1 /* crypto/bn/bntest.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
73 * Until the key-gen callbacks are modified to use newer prototypes, we allow
74 * deprecated functions for openssl-internal code
76 #ifdef OPENSSL_NO_DEPRECATED
77 # undef OPENSSL_NO_DEPRECATED
86 #include <openssl/bio.h>
87 #include <openssl/bn.h>
88 #include <openssl/rand.h>
89 #include <openssl/x509.h>
90 #include <openssl/err.h>
92 const int num0 = 100; /* number of tests */
93 const int num1 = 50; /* additional tests for some functions */
94 const int num2 = 5; /* number of tests for slow functions */
96 int test_add(BIO *bp);
97 int test_sub(BIO *bp);
98 int test_lshift1(BIO *bp);
99 int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
100 int test_rshift1(BIO *bp);
101 int test_rshift(BIO *bp, BN_CTX *ctx);
102 int test_div(BIO *bp, BN_CTX *ctx);
103 int test_div_word(BIO *bp);
104 int test_div_recp(BIO *bp, BN_CTX *ctx);
105 int test_mul(BIO *bp);
106 int test_sqr(BIO *bp, BN_CTX *ctx);
107 int test_mont(BIO *bp, BN_CTX *ctx);
108 int test_mod(BIO *bp, BN_CTX *ctx);
109 int test_mod_mul(BIO *bp, BN_CTX *ctx);
110 int test_mod_exp(BIO *bp, BN_CTX *ctx);
111 int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
112 int test_exp(BIO *bp, BN_CTX *ctx);
113 int test_gf2m_add(BIO *bp);
114 int test_gf2m_mod(BIO *bp);
115 int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
116 int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
117 int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
118 int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
119 int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
120 int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
121 int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
122 int test_kron(BIO *bp, BN_CTX *ctx);
123 int test_sqrt(BIO *bp, BN_CTX *ctx);
125 static int results = 0;
127 static unsigned char lst[] =
128 "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
129 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
131 static const char rnd_seed[] =
132 "string to make the random number generator think it has entropy";
134 static void message(BIO *out, char *m)
136 fprintf(stderr, "test %s\n", m);
137 BIO_puts(out, "print \"test ");
139 BIO_puts(out, "\\n\"\n");
142 int main(int argc, char *argv[])
146 char *outfile = NULL;
150 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
155 if (strcmp(*argv, "-results") == 0)
157 else if (strcmp(*argv, "-out") == 0) {
170 out = BIO_new(BIO_s_file());
173 if (outfile == NULL) {
174 BIO_set_fp(out, stdout, BIO_NOCLOSE);
176 if (!BIO_write_filename(out, outfile)) {
183 BIO_puts(out, "obase=16\nibase=16\n");
185 message(out, "BN_add");
188 (void)BIO_flush(out);
190 message(out, "BN_sub");
193 (void)BIO_flush(out);
195 message(out, "BN_lshift1");
196 if (!test_lshift1(out))
198 (void)BIO_flush(out);
200 message(out, "BN_lshift (fixed)");
201 if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
203 (void)BIO_flush(out);
205 message(out, "BN_lshift");
206 if (!test_lshift(out, ctx, NULL))
