }
295
296 /* Negative testing with too many/too few limbs in a and b is covered by
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]297 * manually-written test cases with expected_ret != 0. */
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]298 }
299
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]300 ASSERT_ALLOC(X_raw, limbs);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]301
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]302 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]303
304 /* a - b => Correct result, or expected error */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]305 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_sub(&x, &a, &b, &m));
306 if (expected_ret != 0) {
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]307 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]308 }
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]309
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]310 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]311
312 /* a - b: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]313 memcpy(x.p, a.p, bytes);
314 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &x, &b, &m));
315 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]316
317 /* a - b: alias x to b => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]318 memcpy(x.p, b.p, bytes);
319 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &a, &x, &m));
320 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]321
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]322 if (memcmp(a.p, b.p, bytes) == 0) {
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]323 /* a == b: alias a and b */
324
325 /* a - a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]326 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &a, &a, &m));
327 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]328
329 /* a - a: x, a, b all aliased together => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]330 memcpy(x.p, a.p, bytes);
331 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &x, &x, &m));
332 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]333 }
334
335exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]336 mbedtls_free((void *) m.p); /* mbedtls_mpi_mod_modulus_free() sets m.p = NULL */
337 mbedtls_mpi_mod_modulus_free(&m);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]338
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]339 mbedtls_free(a.p);
340 mbedtls_free(b.p);
341 mbedtls_free(d.p);
342 mbedtls_free(X_raw);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]343}
344/* END_CASE */
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]345
346/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]347void mpi_mod_inv_mont(char *input_N,
348 char *input_A, char *input_I,
349 int expected_ret)
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]350{
351 mbedtls_mpi_mod_residue a = { NULL, 0 }; /* argument */
352 mbedtls_mpi_mod_residue i = { NULL, 0 }; /* expected inverse wrt N */
353 mbedtls_mpi_mod_residue x = { NULL, 0 }; /* output */
354 mbedtls_mpi_uint *X_raw = NULL;
355
356 mbedtls_mpi_mod_modulus N;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]357 mbedtls_mpi_mod_modulus_init(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]358
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]359 TEST_EQUAL(0,
360 test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]361
362 /* test_read_residue() normally checks that inputs have the same number of
363 * limbs as the modulus. For negative testing we can ask it to skip this
364 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]365 TEST_EQUAL(0, test_read_residue(&a, &N, input_A, expected_ret != 0));
366 TEST_EQUAL(0, test_read_residue(&i, &N, input_I, expected_ret != 0));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]367
368 size_t limbs = N.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]369 size_t bytes = limbs * sizeof(*X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]370
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]371 ASSERT_ALLOC(X_raw, limbs);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]372
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]373 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]374
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]375 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_inv(&x, &a, &N));
376 if (expected_ret == 0) {
377 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]378
379 /* a^-1: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]380 memcpy(x.p, a.p, bytes);
381 TEST_EQUAL(0, mbedtls_mpi_mod_inv(&x, &x, &N));
382 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]383 }
384
385exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]386 mbedtls_free((void *) N.p); /* mbedtls_mpi_mod_modulus_free() sets N.p = NULL */
387 mbedtls_mpi_mod_modulus_free(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]388
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]389 mbedtls_free(a.p);
390 mbedtls_free(i.p);
391 mbedtls_free(X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]392}
393/* END_CASE */
394
395/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]396void mpi_mod_inv_non_mont(char *input_N,
397 char *input_A, char *input_I,
398 int expected_ret)
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]399{
400 mbedtls_mpi_mod_residue a = { NULL, 0 }; /* argument */
401 mbedtls_mpi_mod_residue i = { NULL, 0 }; /* expected inverse wrt N */
402 mbedtls_mpi_mod_residue x = { NULL, 0 }; /* output */
403 mbedtls_mpi_uint *X_raw = NULL;
404
405 mbedtls_mpi_mod_modulus N;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]406 mbedtls_mpi_mod_modulus_init(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]407
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]408 TEST_EQUAL(0,
409 test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]410
411 /* test_read_residue() normally checks that inputs have the same number of
412 * limbs as the modulus. For negative testing we can ask it to skip this
413 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]414 TEST_EQUAL(0, test_read_residue(&a, &N, input_A, expected_ret != 0));
415 TEST_EQUAL(0, test_read_residue(&i, &N, input_I, expected_ret != 0));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]416
417 size_t limbs = N.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]418 size_t bytes = limbs * sizeof(*X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]419
