TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 67ebaaf8a0f121d78a85668e98f714d0a3b94242 / . / tests / suites / test_suite_bignum_mod.function
blob: 98ba4b491fba23cfb474280f7d8d664d644809be [file] [log] [blame]
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]1/* BEGIN_HEADER */
2#include "mbedtls/bignum.h"
3#include "mbedtls/entropy.h"
4#include "bignum_mod.h"
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]5#include "bignum_mod_raw.h"
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]6#include "constant_time_internal.h"
7#include "test/constant_flow.h"
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]8
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]9#define TEST_COMPARE_MPI_RESIDUES(a, b) \
10 ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
11 (b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]12
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]13static int test_read_residue(mbedtls_mpi_mod_residue *r,
14 const mbedtls_mpi_mod_modulus *m,
15 char *input,
16 int skip_limbs_and_value_checks)
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]17{
18 mbedtls_mpi_uint *p = NULL;
19 size_t limbs;
20
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]21 int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
22 if (ret != 0) {
23 return ret;
24 }
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]25
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]26 if (skip_limbs_and_value_checks) {
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]27 r->p = p;
28 r->limbs = limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]29 return 0;
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]30 }
31
32 /* mbedtls_mpi_mod_residue_setup() checks limbs, and that value < m */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]33 return mbedtls_mpi_mod_residue_setup(r, m, p, limbs);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]34}
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]35/* END_HEADER */
36
37/* BEGIN_DEPENDENCIES
38 * depends_on:MBEDTLS_BIGNUM_C
39 * END_DEPENDENCIES
40 */
41
42/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]43void mpi_mod_setup(int int_rep, int iret)
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]44{
45 #define MLIMBS 8
46 mbedtls_mpi_uint mp[MLIMBS];
47 mbedtls_mpi_mod_modulus m;
48 int ret;
49
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]50 memset(mp, 0xFF, sizeof(mp));
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]51
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]52 mbedtls_mpi_mod_modulus_init(&m);
53 ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
54 TEST_EQUAL(ret, iret);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]55
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]56 /* Only test if the constants have been set-up */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]57 if (ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]58 /* Test that the consts have been calculated */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 TEST_ASSERT(m.rep.mont.rr != NULL);
60 TEST_ASSERT(m.rep.mont.mm != 0);
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]61
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]62 }
63
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]64 /* Address sanitiser should catch if we try to free mp */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65 mbedtls_mpi_mod_modulus_free(&m);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]66
67 /* Make sure that the modulus doesn't have reference to mp anymore */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]68 TEST_ASSERT(m.p != mp);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]69
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]70 /* Only test if the constants have been set-up */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]71 if (ret == 0 && int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]72 /* Verify the data and pointers allocated have been properly wiped */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]73 TEST_ASSERT(m.rep.mont.rr == NULL);
74 TEST_ASSERT(m.rep.mont.mm == 0);
Minos Galanakisdd365a52022-10-19 01:48:32 +0100[diff] [blame]75 }
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]76exit:
77 /* It should be safe to call an mbedtls free several times */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]78 mbedtls_mpi_mod_modulus_free(&m);
Werner Lewis0c6ea122022-09-30 13:02:16 +0100[diff] [blame]79
80 #undef MLIMBS
81}
82/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]83
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]84/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]85void mpi_mod_mul(char *input_A,
86 char *input_B,
87 char *input_N,
88 char *result)
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]89{
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]90 mbedtls_mpi_uint *X = NULL;
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]91
Gabor Mezei78c4fb42022-12-20 18:09:49 +0100[diff] [blame]92 mbedtls_mpi_mod_residue rA = { NULL, 0 };
93 mbedtls_mpi_mod_residue rB = { NULL, 0 };
94 mbedtls_mpi_mod_residue rR = { NULL, 0 };
95 mbedtls_mpi_mod_residue rX = { NULL, 0 };
96
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]97 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]98 mbedtls_mpi_mod_modulus_init(&m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]99
Minos Galanakis67ebaaf2023-05-09 14:26:26 +0100[diff] [blame^]100 TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
101 MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]102
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]103 TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
104 TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
105 TEST_EQUAL(test_read_residue(&rR, &m, result, 0), 0);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]106