208 (void)BIO_flush(out);
210 message(out, "BN_rshift1");
211 if (!test_rshift1(out))
213 (void)BIO_flush(out);
215 message(out, "BN_rshift");
216 if (!test_rshift(out, ctx))
218 (void)BIO_flush(out);
220 message(out, "BN_sqr");
221 if (!test_sqr(out, ctx))
223 (void)BIO_flush(out);
225 message(out, "BN_mul");
228 (void)BIO_flush(out);
230 message(out, "BN_div");
231 if (!test_div(out, ctx))
233 (void)BIO_flush(out);
235 message(out, "BN_div_word");
236 if (!test_div_word(out))
238 (void)BIO_flush(out);
240 message(out, "BN_div_recp");
241 if (!test_div_recp(out, ctx))
243 (void)BIO_flush(out);
245 message(out, "BN_mod");
246 if (!test_mod(out, ctx))
248 (void)BIO_flush(out);
250 message(out, "BN_mod_mul");
251 if (!test_mod_mul(out, ctx))
253 (void)BIO_flush(out);
255 message(out, "BN_mont");
256 if (!test_mont(out, ctx))
258 (void)BIO_flush(out);
260 message(out, "BN_mod_exp");
261 if (!test_mod_exp(out, ctx))
263 (void)BIO_flush(out);
265 message(out, "BN_mod_exp_mont_consttime");
266 if (!test_mod_exp_mont_consttime(out, ctx))
268 (void)BIO_flush(out);
270 message(out, "BN_exp");
271 if (!test_exp(out, ctx))
273 (void)BIO_flush(out);
275 message(out, "BN_kronecker");
276 if (!test_kron(out, ctx))
278 (void)BIO_flush(out);
280 message(out, "BN_mod_sqrt");
281 if (!test_sqrt(out, ctx))
283 (void)BIO_flush(out);
285 message(out, "BN_GF2m_add");
286 if (!test_gf2m_add(out))
288 (void)BIO_flush(out);
290 message(out, "BN_GF2m_mod");
291 if (!test_gf2m_mod(out))
293 (void)BIO_flush(out);
295 message(out, "BN_GF2m_mod_mul");
296 if (!test_gf2m_mod_mul(out, ctx))
298 (void)BIO_flush(out);
300 message(out, "BN_GF2m_mod_sqr");
301 if (!test_gf2m_mod_sqr(out, ctx))
303 (void)BIO_flush(out);
305 message(out, "BN_GF2m_mod_inv");
306 if (!test_gf2m_mod_inv(out, ctx))
308 (void)BIO_flush(out);
310 message(out, "BN_GF2m_mod_div");
311 if (!test_gf2m_mod_div(out, ctx))
313 (void)BIO_flush(out);
315 message(out, "BN_GF2m_mod_exp");
316 if (!test_gf2m_mod_exp(out, ctx))
318 (void)BIO_flush(out);
320 message(out, "BN_GF2m_mod_sqrt");
321 if (!test_gf2m_mod_sqrt(out, ctx))
323 (void)BIO_flush(out);
325 message(out, "BN_GF2m_mod_solve_quad");
326 if (!test_gf2m_mod_solve_quad(out, ctx))
328 (void)BIO_flush(out);
335 BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc
336 * notices the failure, see test_bn in
337 * test/Makefile.ssl */
338 (void)BIO_flush(out);
339 ERR_load_crypto_strings();
340 ERR_print_errors_fp(stderr);
345 int test_add(BIO *bp)
354 BN_bntest_rand(&a, 512, 0, 0);
355 for (i = 0; i < num0; i++) {
356 BN_bntest_rand(&b, 450 + i, 0, 0);
374 if (!BN_is_zero(&c)) {
375 fprintf(stderr, "Add test failed!\n");
385 int test_sub(BIO *bp)
394 for (i = 0; i < num0 + num1; i++) {
396 BN_bntest_rand(&a, 512, 0, 0);
398 if (BN_set_bit(&a, i) == 0)
402 BN_bntest_rand(&b, 400 + i - num1, 0, 0);
419 if (!BN_is_zero(&c)) {
420 fprintf(stderr, "Subtract test failed!\n");
430 int test_div(BIO *bp, BN_CTX *ctx)
432 BIGNUM a, b, c, d, e;
441 for (i = 0; i < num0 + num1; i++) {