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]420 ASSERT_ALLOC(X_raw, limbs);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]421
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]422 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]423
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]424 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_inv(&x, &a, &N));
425 if (expected_ret == 0) {
426 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]427
428 /* a^-1: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]429 memcpy(x.p, a.p, bytes);
430 TEST_EQUAL(0, mbedtls_mpi_mod_inv(&x, &x, &N));
431 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]432 }
433
434exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]435 mbedtls_free((void *) N.p); /* mbedtls_mpi_mod_modulus_free() sets N.p = NULL */
436 mbedtls_mpi_mod_modulus_free(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]437
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]438 mbedtls_free(a.p);
439 mbedtls_free(i.p);
440 mbedtls_free(X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]441}
442/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]443/* END MERGE SLOT 3 */
444
445/* BEGIN MERGE SLOT 4 */
446
447/* END MERGE SLOT 4 */
448
449/* BEGIN MERGE SLOT 5 */
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]450/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]451void mpi_mod_add(char *input_N,
452 char *input_A, char *input_B,
453 char *input_S, int expected_ret)
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]454{
455 mbedtls_mpi_mod_residue a = { NULL, 0 };
456 mbedtls_mpi_mod_residue b = { NULL, 0 };
457 mbedtls_mpi_mod_residue s = { NULL, 0 };
458 mbedtls_mpi_mod_residue x = { NULL, 0 };
459 mbedtls_mpi_uint *X_raw = NULL;
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]460
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]461 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]462 mbedtls_mpi_mod_modulus_init(&m);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]463
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]464 TEST_EQUAL(0,
465 test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]466
467 /* test_read_residue() normally checks that inputs have the same number of
468 * limbs as the modulus. For negative testing we can ask it to skip this
469 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]470 TEST_EQUAL(0, test_read_residue(&a, &m, input_A, expected_ret != 0));
471 TEST_EQUAL(0, test_read_residue(&b, &m, input_B, expected_ret != 0));
472 TEST_EQUAL(0, test_read_residue(&s, &m, input_S, expected_ret != 0));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]473
474 size_t limbs = m.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]475 size_t bytes = limbs * sizeof(*X_raw);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]476
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]477 if (expected_ret == 0) {
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]478 /* Negative test with too many limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]479 ASSERT_ALLOC(X_raw, limbs + 1);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]480
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]481 x.p = X_raw;
482 x.limbs = limbs + 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]483 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
484 mbedtls_mpi_mod_add(&x, &a, &b, &m));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]485
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]486 mbedtls_free(X_raw);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]487 X_raw = NULL;
488
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]489 /* Negative test with too few limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]490 if (limbs > 1) {
491 ASSERT_ALLOC(X_raw, limbs - 1);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]492
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]493 x.p = X_raw;
494 x.limbs = limbs - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]495 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
496 mbedtls_mpi_mod_add(&x, &a, &b, &m));
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]497
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]498 mbedtls_free(X_raw);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]499 X_raw = NULL;
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]500 }
501
502 /* Negative testing with too many/too few limbs in a and b is covered by
503 * manually-written test cases with oret != 0. */
504 }
505
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]506 /* Allocate correct number of limbs for X_raw */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]507 ASSERT_ALLOC(X_raw, limbs);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]508
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]509 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]510
511 /* A + B => Correct result or expected error */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]512 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_add(&x, &a, &b, &m));
513 if (expected_ret != 0) {
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]514 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]515 }
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]516
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]517 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]518
519 /* a + b: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]520 memcpy(x.p, a.p, bytes);
521 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &x, &b, &m));
522 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]523
524 /* a + b: alias x to b => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]525 memcpy(x.p, b.p, bytes);
526 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &a, &x, &m));
527 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]528
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]529 if (memcmp(a.p, b.p, bytes) == 0) {
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]530 /* a == b: alias a and b */
531
532 /* a + a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]533 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &a, &a, &m));
534 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]535
536 /* a + a: x, a, b all aliased together => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]537 memcpy(x.p, a.p, bytes);