107 const size_t limbs = m.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]108 const size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]109
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]110 TEST_EQUAL(rA.limbs, limbs);
111 TEST_EQUAL(rB.limbs, limbs);
112 TEST_EQUAL(rR.limbs, limbs);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]113
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]114 ASSERT_ALLOC(X, limbs);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]115
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]116 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]117
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]118 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), 0);
119 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]120
121 /* alias X to A */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]122 memcpy(rX.p, rA.p, bytes);
123 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rB, &m), 0);
124 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]125
126 /* alias X to B */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]127 memcpy(rX.p, rB.p, bytes);
128 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rX, &m), 0);
129 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]130
131 /* A == B: alias A and B */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]132 if (memcmp(rA.p, rB.p, bytes) == 0) {
133 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA, &m), 0);
134 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]135
136 /* X, A, B all aliased together */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]137 memcpy(rX.p, rA.p, bytes);
138 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rX, &m), 0);
139 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]140 }
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]141 /* A != B: test B * A */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]142 else {
143 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rA, &m), 0);
144 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]145
146 /* B * A: alias X to A */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]147 memcpy(rX.p, rA.p, bytes);
148 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rB, &rX, &m), 0);
149 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]150
151 /* B + A: alias X to B */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]152 memcpy(rX.p, rB.p, bytes);
153 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rX, &rA, &m), 0);
154 ASSERT_COMPARE(rX.p, bytes, rR.p, bytes);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]155 }
156
157exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]158 mbedtls_free(rA.p);
159 mbedtls_free(rB.p);
160 mbedtls_free(rR.p);
161 mbedtls_free(X);
162 mbedtls_free((mbedtls_mpi_uint *) m.p);
Gabor Mezeif9728132022-12-20 13:55:37 +0100[diff] [blame]163
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]164 mbedtls_mpi_mod_modulus_free(&m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]165}
166/* END_CASE */
167
168/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]169void mpi_mod_mul_neg(char *input_A,
170 char *input_B,
171 char *input_N,
172 char *result,
173 int exp_ret)
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]174{
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]175 mbedtls_mpi_uint *X = NULL;
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]176
Gabor Mezei78c4fb42022-12-20 18:09:49 +0100[diff] [blame]177 mbedtls_mpi_mod_residue rA = { NULL, 0 };
178 mbedtls_mpi_mod_residue rB = { NULL, 0 };
179 mbedtls_mpi_mod_residue rR = { NULL, 0 };
180 mbedtls_mpi_mod_residue rX = { NULL, 0 };
181
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]182 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 mbedtls_mpi_mod_modulus_init(&m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]184
Gabor Mezeif65c71f2022-12-21 11:54:22 +0100[diff] [blame]185 mbedtls_mpi_mod_modulus fake_m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]186 mbedtls_mpi_mod_modulus_init(&fake_m);
Gabor Mezeif65c71f2022-12-21 11:54:22 +0100[diff] [blame]187
Minos Galanakis67ebaaf2023-05-09 14:26:26 +0100[diff] [blame^]188 TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
189 MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]190
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]191 TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
192 TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
193 TEST_EQUAL(test_read_residue(&rR, &m, result, 1), 0);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]194
195 const size_t limbs = m.limbs;
196
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]197 ASSERT_ALLOC(X, limbs);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]198
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]199 TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rX, &m, X, limbs), 0);
Gabor Mezei809baef2022-12-16 16:31:59 +0100[diff] [blame]200 rX.limbs = rR.limbs;
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]201
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]202 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &m), exp_ret);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]203
204 /* Check when m is not initialized */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]205 TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rB, &fake_m),
206 MBEDTLS_ERR_MPI_BAD_INPUT_DATA);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]207
208exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]209 mbedtls_free(rA.p);
210 mbedtls_free(rB.p);
211 mbedtls_free(rR.p);
212 mbedtls_free(X);
213 mbedtls_free((mbedtls_mpi_uint *) m.p);
Gabor Mezeif9728132022-12-20 13:55:37 +0100[diff] [blame]214
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]215 mbedtls_mpi_mod_modulus_free(&m);
216 mbedtls_mpi_mod_modulus_free(&fake_m);
Gabor Mezeieca74662022-12-13 10:53:50 +0100[diff] [blame]217}
218/* END_CASE */
219