443 BN_bntest_rand(&a, 400, 0, 0);
445 BN_lshift(&a, &a, i);
448 BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
451 BN_div(&d, &c, &a, &b, ctx);
471 BN_mul(&e, &d, &b, ctx);
474 if (!BN_is_zero(&d)) {
475 fprintf(stderr, "Division test failed!\n");
487 static void print_word(BIO *bp, BN_ULONG w)
489 #ifdef SIXTY_FOUR_BIT
490 if (sizeof(w) > sizeof(unsigned long)) {
491 unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
494 BIO_printf(bp, "%lX%08lX", h, l);
496 BIO_printf(bp, "%lX", l);
500 BIO_printf(bp, "%lX", w);
503 int test_div_word(BIO *bp)
512 for (i = 0; i < num0; i++) {
514 BN_bntest_rand(&a, 512, -1, 0);
515 BN_bntest_rand(&b, BN_BITS2, -1, 0);
520 r = BN_div_word(&b, s);
544 if (!BN_is_zero(&b)) {
545 fprintf(stderr, "Division (word) test failed!\n");
554 int test_div_recp(BIO *bp, BN_CTX *ctx)
556 BIGNUM a, b, c, d, e;
560 BN_RECP_CTX_init(&recp);
567 for (i = 0; i < num0 + num1; i++) {
569 BN_bntest_rand(&a, 400, 0, 0);
571 BN_lshift(&a, &a, i);
574 BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
577 BN_RECP_CTX_set(&recp, &b, ctx);
578 BN_div_recp(&d, &c, &a, &recp, ctx);
598 BN_mul(&e, &d, &b, ctx);
601 if (!BN_is_zero(&d)) {
602 fprintf(stderr, "Reciprocal division test failed!\n");
603 fprintf(stderr, "a=");
604 BN_print_fp(stderr, &a);
605 fprintf(stderr, "\nb=");
606 BN_print_fp(stderr, &b);
607 fprintf(stderr, "\n");
616 BN_RECP_CTX_free(&recp);
620 int test_mul(BIO *bp)
622 BIGNUM a, b, c, d, e;
636 for (i = 0; i < num0 + num1; i++) {
638 BN_bntest_rand(&a, 100, 0, 0);
639 BN_bntest_rand(&b, 100, 0, 0);
641 BN_bntest_rand(&b, i - num1, 0, 0);
644 BN_mul(&c, &a, &b, ctx);
655 BN_div(&d, &e, &c, &a, ctx);
657 if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
658 fprintf(stderr, "Multiplication test failed!\n");
671 int test_sqr(BIO *bp, BN_CTX *ctx)
673 BIGNUM *a, *c, *d, *e;
680 if (a == NULL || c == NULL || d == NULL || e == NULL) {
684 for (i = 0; i < num0; i++) {
685 BN_bntest_rand(a, 40 + i * 10, 0, 0);
698 BN_div(d, e, c, a, ctx);
700 if (!BN_is_zero(d) || !BN_is_zero(e)) {
701 fprintf(stderr, "Square test failed!\n");
706 /* Regression test for a BN_sqr overflow bug. */
708 "80000000000000008000000000000001"
709 "FFFFFFFFFFFFFFFE0000000000000000");
721 BN_mul(d, a, a, ctx);
723 fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
724 "different results!\n");
727 * This test fails if we are linked to the FIPS module. Unfortunately
728 * that can't be fixed so we print out the error but continue anyway.
730 fprintf(stderr, " FIPS build: ignoring.\n");
736 /* Regression test for a BN_sqr overflow bug. */
738 "80000000000000000000000080000001"
739 "FFFFFFFE000000000000000000000000");
751 BN_mul(d, a, a, ctx);
753 fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
754 "different results!\n");
770 int test_mont(BIO *bp, BN_CTX *ctx)
772 BIGNUM a, b, c, d, A, B;
785 mont = BN_MONT_CTX_new();
787 BN_bntest_rand(&a, 100, 0, 0);
788 BN_bntest_rand(&b, 100, 0, 0);
789 for (i = 0; i < num2; i++) {
790 int bits = (200 * (i + 1)) / num2;