538 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &x, &x, &m));
539 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]540 }
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]541
542exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]543 mbedtls_free((void *) m.p); /* mbedtls_mpi_mod_modulus_free() sets m.p = NULL */
544 mbedtls_mpi_mod_modulus_free(&m);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]545
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]546 mbedtls_free(a.p);
547 mbedtls_free(b.p);
548 mbedtls_free(s.p);
549 mbedtls_free(X_raw);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]550}
551/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]552/* END MERGE SLOT 5 */
553
554/* BEGIN MERGE SLOT 6 */
555
556/* END MERGE SLOT 6 */
557
558/* BEGIN MERGE SLOT 7 */
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]559/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]560void mpi_residue_setup(char *input_N, char *input_R, int ret)
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]561{
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]562 mbedtls_mpi_uint *N = NULL;
563 mbedtls_mpi_uint *R = NULL;
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]564 size_t n_limbs, r_limbs;
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]565 mbedtls_mpi_mod_modulus m;
566 mbedtls_mpi_mod_residue r;
567
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]568 mbedtls_mpi_mod_modulus_init(&m);
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]569
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]570 /* Allocate the memory for intermediate data structures */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]571 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
572 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]573
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]574 TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
575 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]576
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]577 TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]578
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]579 if (ret == 0) {
580 TEST_EQUAL(r.limbs, r_limbs);
581 TEST_ASSERT(r.p == R);
Janos Follath91f3abd2022-11-26 11:47:14 +0000[diff] [blame]582 }
583
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]584exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]585 mbedtls_mpi_mod_modulus_free(&m);
586 mbedtls_free(N);
587 mbedtls_free(R);
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]588}
589/* END_CASE */
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]590
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]591/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]592void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]593{
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]594 mbedtls_mpi_uint *N = NULL;
595 mbedtls_mpi_uint *R = NULL;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]596
597 mbedtls_mpi_mod_modulus m;
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]598 mbedtls_mpi_mod_residue r = { NULL, 0 };
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]599 mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]600
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]601 mbedtls_mpi_mod_modulus_init(&m);
Janos Follath799eaee2022-11-25 15:57:04 +0000[diff] [blame]602
Janos Follath339b4392022-11-26 12:20:41 +0000[diff] [blame]603 size_t n_limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]604 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
Janos Follath339b4392022-11-26 12:20:41 +0000[diff] [blame]605 size_t r_limbs = n_limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]606 ASSERT_ALLOC(R, r_limbs);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]607
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]608 /* modulus->p == NULL || residue->p == NULL ( m has not been set-up ) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]609 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
610 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]611
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]612 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
613 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]614
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]615 /* Set up modulus and test with residue->p == NULL */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]616 TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
617 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]618
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]619 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
620 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
621 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
622 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]623
624 /* Do the rest of the tests with a residue set up with the input data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]625 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]626
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]627 /* Fail for r_limbs < m->limbs */
628 r.limbs--;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]629 TEST_ASSERT(r.limbs < m.limbs);
630 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
631 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
632 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
633 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]634 r.limbs++;
635
636 /* Fail for r_limbs > m->limbs */
637 m.limbs--;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]638 TEST_ASSERT(r.limbs > m.limbs);
639 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
640 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
641 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
642 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]643 m.limbs++;
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]644
645 /* Test the read */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]646 TEST_EQUAL(ret, mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]647
648 /* Test write overflow only when the representation is large and read is successful */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]649 if (r.limbs > 1 && ret == 0) {
650 TEST_EQUAL(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
651 mbedtls_mpi_mod_write(&r, &m, buf->x, 1, endian));
652 }
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]653