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]220/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]221void mpi_mod_sub(char *input_N,
222 char *input_A, char *input_B,
223 char *input_D, int expected_ret)
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]224{
225 mbedtls_mpi_mod_residue a = { NULL, 0 };
226 mbedtls_mpi_mod_residue b = { NULL, 0 };
227 mbedtls_mpi_mod_residue d = { NULL, 0 };
228 mbedtls_mpi_mod_residue x = { NULL, 0 };
229 mbedtls_mpi_uint *X_raw = NULL;
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]230
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]231 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]232 mbedtls_mpi_mod_modulus_init(&m);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]233
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]234 TEST_EQUAL(0,
Minos Galanakis67ebaaf2023-05-09 14:26:26 +0100[diff] [blame^]235 mbedtls_test_read_mpi_modulus(&m, input_N,
236 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]237
238 /* test_read_residue() normally checks that inputs have the same number of
239 * limbs as the modulus. For negative testing we can ask it to skip this
240 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]241 TEST_EQUAL(0, test_read_residue(&a, &m, input_A, expected_ret != 0));
242 TEST_EQUAL(0, test_read_residue(&b, &m, input_B, expected_ret != 0));
243 TEST_EQUAL(0, test_read_residue(&d, &m, input_D, expected_ret != 0));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]244
245 size_t limbs = m.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]246 size_t bytes = limbs * sizeof(*X_raw);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]247
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]248 if (expected_ret == 0) {
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]249 /* Negative test with too many limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]250 ASSERT_ALLOC(X_raw, limbs + 1);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]251
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]252 x.p = X_raw;
253 x.limbs = limbs + 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]254 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
255 mbedtls_mpi_mod_sub(&x, &a, &b, &m));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]256
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]257 mbedtls_free(X_raw);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]258 X_raw = NULL;
259
260 /* Negative test with too few limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]261 if (limbs > 1) {
262 ASSERT_ALLOC(X_raw, limbs - 1);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]263
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]264 x.p = X_raw;
265 x.limbs = limbs - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]266 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
267 mbedtls_mpi_mod_sub(&x, &a, &b, &m));
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]268
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]269 mbedtls_free(X_raw);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]270 X_raw = NULL;
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]271 }
272
273 /* Negative testing with too many/too few limbs in a and b is covered by
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]274 * manually-written test cases with expected_ret != 0. */
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]275 }
276
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]277 ASSERT_ALLOC(X_raw, limbs);
Tom Cosgrove7f4d15e2022-12-15 10:55:15 +0000[diff] [blame]278
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]279 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs));
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]280
281 /* a - b => Correct result, or expected error */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]282 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_sub(&x, &a, &b, &m));
283 if (expected_ret != 0) {
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]284 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]285 }
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]286
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]287 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]288
289 /* a - b: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]290 memcpy(x.p, a.p, bytes);
291 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &x, &b, &m));
292 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]293
294 /* a - b: alias x to b => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]295 memcpy(x.p, b.p, bytes);
296 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &a, &x, &m));
297 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]298
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]299 if (memcmp(a.p, b.p, bytes) == 0) {
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]300 /* a == b: alias a and b */
301
302 /* a - a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]303 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &a, &a, &m));
304 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]305
306 /* a - a: x, a, b all aliased together => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]307 memcpy(x.p, a.p, bytes);
308 TEST_EQUAL(0, mbedtls_mpi_mod_sub(&x, &x, &x, &m));
309 TEST_COMPARE_MPI_RESIDUES(x, d);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]310 }
311
312exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]313 mbedtls_free((void *) m.p); /* mbedtls_mpi_mod_modulus_free() sets m.p = NULL */
314 mbedtls_mpi_mod_modulus_free(&m);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]315
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]316 mbedtls_free(a.p);
317 mbedtls_free(b.p);
318 mbedtls_free(d.p);
319 mbedtls_free(X_raw);
Tom Cosgrove62b20482022-12-01 14:27:37 +0000[diff] [blame]320}
321/* END_CASE */
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]322