794 BN_bntest_rand(&n, bits, 0, 1);
795 BN_MONT_CTX_set(mont, &n, ctx);
797 BN_nnmod(&a, &a, &n, ctx);
798 BN_nnmod(&b, &b, &n, ctx);
800 BN_to_montgomery(&A, &a, mont, ctx);
801 BN_to_montgomery(&B, &b, mont, ctx);
803 BN_mod_mul_montgomery(&c, &A, &B, mont, ctx);
804 BN_from_montgomery(&A, &c, mont, ctx);
808 fprintf(stderr, "%d * %d %% %d\n",
810 BN_num_bits(&b), BN_num_bits(mont->N));
816 BN_print(bp, &(mont->N));
822 BN_mod_mul(&d, &a, &b, &n, ctx);
824 if (!BN_is_zero(&d)) {
825 fprintf(stderr, "Montgomery multiplication test failed!\n");
829 BN_MONT_CTX_free(mont);
840 int test_mod(BIO *bp, BN_CTX *ctx)
842 BIGNUM *a, *b, *c, *d, *e;
851 BN_bntest_rand(a, 1024, 0, 0);
852 for (i = 0; i < num0; i++) {
853 BN_bntest_rand(b, 450 + i * 10, 0, 0);
856 BN_mod(c, a, b, ctx);
867 BN_div(d, e, a, b, ctx);
869 if (!BN_is_zero(e)) {
870 fprintf(stderr, "Modulo test failed!\n");
882 int test_mod_mul(BIO *bp, BN_CTX *ctx)
884 BIGNUM *a, *b, *c, *d, *e;
893 for (j = 0; j < 3; j++) {
894 BN_bntest_rand(c, 1024, 0, 0);
895 for (i = 0; i < num0; i++) {
896 BN_bntest_rand(a, 475 + i * 10, 0, 0);
897 BN_bntest_rand(b, 425 + i * 11, 0, 0);
900 if (!BN_mod_mul(e, a, b, c, ctx)) {
903 while ((l = ERR_get_error()))
904 fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
914 if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
916 * If (a*b) % c is negative, c must be added in order
917 * to obtain the normalized remainder (new with
918 * OpenSSL 0.9.7, previous versions of BN_mod_mul
919 * could generate negative results)
929 BN_mul(d, a, b, ctx);
931 BN_div(a, b, d, c, ctx);
932 if (!BN_is_zero(b)) {
933 fprintf(stderr, "Modulo multiply test failed!\n");
934 ERR_print_errors_fp(stderr);
947 int test_mod_exp(BIO *bp, BN_CTX *ctx)
949 BIGNUM *a, *b, *c, *d, *e;
958 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
959 for (i = 0; i < num2; i++) {
960 BN_bntest_rand(a, 20 + i * 5, 0, 0);
961 BN_bntest_rand(b, 2 + i, 0, 0);
963 if (!BN_mod_exp(d, a, b, c, ctx))
978 BN_exp(e, a, b, ctx);
980 BN_div(a, b, e, c, ctx);
981 if (!BN_is_zero(b)) {
982 fprintf(stderr, "Modulo exponentiation test failed!\n");
994 int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
996 BIGNUM *a, *b, *c, *d, *e;
1005 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1006 for (i = 0; i < num2; i++) {
1007 BN_bntest_rand(a, 20 + i * 5, 0, 0);
1008 BN_bntest_rand(b, 2 + i, 0, 0);
1010 if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
1016 BIO_puts(bp, " ^ ");
1018 BIO_puts(bp, " % ");
1020 BIO_puts(bp, " - ");
1025 BN_exp(e, a, b, ctx);
1027 BN_div(a, b, e, c, ctx);
1028 if (!BN_is_zero(b)) {
1029 fprintf(stderr, "Modulo exponentiation test failed!\n");
1041 int test_exp(BIO *bp, BN_CTX *ctx)
1043 BIGNUM *a, *b, *d, *e, *one;
1053 for (i = 0; i < num2; i++) {
1054 BN_bntest_rand(a, 20 + i * 5, 0, 0);
1055 BN_bntest_rand(b, 2 + i, 0, 0);
1057 if (BN_exp(d, a, b, ctx) <= 0)
1063 BIO_puts(bp, " ^ ");
1065 BIO_puts(bp, " - ");
1071 for (; !BN_is_zero(b); BN_sub(b, b, one))
1072 BN_mul(e, e, a, ctx);
1074 if (!BN_is_zero(e)) {