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]654exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]655 mbedtls_mpi_mod_residue_release(&r);
656 mbedtls_mpi_mod_modulus_free(&m);
657 mbedtls_free(N);
658 mbedtls_free(R);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]659}
660/* END_CASE */
661
662/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]663void mpi_mod_io(char *input_N, data_t *input_A, int endian)
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]664{
665 mbedtls_mpi_uint *N = NULL;
666 mbedtls_mpi_uint *R = NULL;
Janos Follath8dfc8c42022-11-26 15:39:02 +0000[diff] [blame]667 mbedtls_mpi_uint *R_COPY = NULL;
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]668 unsigned char *obuf = NULL;
669 unsigned char *ref_buf = NULL;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]670 mbedtls_mpi_mod_modulus m;
671 mbedtls_mpi_mod_residue r;
Janos Follath8dfc8c42022-11-26 15:39:02 +0000[diff] [blame]672 mbedtls_mpi_mod_residue r_copy;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]673 size_t n_limbs, n_bytes, a_bytes;
674
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]675 mbedtls_mpi_mod_modulus_init(&m);
Janos Follath799eaee2022-11-25 15:57:04 +0000[diff] [blame]676
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]677 /* Read inputs */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]678 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
679 n_bytes = n_limbs * sizeof(mbedtls_mpi_uint);
Janos Follath6ef582f2022-11-26 14:19:02 +0000[diff] [blame]680 a_bytes = input_A->len;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]681
682 /* Allocate the memory for intermediate data structures */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]683 ASSERT_ALLOC(R, n_bytes);
684 ASSERT_ALLOC(R_COPY, n_bytes);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]685
686 /* Test that input's size is not greater to modulo's */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]687 TEST_LE_U(a_bytes, n_bytes);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]688
689 /* Init Structures */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]690 TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
691 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]692
693 /* Enforcing p_limbs >= m->limbs */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]694 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]695
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]696 TEST_EQUAL(0, mbedtls_mpi_mod_read(&r, &m, input_A->x, input_A->len,
697 endian));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]698
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]699 /* Read a copy for checking that writing didn't change the value of r */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]700 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r_copy, &m,
701 R_COPY, n_limbs));
702 TEST_EQUAL(0, mbedtls_mpi_mod_read(&r_copy, &m, input_A->x, input_A->len,
703 endian));
Janos Follath8dfc8c42022-11-26 15:39:02 +0000[diff] [blame]704
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]705 /* Get number of bytes without leading zeroes */
706 size_t a_bytes_trimmed = a_bytes;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]707 while (a_bytes_trimmed > 0) {
708 unsigned char *r_byte_array = (unsigned char *) r.p;
709 if (r_byte_array[--a_bytes_trimmed] != 0) {
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]710 break;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]711 }
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]712 }
713 a_bytes_trimmed++;
714
715 /* Test write with three output buffer sizes: tight, same as input and
716 * longer than the input */
717 size_t obuf_sizes[3];
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]718 const size_t obuf_sizes_len = sizeof(obuf_sizes) / sizeof(obuf_sizes[0]);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]719 obuf_sizes[0] = a_bytes_trimmed;
720 obuf_sizes[1] = a_bytes;
721 obuf_sizes[2] = a_bytes + 8;
722
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]723 for (size_t i = 0; i < obuf_sizes_len; i++) {
724 ASSERT_ALLOC(obuf, obuf_sizes[i]);
725 TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian));
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]726
727 /* Make sure that writing didn't corrupt the value of r */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]728 ASSERT_COMPARE(r.p, r.limbs, r_copy.p, r_copy.limbs);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]729
730 /* Set up reference output for checking the result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]731 ASSERT_ALLOC(ref_buf, obuf_sizes[i]);
732 switch (endian) {
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]733 case MBEDTLS_MPI_MOD_EXT_REP_LE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]734 memcpy(ref_buf, input_A->x, a_bytes_trimmed);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]735 break;
736 case MBEDTLS_MPI_MOD_EXT_REP_BE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]737 {
738 size_t a_offset = input_A->len - a_bytes_trimmed;
739 size_t ref_offset = obuf_sizes[i] - a_bytes_trimmed;
740 memcpy(ref_buf + ref_offset, input_A->x + a_offset,
741 a_bytes_trimmed);
742 }
743 break;
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]744 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]745 TEST_ASSERT(0);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]746 }
747
748 /* Check the result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]749 ASSERT_COMPARE(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]750
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]751 mbedtls_free(ref_buf);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]752 ref_buf = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]753 mbedtls_free(obuf);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]754 obuf = NULL;
755 }
756
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]757exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame^]758 mbedtls_mpi_mod_modulus_free(&m);
759 mbedtls_free(N);
760 mbedtls_free(R);
761 mbedtls_free(R_COPY);
762 mbedtls_free(obuf);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]763}
764/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]765/* END MERGE SLOT 7 */
766
767/* BEGIN MERGE SLOT 8 */
768
769/* END MERGE SLOT 8 */
770
771/* BEGIN MERGE SLOT 9 */
772
773/* END MERGE SLOT 9 */
774
775/* BEGIN MERGE SLOT 10 */
776
777/* END MERGE SLOT 10 */