323/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]324void mpi_mod_inv_mont(char *input_N,
325 char *input_A, char *input_I,
326 int expected_ret)
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]327{
328 mbedtls_mpi_mod_residue a = { NULL, 0 }; /* argument */
329 mbedtls_mpi_mod_residue i = { NULL, 0 }; /* expected inverse wrt N */
330 mbedtls_mpi_mod_residue x = { NULL, 0 }; /* output */
331 mbedtls_mpi_uint *X_raw = NULL;
332
333 mbedtls_mpi_mod_modulus N;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]334 mbedtls_mpi_mod_modulus_init(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]335
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]336 TEST_EQUAL(0,
Minos Galanakis67ebaaf2023-05-09 14:26:26 +0100[diff] [blame^]337 mbedtls_test_read_mpi_modulus(&N, input_N,
338 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]339
340 /* test_read_residue() normally checks that inputs have the same number of
341 * limbs as the modulus. For negative testing we can ask it to skip this
342 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]343 TEST_EQUAL(0, test_read_residue(&a, &N, input_A, expected_ret != 0));
344 TEST_EQUAL(0, test_read_residue(&i, &N, input_I, expected_ret != 0));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]345
346 size_t limbs = N.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 size_t bytes = limbs * sizeof(*X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]348
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]349 ASSERT_ALLOC(X_raw, limbs);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]350
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]351 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]352
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]353 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_inv(&x, &a, &N));
354 if (expected_ret == 0) {
355 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]356
357 /* a^-1: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]358 memcpy(x.p, a.p, bytes);
359 TEST_EQUAL(0, mbedtls_mpi_mod_inv(&x, &x, &N));
360 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]361 }
362
363exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]364 mbedtls_free((void *) N.p); /* mbedtls_mpi_mod_modulus_free() sets N.p = NULL */
365 mbedtls_mpi_mod_modulus_free(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]366
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]367 mbedtls_free(a.p);
368 mbedtls_free(i.p);
369 mbedtls_free(X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]370}
371/* END_CASE */
372
373/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]374void mpi_mod_inv_non_mont(char *input_N,
375 char *input_A, char *input_I,
376 int expected_ret)
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]377{
378 mbedtls_mpi_mod_residue a = { NULL, 0 }; /* argument */
379 mbedtls_mpi_mod_residue i = { NULL, 0 }; /* expected inverse wrt N */
380 mbedtls_mpi_mod_residue x = { NULL, 0 }; /* output */
381 mbedtls_mpi_uint *X_raw = NULL;
382
383 mbedtls_mpi_mod_modulus N;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]384 mbedtls_mpi_mod_modulus_init(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]385
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]386 TEST_EQUAL(0,
Minos Galanakis67ebaaf2023-05-09 14:26:26 +0100[diff] [blame^]387 mbedtls_test_read_mpi_modulus(&N, input_N,
388 MBEDTLS_MPI_MOD_REP_OPT_RED));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]389
390 /* test_read_residue() normally checks that inputs have the same number of
391 * limbs as the modulus. For negative testing we can ask it to skip this
392 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]393 TEST_EQUAL(0, test_read_residue(&a, &N, input_A, expected_ret != 0));
394 TEST_EQUAL(0, test_read_residue(&i, &N, input_I, expected_ret != 0));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]395
396 size_t limbs = N.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]397 size_t bytes = limbs * sizeof(*X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]398
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]399 ASSERT_ALLOC(X_raw, limbs);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]400
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]401 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &N, X_raw, limbs));
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]402
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]403 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_inv(&x, &a, &N));
404 if (expected_ret == 0) {
405 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]406
407 /* a^-1: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]408 memcpy(x.p, a.p, bytes);
409 TEST_EQUAL(0, mbedtls_mpi_mod_inv(&x, &x, &N));
410 TEST_COMPARE_MPI_RESIDUES(x, i);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]411 }
412
413exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]414 mbedtls_free((void *) N.p); /* mbedtls_mpi_mod_modulus_free() sets N.p = NULL */
415 mbedtls_mpi_mod_modulus_free(&N);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]416
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]417 mbedtls_free(a.p);
418 mbedtls_free(i.p);
419 mbedtls_free(X_raw);
Tom Cosgrovedc197592022-12-15 16:59:40 +0000[diff] [blame]420}
421/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]422
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]423/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]424void mpi_mod_add(char *input_N,
425 char *input_A, char *input_B,
426 char *input_S, int expected_ret)
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]427{
428 mbedtls_mpi_mod_residue a = { NULL, 0 };
429 mbedtls_mpi_mod_residue b = { NULL, 0 };
430 mbedtls_mpi_mod_residue s = { NULL, 0 };
431 mbedtls_mpi_mod_residue x = { NULL, 0 };
432 mbedtls_mpi_uint *X_raw = NULL;
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]433