1075 fprintf(stderr, "Exponentiation test failed!\n");
1087 int test_gf2m_add(BIO *bp)
1096 for (i = 0; i < num0; i++) {
1097 BN_rand(&a, 512, 0, 0);
1098 BN_copy(&b, BN_value_one());
1101 BN_GF2m_add(&c, &a, &b);
1102 #if 0 /* make test uses ouput in bc but bc can't
1103 * handle GF(2^m) arithmetic */
1107 BIO_puts(bp, " ^ ");
1109 BIO_puts(bp, " = ");
1115 /* Test that two added values have the correct parity. */
1116 if ((BN_is_odd(&a) && BN_is_odd(&c))
1117 || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
1118 fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
1121 BN_GF2m_add(&c, &c, &c);
1122 /* Test that c + c = 0. */
1123 if (!BN_is_zero(&c)) {
1124 fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
1136 int test_gf2m_mod(BIO *bp)
1138 BIGNUM *a, *b[2], *c, *d, *e;
1140 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1141 unsigned int p1[] = { 193, 15, 0 };
1150 BN_GF2m_arr2poly(p0, b[0]);
1151 BN_GF2m_arr2poly(p1, b[1]);
1153 for (i = 0; i < num0; i++) {
1154 BN_bntest_rand(a, 1024, 0, 0);
1155 for (j = 0; j < 2; j++) {
1156 BN_GF2m_mod(c, a, b[j]);
1157 #if 0 /* make test uses ouput in bc but bc can't
1158 * handle GF(2^m) arithmetic */
1162 BIO_puts(bp, " % ");
1164 BIO_puts(bp, " - ");
1170 BN_GF2m_add(d, a, c);
1171 BN_GF2m_mod(e, d, b[j]);
1172 /* Test that a + (a mod p) mod p == 0. */
1173 if (!BN_is_zero(e)) {
1174 fprintf(stderr, "GF(2^m) modulo test failed!\n");
1190 int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
1192 BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
1194 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1195 unsigned int p1[] = { 193, 15, 0 };
1207 BN_GF2m_arr2poly(p0, b[0]);
1208 BN_GF2m_arr2poly(p1, b[1]);
1210 for (i = 0; i < num0; i++) {
1211 BN_bntest_rand(a, 1024, 0, 0);
1212 BN_bntest_rand(c, 1024, 0, 0);
1213 BN_bntest_rand(d, 1024, 0, 0);
1214 for (j = 0; j < 2; j++) {
1215 BN_GF2m_mod_mul(e, a, c, b[j], ctx);
1216 #if 0 /* make test uses ouput in bc but bc can't
1217 * handle GF(2^m) arithmetic */
1221 BIO_puts(bp, " * ");
1223 BIO_puts(bp, " % ");
1225 BIO_puts(bp, " - ");
1231 BN_GF2m_add(f, a, d);
1232 BN_GF2m_mod_mul(g, f, c, b[j], ctx);
1233 BN_GF2m_mod_mul(h, d, c, b[j], ctx);
1234 BN_GF2m_add(f, e, g);
1235 BN_GF2m_add(f, f, h);
1236 /* Test that (a+d)*c = a*c + d*c. */
1237 if (!BN_is_zero(f)) {
1239 "GF(2^m) modular multiplication test failed!\n");
1258 int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
1260 BIGNUM *a, *b[2], *c, *d;
1262 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1263 unsigned int p1[] = { 193, 15, 0 };
1271 BN_GF2m_arr2poly(p0, b[0]);
1272 BN_GF2m_arr2poly(p1, b[1]);
1274 for (i = 0; i < num0; i++) {
1275 BN_bntest_rand(a, 1024, 0, 0);
1276 for (j = 0; j < 2; j++) {
1277 BN_GF2m_mod_sqr(c, a, b[j], ctx);
1279 BN_GF2m_mod_mul(d, a, d, b[j], ctx);
1280 #if 0 /* make test uses ouput in bc but bc can't
1281 * handle GF(2^m) arithmetic */
1285 BIO_puts(bp, " ^ 2 % ");
1287 BIO_puts(bp, " = ");
1289 BIO_puts(bp, "; a * a = ");
1295 BN_GF2m_add(d, c, d);