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]434 mbedtls_mpi_mod_modulus m;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]435 mbedtls_mpi_mod_modulus_init(&m);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]436
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]437 TEST_EQUAL(0,
Minos Galanakis67ebaaf2023-05-09 14:26:26 +0100[diff] [blame^]438 mbedtls_test_read_mpi_modulus(&m, input_N,
439 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]440
441 /* test_read_residue() normally checks that inputs have the same number of
442 * limbs as the modulus. For negative testing we can ask it to skip this
443 * with a non-zero final parameter. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]444 TEST_EQUAL(0, test_read_residue(&a, &m, input_A, expected_ret != 0));
445 TEST_EQUAL(0, test_read_residue(&b, &m, input_B, expected_ret != 0));
446 TEST_EQUAL(0, test_read_residue(&s, &m, input_S, expected_ret != 0));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]447
448 size_t limbs = m.limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]449 size_t bytes = limbs * sizeof(*X_raw);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]450
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]451 if (expected_ret == 0) {
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]452 /* Negative test with too many limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]453 ASSERT_ALLOC(X_raw, limbs + 1);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]454
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]455 x.p = X_raw;
456 x.limbs = limbs + 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]457 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
458 mbedtls_mpi_mod_add(&x, &a, &b, &m));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]459
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]460 mbedtls_free(X_raw);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]461 X_raw = NULL;
462
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]463 /* Negative test with too few limbs in output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]464 if (limbs > 1) {
465 ASSERT_ALLOC(X_raw, limbs - 1);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]466
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]467 x.p = X_raw;
468 x.limbs = limbs - 1;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]469 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
470 mbedtls_mpi_mod_add(&x, &a, &b, &m));
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]471
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]472 mbedtls_free(X_raw);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]473 X_raw = NULL;
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]474 }
475
476 /* Negative testing with too many/too few limbs in a and b is covered by
477 * manually-written test cases with oret != 0. */
478 }
479
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]480 /* Allocate correct number of limbs for X_raw */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]481 ASSERT_ALLOC(X_raw, limbs);
Werner Lewis79341a42022-12-13 17:19:01 +0000[diff] [blame]482
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]483 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&x, &m, X_raw, limbs));
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]484
485 /* A + B => Correct result or expected error */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]486 TEST_EQUAL(expected_ret, mbedtls_mpi_mod_add(&x, &a, &b, &m));
487 if (expected_ret != 0) {
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]488 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]489 }
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]490
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]491 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]492
493 /* a + b: alias x to a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]494 memcpy(x.p, a.p, bytes);
495 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &x, &b, &m));
496 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]497
498 /* a + b: alias x to b => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]499 memcpy(x.p, b.p, bytes);
500 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &a, &x, &m));
501 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]502
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]503 if (memcmp(a.p, b.p, bytes) == 0) {
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]504 /* a == b: alias a and b */
505
506 /* a + a => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]507 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &a, &a, &m));
508 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]509
510 /* a + a: x, a, b all aliased together => Correct result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]511 memcpy(x.p, a.p, bytes);
512 TEST_EQUAL(0, mbedtls_mpi_mod_add(&x, &x, &x, &m));
513 TEST_COMPARE_MPI_RESIDUES(x, s);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]514 }
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]515
516exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]517 mbedtls_free((void *) m.p); /* mbedtls_mpi_mod_modulus_free() sets m.p = NULL */
518 mbedtls_mpi_mod_modulus_free(&m);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]519
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]520 mbedtls_free(a.p);
521 mbedtls_free(b.p);
522 mbedtls_free(s.p);
523 mbedtls_free(X_raw);
Werner Lewise1b6b7c2022-11-29 12:25:05 +0000[diff] [blame]524}
525/* END_CASE */
Janos Follath5933f692022-11-02 14:35:17 +0000[diff] [blame]526
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]527/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]528void mpi_residue_setup(char *input_N, char *input_R, int ret)
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]529{
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]530 mbedtls_mpi_uint *N = NULL;
531 mbedtls_mpi_uint *R = NULL;
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]532 size_t n_limbs, r_limbs;
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]533 mbedtls_mpi_mod_modulus m;
534 mbedtls_mpi_mod_residue r;
535
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]536 mbedtls_mpi_mod_modulus_init(&m);
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]537
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]538 /* Allocate the memory for intermediate data structures */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]539 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
540 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]541
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]542 TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
543 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]544
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]545 TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]546
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]547 if (ret == 0) {
548 TEST_EQUAL(r.limbs, r_limbs);
549 TEST_ASSERT(r.p == R);
Janos Follath91f3abd2022-11-26 11:47:14 +0000[diff] [blame]550 }
551
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]552exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]553 mbedtls_mpi_mod_modulus_free(&m);
554 mbedtls_free(N);
555 mbedtls_free(R);
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]556}
557/* END_CASE */
Minos Galanakisaed832a2022-11-24 09:09:47 +0000[diff] [blame]558
Minos Galanakisa17ad482022-11-16 16:29:15 +0000[diff] [blame]559/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]560void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]561{
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]562 mbedtls_mpi_uint *N = NULL;
563 mbedtls_mpi_uint *R = NULL;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]564
565 mbedtls_mpi_mod_modulus m;
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]566 mbedtls_mpi_mod_residue r = { NULL, 0 };
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]567 mbedtls_mpi_mod_ext_rep endian = MBEDTLS_MPI_MOD_EXT_REP_LE;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]568
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]569 mbedtls_mpi_mod_modulus_init(&m);
Janos Follath799eaee2022-11-25 15:57:04 +0000[diff] [blame]570
Janos Follath339b4392022-11-26 12:20:41 +0000[diff] [blame]571 size_t n_limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]572 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
Janos Follath339b4392022-11-26 12:20:41 +0000[diff] [blame]573 size_t r_limbs = n_limbs;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]574 ASSERT_ALLOC(R, r_limbs);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]575
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]576 /* modulus->p == NULL || residue->p == NULL ( m has not been set-up ) */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]577 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
578 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]579
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]580 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
581 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]582
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]583 /* Set up modulus and test with residue->p == NULL */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]584 TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
585 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]586
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]587 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
588 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
589 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
590 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Janos Follathe7190a22022-11-26 18:46:54 +0000[diff] [blame]591
592 /* Do the rest of the tests with a residue set up with the input data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]593 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]594
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]595 /* Fail for r_limbs < m->limbs */
596 r.limbs--;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]597 TEST_ASSERT(r.limbs < m.limbs);
598 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
599 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
600 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
601 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]602 r.limbs++;
603
604 /* Fail for r_limbs > m->limbs */
605 m.limbs--;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]606 TEST_ASSERT(r.limbs > m.limbs);
607 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
608 mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
609 TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
610 mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]611 m.limbs++;
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]612
613 /* Test the read */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]614 TEST_EQUAL(ret, mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
Minos Galanakis96070a52022-11-25 19:32:10 +0000[diff] [blame]615
616 /* Test write overflow only when the representation is large and read is successful */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]617 if (r.limbs > 1 && ret == 0) {
618 TEST_EQUAL(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
619 mbedtls_mpi_mod_write(&r, &m, buf->x, 1, endian));
620 }
Janos Follathd7bb3522022-11-26 14:59:27 +0000[diff] [blame]621
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]622exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]623 mbedtls_mpi_mod_residue_release(&r);
624 mbedtls_mpi_mod_modulus_free(&m);
625 mbedtls_free(N);
626 mbedtls_free(R);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]627}
628/* END_CASE */
629
630/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]631void mpi_mod_io(char *input_N, data_t *input_A, int endian)