1296 /* Test that a*a = a^2. */
1297 if (!BN_is_zero(d)) {
1298 fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
1313 int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
1315 BIGNUM *a, *b[2], *c, *d;
1317 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1318 unsigned int p1[] = { 193, 15, 0 };
1326 BN_GF2m_arr2poly(p0, b[0]);
1327 BN_GF2m_arr2poly(p1, b[1]);
1329 for (i = 0; i < num0; i++) {
1330 BN_bntest_rand(a, 512, 0, 0);
1331 for (j = 0; j < 2; j++) {
1332 BN_GF2m_mod_inv(c, a, b[j], ctx);
1333 BN_GF2m_mod_mul(d, a, c, b[j], ctx);
1334 #if 0 /* make test uses ouput in bc but bc can't
1335 * handle GF(2^m) arithmetic */
1339 BIO_puts(bp, " * ");
1341 BIO_puts(bp, " - 1 % ");
1347 /* Test that ((1/a)*a) = 1. */
1348 if (!BN_is_one(d)) {
1349 fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
1364 int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
1366 BIGNUM *a, *b[2], *c, *d, *e, *f;
1368 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1369 unsigned int p1[] = { 193, 15, 0 };
1379 BN_GF2m_arr2poly(p0, b[0]);
1380 BN_GF2m_arr2poly(p1, b[1]);
1382 for (i = 0; i < num0; i++) {
1383 BN_bntest_rand(a, 512, 0, 0);
1384 BN_bntest_rand(c, 512, 0, 0);
1385 for (j = 0; j < 2; j++) {
1386 BN_GF2m_mod_div(d, a, c, b[j], ctx);
1387 BN_GF2m_mod_mul(e, d, c, b[j], ctx);
1388 BN_GF2m_mod_div(f, a, e, b[j], ctx);
1389 #if 0 /* make test uses ouput in bc but bc can't
1390 * handle GF(2^m) arithmetic */
1394 BIO_puts(bp, " = ");
1396 BIO_puts(bp, " * ");
1398 BIO_puts(bp, " % ");
1404 /* Test that ((a/c)*c)/a = 1. */
1405 if (!BN_is_one(f)) {
1406 fprintf(stderr, "GF(2^m) modular division test failed!\n");
1423 int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
1425 BIGNUM *a, *b[2], *c, *d, *e, *f;
1427 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1428 unsigned int p1[] = { 193, 15, 0 };
1438 BN_GF2m_arr2poly(p0, b[0]);
1439 BN_GF2m_arr2poly(p1, b[1]);
1441 for (i = 0; i < num0; i++) {
1442 BN_bntest_rand(a, 512, 0, 0);
1443 BN_bntest_rand(c, 512, 0, 0);
1444 BN_bntest_rand(d, 512, 0, 0);
1445 for (j = 0; j < 2; j++) {
1446 BN_GF2m_mod_exp(e, a, c, b[j], ctx);
1447 BN_GF2m_mod_exp(f, a, d, b[j], ctx);
1448 BN_GF2m_mod_mul(e, e, f, b[j], ctx);
1450 BN_GF2m_mod_exp(f, a, f, b[j], ctx);
1451 #if 0 /* make test uses ouput in bc but bc can't
1452 * handle GF(2^m) arithmetic */
1456 BIO_puts(bp, " ^ (");
1458 BIO_puts(bp, " + ");
1460 BIO_puts(bp, ") = ");
1462 BIO_puts(bp, "; - ");
1464 BIO_puts(bp, " % ");
1470 BN_GF2m_add(f, e, f);
1471 /* Test that a^(c+d)=a^c*a^d. */
1472 if (!BN_is_zero(f)) {
1474 "GF(2^m) modular exponentiation test failed!\n");
1491 int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
1493 BIGNUM *a, *b[2], *c, *d, *e, *f;
1495 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1496 unsigned int p1[] = { 193, 15, 0 };
1506 BN_GF2m_arr2poly(p0, b[0]);
1507 BN_GF2m_arr2poly(p1, b[1]);
1509 for (i = 0; i < num0; i++) {
1510 BN_bntest_rand(a, 512, 0, 0);
1511 for (j = 0; j < 2; j++) {
1512 BN_GF2m_mod(c, a, b[j]);