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]632{
633 mbedtls_mpi_uint *N = NULL;
634 mbedtls_mpi_uint *R = NULL;
Janos Follath8dfc8c42022-11-26 15:39:02 +0000[diff] [blame]635 mbedtls_mpi_uint *R_COPY = NULL;
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]636 unsigned char *obuf = NULL;
637 unsigned char *ref_buf = NULL;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]638 mbedtls_mpi_mod_modulus m;
639 mbedtls_mpi_mod_residue r;
Janos Follath8dfc8c42022-11-26 15:39:02 +0000[diff] [blame]640 mbedtls_mpi_mod_residue r_copy;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]641 size_t n_limbs, n_bytes, a_bytes;
642
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]643 mbedtls_mpi_mod_modulus_init(&m);
Janos Follath799eaee2022-11-25 15:57:04 +0000[diff] [blame]644
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]645 /* Read inputs */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]646 TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
647 n_bytes = n_limbs * sizeof(mbedtls_mpi_uint);
Janos Follath6ef582f2022-11-26 14:19:02 +0000[diff] [blame]648 a_bytes = input_A->len;
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]649
650 /* Allocate the memory for intermediate data structures */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]651 ASSERT_ALLOC(R, n_bytes);
652 ASSERT_ALLOC(R_COPY, n_bytes);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]653
654 /* Test that input's size is not greater to modulo's */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]655 TEST_LE_U(a_bytes, n_bytes);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]656
657 /* Init Structures */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]658 TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
659 MBEDTLS_MPI_MOD_REP_MONTGOMERY));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]660
661 /* Enforcing p_limbs >= m->limbs */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]662 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]663
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]664 TEST_EQUAL(0, mbedtls_mpi_mod_read(&r, &m, input_A->x, input_A->len,
665 endian));
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]666
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]667 /* Read a copy for checking that writing didn't change the value of r */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]668 TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r_copy, &m,
669 R_COPY, n_limbs));
670 TEST_EQUAL(0, mbedtls_mpi_mod_read(&r_copy, &m, input_A->x, input_A->len,
671 endian));
Janos Follath8dfc8c42022-11-26 15:39:02 +0000[diff] [blame]672
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]673 /* Get number of bytes without leading zeroes */
674 size_t a_bytes_trimmed = a_bytes;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]675 while (a_bytes_trimmed > 0) {
676 unsigned char *r_byte_array = (unsigned char *) r.p;
677 if (r_byte_array[--a_bytes_trimmed] != 0) {
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]678 break;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]679 }
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]680 }
681 a_bytes_trimmed++;
682
683 /* Test write with three output buffer sizes: tight, same as input and
684 * longer than the input */
685 size_t obuf_sizes[3];
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]686 const size_t obuf_sizes_len = sizeof(obuf_sizes) / sizeof(obuf_sizes[0]);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]687 obuf_sizes[0] = a_bytes_trimmed;
688 obuf_sizes[1] = a_bytes;
689 obuf_sizes[2] = a_bytes + 8;
690
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]691 for (size_t i = 0; i < obuf_sizes_len; i++) {
692 ASSERT_ALLOC(obuf, obuf_sizes[i]);
693 TEST_EQUAL(0, mbedtls_mpi_mod_write(&r, &m, obuf, obuf_sizes[i], endian));
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]694
695 /* Make sure that writing didn't corrupt the value of r */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]696 ASSERT_COMPARE(r.p, r.limbs, r_copy.p, r_copy.limbs);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]697
698 /* Set up reference output for checking the result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]699 ASSERT_ALLOC(ref_buf, obuf_sizes[i]);
700 switch (endian) {
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]701 case MBEDTLS_MPI_MOD_EXT_REP_LE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]702 memcpy(ref_buf, input_A->x, a_bytes_trimmed);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]703 break;
704 case MBEDTLS_MPI_MOD_EXT_REP_BE:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]705 {
706 size_t a_offset = input_A->len - a_bytes_trimmed;
707 size_t ref_offset = obuf_sizes[i] - a_bytes_trimmed;
708 memcpy(ref_buf + ref_offset, input_A->x + a_offset,
709 a_bytes_trimmed);
710 }
711 break;
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]712 default:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]713 TEST_ASSERT(0);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]714 }
715
716 /* Check the result */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]717 ASSERT_COMPARE(obuf, obuf_sizes[i], ref_buf, obuf_sizes[i]);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]718
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]719 mbedtls_free(ref_buf);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]720 ref_buf = NULL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]721 mbedtls_free(obuf);
Janos Follath0020df92022-11-26 17:23:16 +0000[diff] [blame]722 obuf = NULL;
723 }
724
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]725exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]726 mbedtls_mpi_mod_modulus_free(&m);
727 mbedtls_free(N);
728 mbedtls_free(R);
729 mbedtls_free(R_COPY);
730 mbedtls_free(obuf);
Minos Galanakis8f242702022-11-10 16:56:02 +0000[diff] [blame]731}
732/* END_CASE */