1513 BN_GF2m_mod_sqrt(d, a, b[j], ctx);
1514 BN_GF2m_mod_sqr(e, d, b[j], ctx);
1515 #if 0 /* make test uses ouput in bc but bc can't
1516 * handle GF(2^m) arithmetic */
1520 BIO_puts(bp, " ^ 2 - ");
1526 BN_GF2m_add(f, c, e);
1527 /* Test that d^2 = a, where d = sqrt(a). */
1528 if (!BN_is_zero(f)) {
1529 fprintf(stderr, "GF(2^m) modular square root test failed!\n");
1546 int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
1548 BIGNUM *a, *b[2], *c, *d, *e;
1549 int i, j, s = 0, t, ret = 0;
1550 unsigned int p0[] = { 163, 7, 6, 3, 0 };
1551 unsigned int p1[] = { 193, 15, 0 };
1560 BN_GF2m_arr2poly(p0, b[0]);
1561 BN_GF2m_arr2poly(p1, b[1]);
1563 for (i = 0; i < num0; i++) {
1564 BN_bntest_rand(a, 512, 0, 0);
1565 for (j = 0; j < 2; j++) {
1566 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1569 BN_GF2m_mod_sqr(d, c, b[j], ctx);
1570 BN_GF2m_add(d, c, d);
1571 BN_GF2m_mod(e, a, b[j]);
1572 #if 0 /* make test uses ouput in bc but bc can't
1573 * handle GF(2^m) arithmetic */
1577 BIO_puts(bp, " is root of z^2 + z = ");
1579 BIO_puts(bp, " % ");
1585 BN_GF2m_add(e, e, d);
1587 * Test that solution of quadratic c satisfies c^2 + c = a.
1589 if (!BN_is_zero(e)) {
1591 "GF(2^m) modular solve quadratic test failed!\n");
1596 #if 0 /* make test uses ouput in bc but bc can't
1597 * handle GF(2^m) arithmetic */
1600 BIO_puts(bp, "There are no roots of z^2 + z = ");
1602 BIO_puts(bp, " % ");
1613 "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n",
1616 "this is very unlikely and probably indicates an error.\n");
1630 static int genprime_cb(int p, int n, BN_GENCB *arg)
1647 int test_kron(BIO *bp, BN_CTX *ctx)
1650 BIGNUM *a, *b, *r, *t;
1652 int legendre, kronecker;
1659 if (a == NULL || b == NULL || r == NULL || t == NULL)
1662 BN_GENCB_set(&cb, genprime_cb, NULL);
1665 * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
1666 * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
1667 * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
1668 * generate a random prime b and compare these values for a number of
1669 * random a's. (That is, we run the Solovay-Strassen primality test to
1670 * confirm that b is prime, except that we don't want to test whether b
1671 * is prime but whether BN_kronecker works.)
1674 if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
1676 b->neg = rand_neg();
1679 for (i = 0; i < num0; i++) {
1680 if (!BN_bntest_rand(a, 512, 0, 0))
1682 a->neg = rand_neg();
1684 /* t := (|b|-1)/2 (note that b is odd) */
1688 if (!BN_sub_word(t, 1))
1690 if (!BN_rshift1(t, t))
1692 /* r := a^t mod b */
1695 if (!BN_mod_exp_recp(r, a, t, b, ctx))
1699 if (BN_is_word(r, 1))
1701 else if (BN_is_zero(r))
1704 if (!BN_add_word(r, 1))
1706 if (0 != BN_ucmp(r, b)) {
1707 fprintf(stderr, "Legendre symbol computation failed\n");
1713 kronecker = BN_kronecker(a, b, ctx);
1716 /* we actually need BN_kronecker(a, |b|) */
1717 if (a->neg && b->neg)
1718 kronecker = -kronecker;
1720 if (legendre != kronecker) {
1721 fprintf(stderr, "legendre != kronecker; a = ");
1722 BN_print_fp(stderr, a);
1723 fprintf(stderr, ", b = ");
1724 BN_print_fp(stderr, b);
1725 fprintf(stderr, "\n");
1748 int test_sqrt(BIO *bp, BN_CTX *ctx)
1758 if (a == NULL || p == NULL || r == NULL)
1761 BN_GENCB_set(&cb, genprime_cb, NULL);
1763 for (i = 0; i < 16; i++) {
1765 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
1767 if (!BN_set_word(p, primes[i]))
1770 if (!BN_set_word(a, 32))
1772 if (!BN_set_word(r, 2 * i + 1))
1775 if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
1779 p->neg = rand_neg();
1781 for (j = 0; j < num2; j++) {
1783 * construct 'a' such that it is a square modulo p, but in
1784 * general not a proper square and not reduced modulo p
1786 if (!BN_bntest_rand(r, 256, 0, 3))
1788 if (!BN_nnmod(r, r, p, ctx))
1790 if (!BN_mod_sqr(r, r, p, ctx))
1792 if (!BN_bntest_rand(a, 256, 0, 3))
1794 if (!BN_nnmod(a, a, p, ctx))
1796 if (!BN_mod_sqr(a, a, p, ctx))
1798 if (!BN_mul(a, a, r, ctx))
1801 if (!BN_sub(a, a, p))
1804 if (!BN_mod_sqrt(r, a, p, ctx))
1806 if (!BN_mod_sqr(r, r, p, ctx))
1809 if (!BN_nnmod(a, a, p, ctx))
1812 if (BN_cmp(a, r) != 0) {
1813 fprintf(stderr, "BN_mod_sqrt failed: a = ");
1814 BN_print_fp(stderr, a);
1815 fprintf(stderr, ", r = ");
1816 BN_print_fp(stderr, r);
1817 fprintf(stderr, ", p = ");
1818 BN_print_fp(stderr, p);
1819 fprintf(stderr, "\n");
1841 int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
1843 BIGNUM *a, *b, *c, *d;
1855 BN_bntest_rand(a, 200, 0, 0);
1856 a->neg = rand_neg();
1858 for (i = 0; i < num0; i++) {
1859 BN_lshift(b, a, i + 1);
1864 BIO_puts(bp, " * ");
1866 BIO_puts(bp, " - ");
1871 BN_mul(d, a, c, ctx);
1873 if (!BN_is_zero(d)) {
1874 fprintf(stderr, "Left shift test failed!\n");
1875 fprintf(stderr, "a=");
1876 BN_print_fp(stderr, a);
1877 fprintf(stderr, "\nb=");
1878 BN_print_fp(stderr, b);
1879 fprintf(stderr, "\nc=");
1880 BN_print_fp(stderr, c);
1881 fprintf(stderr, "\nd=");
1882 BN_print_fp(stderr, d);
1883 fprintf(stderr, "\n");
1894 int test_lshift1(BIO *bp)
1903 BN_bntest_rand(a, 200, 0, 0);
1904 a->neg = rand_neg();
1905 for (i = 0; i < num0; i++) {
1910 BIO_puts(bp, " * 2");
1911 BIO_puts(bp, " - ");
1918 if (!BN_is_zero(a)) {
1919 fprintf(stderr, "Left shift one test failed!\n");
1931 int test_rshift(BIO *bp, BN_CTX *ctx)
1933 BIGNUM *a, *b, *c, *d, *e;
1943 BN_bntest_rand(a, 200, 0, 0);
1944 a->neg = rand_neg();
1945 for (i = 0; i < num0; i++) {
1946 BN_rshift(b, a, i + 1);
1951 BIO_puts(bp, " / ");
1953 BIO_puts(bp, " - ");
1958 BN_div(d, e, a, c, ctx);
1960 if (!BN_is_zero(d)) {
1961 fprintf(stderr, "Right shift test failed!\n");
1973 int test_rshift1(BIO *bp)
1982 BN_bntest_rand(a, 200, 0, 0);
1983 a->neg = rand_neg();
1984 for (i = 0; i < num0; i++) {
1989 BIO_puts(bp, " / 2");
1990 BIO_puts(bp, " - ");
1997 if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
1998 fprintf(stderr, "Right shift one test failed!\n");
2011 static unsigned int neg = 0;
2012 static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
2014 return (sign[(neg++) % 8]);
projects / FreeBSD / releng / 9.3.git / blob