From 23942a4b20132239228a7a9bd27c5b5518a0b57c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Jun 2021 23:00:17 +0200 Subject: [PATCH 01/37] Clarify a few test descriptions (mostly involving 0) Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 1671d6e1e..da357a196 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -151,7 +151,7 @@ mbedtls_mpi_bitlen:10:"16":5 Base test mbedtls_mpi_bitlen #6 mbedtls_mpi_bitlen:10:"10":4 -Base test mbedtls_mpi_bitlen #7 +Base test mbedtls_mpi_bitlen: 0 (1 limb) mbedtls_mpi_bitlen:10:"0":0 Base test mbedtls_mpi_cmp_int #1 @@ -304,7 +304,7 @@ mbedtls_mpi_cmp_abs:10:"-2":10:"-3":-1 Base test mbedtls_mpi_cmp_abs (Negative values) #3 mbedtls_mpi_cmp_abs:10:"-2":10:"-1":1 -Base test mbedtls_mpi_cmp_abs (Zero and Zero) #4 +Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (1 limb) mbedtls_mpi_cmp_abs:10:"0":10:"0":0 Base test mbedtls_mpi_cmp_abs (Mix values) #1 @@ -634,7 +634,7 @@ mbedtls_mpi_mul_int:10:"-2039568783564019774057658669290345772801939933143482630 Base test mbedtls_mpi_div_mpi #1 mbedtls_mpi_div_mpi:10:"1000":10:"13":10:"76":10:"12":0 -Base test mbedtls_mpi_div_mpi #2 (Divide by zero) +Base test mbedtls_mpi_div_mpi #2 (Divide by zero (1 limb)) mbedtls_mpi_div_mpi:10:"1000":10:"0":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO Base test mbedtls_mpi_div_mpi #3 @@ -670,7 +670,7 @@ mbedtls_mpi_div_int:10:"20133056642518226042310730101376278483547239130123806338 Base test mbedtls_mpi_mod_mpi #1 mbedtls_mpi_mod_mpi:10:"1000":10:"13":10:"12":0 -Base test mbedtls_mpi_mod_mpi #2 (Divide by zero) +Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (1 limb)) mbedtls_mpi_mod_mpi:10:"1000":10:"0":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO Base test mbedtls_mpi_mod_mpi #3 @@ -768,16 +768,16 @@ mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769 Base test mbedtls_mpi_inv_mod #1 mbedtls_mpi_inv_mod:10:"3":10:"11":10:"4":0 -Base test mbedtls_mpi_inv_mod #2 +Test mbedtls_mpi_inv_mod: mod 0 (1 limb) mbedtls_mpi_inv_mod:10:"3":10:"0":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Base test mbedtls_mpi_inv_mod #3 +Test mbedtls_mpi_inv_mod: mod negative mbedtls_mpi_inv_mod:10:"3":10:"-11":10:"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA -Base test mbedtls_mpi_inv_mod #4 +Test mbedtls_mpi_inv_mod: 2^-1 mod 4 mbedtls_mpi_inv_mod:10:"2":10:"4":10:"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -Base test mbedtls_mpi_inv_mod #5 +Test mbedtls_mpi_inv_mod: mod 1 mbedtls_mpi_inv_mod:10:"3":10:"1":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_inv_mod #1 From db4797198ab473bbd220da59cf180d175a917e25 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 14:13:53 +0200 Subject: [PATCH 02/37] New test helper mbedtls_test_read_mpi This test helper reads an MPI from a string and guarantees control over the number of limbs of the MPI, allowing test cases to construct values with or without leading zeros, including 0 with 0 limbs. Signed-off-by: Gilles Peskine --- tests/include/test/helpers.h | 25 +++++++++++++++++++++++++ tests/src/helpers.c | 15 +++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 9bfe08547..dfc09cdbb 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -54,6 +54,10 @@ #include #include +#if defined(MBEDTLS_BIGNUM_C) +#include "mbedtls/bignum.h" +#endif + typedef enum { MBEDTLS_TEST_RESULT_SUCCESS = 0, @@ -294,4 +298,25 @@ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); #endif +#if defined(MBEDTLS_BIGNUM_C) +/** Read an MPI from a string. + * + * Like mbedtls_mpi_read_string(), but size the resulting bignum based + * on the number of digits in the string. In particular, construct a + * bignum with 0 limbs for an empty string, and a bignum with leading 0 + * limbs if the string has sufficiently many leading 0 digits. + * + * This is important so that the "0 (null)" and "0 (1 limb)" and + * "leading zeros" test cases do what they claim. + * + * \param[out] X The MPI object to populate. It must be initialized. + * \param radix The radix (2 to 16). + * \param[in] s The null-terminated string to read from. + * + * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise. + */ +/* Since the library has exactly the desired behavior, this is trivial. */ +int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ); +#endif /* MBEDTLS_BIGNUM_C */ + #endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b7c9867b0..bf6c1d956 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -338,3 +338,18 @@ void mbedtls_test_err_add_check( int high, int low, } } #endif /* MBEDTLS_TEST_HOOKS */ + +#if defined(MBEDTLS_BIGNUM_C) +int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s ) +{ + /* mbedtls_mpi_read_string() currently retains leading zeros. + * It always allocates at least one limb for the value 0. */ + if( s[0] == 0 ) + { + mbedtls_mpi_free( X ); + return( 0 ); + } + else + return( mbedtls_mpi_read_string( X, radix, s ) ); +} +#endif From a0f4e10e61b2aed4fbef75fd8e4c447fde93d25d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jun 2021 23:18:39 +0200 Subject: [PATCH 03/37] Use mbedtls_test_read_mpi in test suites Replace calls to mbedtls_mpi_read_string() with a wrapper mbedtls_test_read_mpi() when reading test data except for the purpose of testing mbedtls_mpi_read_string() itself. The wrapper lets the test data control precisely how many limbs the constructed MPI has. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_asn1parse.function | 2 +- tests/suites/test_suite_debug.function | 4 +- tests/suites/test_suite_dhm.function | 10 +- tests/suites/test_suite_ecdh.function | 10 +- tests/suites/test_suite_ecdsa.function | 14 +- tests/suites/test_suite_ecp.function | 80 +++++------ tests/suites/test_suite_mpi.function | 150 ++++++++++----------- tests/suites/test_suite_pk.function | 22 +-- tests/suites/test_suite_pkcs1_v15.function | 24 ++-- tests/suites/test_suite_rsa.function | 140 +++++++++---------- tests/suites/test_suite_x509write.function | 2 +- 11 files changed, 228 insertions(+), 230 deletions(-) diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function index 47a43407d..414278f29 100644 --- a/tests/suites/test_suite_asn1parse.function +++ b/tests/suites/test_suite_asn1parse.function @@ -417,7 +417,7 @@ void get_integer( const data_t *input, } #if defined(MBEDTLS_BIGNUM_C) - ret = mbedtls_mpi_read_string( &expected_mpi, 16, expected_hex ); + ret = mbedtls_test_read_mpi( &expected_mpi, 16, expected_hex ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); if( ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) { diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 0e663c6fa..fe5549a17 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -179,9 +179,7 @@ void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line, TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); - /* If value is empty, keep val->n == 0. */ - if( value[0] != 0 ) - TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 ); mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 6d3743f94..96ff2ac73 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -206,8 +206,8 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, /* * Set params */ - TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.G, radix_G, input_G ) == 0 ); pub_cli_len = mbedtls_mpi_size( &ctx_srv.P ); /* @@ -307,7 +307,7 @@ void dhm_make_public( int P_bytes, int radix_G, char *input_G, int result ) TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &G, radix_G, input_G ) == 0 ); TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 ); TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ), @@ -331,8 +331,8 @@ void dhm_file( char * filename, char * p, char * g, int len ) mbedtls_dhm_init( &ctx ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, 16, p ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &G, 16, g ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, 16, p ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &G, 16, g ) == 0 ); TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 ); diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index da0531b45..69197e666 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -278,21 +278,21 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, mbedtls_test_rnd_buffer_rand, &rnd_info_A ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, mbedtls_test_rnd_buffer_rand, &rnd_info_B ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, z_str ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index fb6ed460f..d47bb4ed8 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -289,9 +289,9 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 ); rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand; rnd_info.fallback_p_rng = NULL; rnd_info.buf = rnd_buf->x; @@ -354,9 +354,9 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, memset( hash, 0, sizeof( hash ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); @@ -585,7 +585,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, memset( sig, 0, sizeof( sig ) ); TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 934598dd3..063be0fe8 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -401,9 +401,9 @@ void ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex, TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret ); @@ -452,13 +452,13 @@ void ecp_test_vect_restart( int id, TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 ); mbedtls_ecp_set_max_ops( (unsigned) max_ops ); @@ -536,13 +536,13 @@ void ecp_muladd_restart( int id, char *xR_str, char *yR_str, TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &u1, 16, u1_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &u2, 16, u2_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xR, 16, xR_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &yR, 16, yR_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &u1, 16, u1_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &u2, 16, u2_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xR, 16, xR_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &yR, 16, yR_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q.X, 16, xQ_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q.Y, 16, yQ_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q.X, 16, xQ_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q.Y, 16, yQ_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 ); mbedtls_ecp_set_max_ops( (unsigned) max_ops ); @@ -599,14 +599,14 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &yB, 16, yB_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &yB, 16, yB_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); @@ -654,11 +654,11 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &xS, 16, xS_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); @@ -817,7 +817,7 @@ void ecp_fast_mod( int id, char * N_str ) mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R ); mbedtls_ecp_group_init( &grp ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, 16, N_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, 16, N_str ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( grp.modp != NULL ); @@ -856,9 +856,9 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format, TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format, &olen, buf, blen ) == ret ); @@ -887,9 +887,9 @@ void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z, TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret ); @@ -931,9 +931,9 @@ void mbedtls_ecp_tls_read_point( int id, data_t * buf, char * x, char * y, TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 ); TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret ); @@ -1068,7 +1068,7 @@ void mbedtls_ecp_check_privkey( int id, char * key_hex, int ret ) mbedtls_mpi_init( &d ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, key_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, key_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret ); @@ -1095,7 +1095,7 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub, if( id != MBEDTLS_ECP_DP_NONE ) TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.d, 16, d ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 58079841c..f4753fb78 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -429,7 +429,7 @@ void mbedtls_mpi_write_binary( int radix_X, char * input_X, mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); buflen = mbedtls_mpi_size( &X ); if( buflen > (size_t) output_size ) @@ -461,7 +461,7 @@ void mbedtls_mpi_write_binary_le( int radix_X, char * input_X, mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); buflen = mbedtls_mpi_size( &X ); if( buflen > (size_t) output_size ) @@ -525,7 +525,7 @@ void mbedtls_mpi_write_file( int radix_X, char * input_X, int output_radix, mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); file_out = fopen( output_file, "w" ); TEST_ASSERT( file_out != NULL ); @@ -551,7 +551,7 @@ void mbedtls_mpi_get_bit( int radix_X, char * input_X, int pos, int val ) { mbedtls_mpi X; mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val ); exit: @@ -566,8 +566,8 @@ void mbedtls_mpi_set_bit( int radix_X, char * input_X, int pos, int val, mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, output_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, output_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result ); if( result == 0 ) @@ -586,7 +586,7 @@ void mbedtls_mpi_lsb( int radix_X, char * input_X, int nr_bits ) mbedtls_mpi X; mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits ); exit: @@ -600,7 +600,7 @@ void mbedtls_mpi_bitlen( int radix_X, char * input_X, int nr_bits ) mbedtls_mpi X; mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits ); exit: @@ -615,9 +615,9 @@ void mbedtls_mpi_gcd( int radix_X, char * input_X, int radix_Y, mbedtls_mpi A, X, Y, Z; mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); @@ -647,8 +647,8 @@ void mbedtls_mpi_cmp_mpi( int radix_X, char * input_X, int radix_Y, mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A ); exit: @@ -666,8 +666,8 @@ void mbedtls_mpi_lt_mpi_ct( int size_X, char * input_X, mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 ); @@ -688,8 +688,8 @@ void mbedtls_mpi_cmp_abs( int radix_X, char * input_X, int radix_Y, mbedtls_mpi X, Y; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A ); exit: @@ -774,9 +774,9 @@ void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign, mbedtls_mpi X, Y, XX; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x_str ) == 0 ); X.s = x_sign; - TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y_str ) == 0 ); Y.s = y_sign; TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 ); @@ -800,9 +800,9 @@ void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign, mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX ); mbedtls_mpi_init( &YY ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x_str ) == 0 ); X.s = x_sign; - TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y_str ) == 0 ); Y.s = y_sign; TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 ); @@ -888,16 +888,16 @@ void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y, mbedtls_mpi X, Y, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 ); @@ -915,17 +915,17 @@ void mbedtls_mpi_add_mpi_inplace( int radix_X, char * input_X, int radix_A, mbedtls_mpi X, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); @@ -942,16 +942,16 @@ void mbedtls_mpi_add_abs( int radix_X, char * input_X, int radix_Y, mbedtls_mpi X, Y, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 ); @@ -969,8 +969,8 @@ void mbedtls_mpi_add_int( int radix_X, char * input_X, int input_Y, mbedtls_mpi X, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); @@ -986,16 +986,16 @@ void mbedtls_mpi_sub_mpi( int radix_X, char * input_X, int radix_Y, mbedtls_mpi X, Y, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 ); @@ -1015,9 +1015,9 @@ void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y, int res; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); res = mbedtls_mpi_sub_abs( &Z, &X, &Y ); TEST_ASSERT( res == sub_result ); @@ -1028,7 +1028,7 @@ void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result ); if( sub_result == 0 ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result ); @@ -1047,8 +1047,8 @@ void mbedtls_mpi_sub_int( int radix_X, char * input_X, int input_Y, mbedtls_mpi X, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); @@ -1064,9 +1064,9 @@ void mbedtls_mpi_mul_mpi( int radix_X, char * input_X, int radix_Y, mbedtls_mpi X, Y, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); @@ -1083,8 +1083,8 @@ void mbedtls_mpi_mul_int( int radix_X, char * input_X, int input_Y, mbedtls_mpi X, Z, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 ); if( strcmp( result_comparison, "==" ) == 0 ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); @@ -1108,10 +1108,10 @@ void mbedtls_mpi_div_mpi( int radix_X, char * input_X, int radix_Y, mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &B, radix_B, input_B ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 ); res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y ); TEST_ASSERT( res == div_result ); if( res == 0 ) @@ -1136,9 +1136,9 @@ void mbedtls_mpi_div_int( int radix_X, char * input_X, int input_Y, mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &B, radix_B, input_B ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 ); res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y ); TEST_ASSERT( res == div_result ); if( res == 0 ) @@ -1162,9 +1162,9 @@ void mbedtls_mpi_mod_mpi( int radix_X, char * input_X, int radix_Y, int res; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); res = mbedtls_mpi_mod_mpi( &X, &X, &Y ); TEST_ASSERT( res == div_result ); if( res == 0 ) @@ -1186,7 +1186,7 @@ void mbedtls_mpi_mod_int( int radix_X, char * input_X, int input_Y, mbedtls_mpi_uint r; mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); res = mbedtls_mpi_mod_int( &r, &X, input_Y ); TEST_ASSERT( res == div_result ); if( res == 0 ) @@ -1210,13 +1210,13 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); if( strlen( input_RR ) ) - TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &RR, radix_RR, input_RR ) == 0 ); res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); TEST_ASSERT( res == div_result ); @@ -1255,7 +1255,7 @@ void mbedtls_mpi_exp_mod_size( int A_bytes, int E_bytes, int N_bytes, TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 ); if( strlen( input_RR ) ) - TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &RR, radix_RR, input_RR ) == 0 ); TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result ); @@ -1274,9 +1274,9 @@ void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y, int res; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); res = mbedtls_mpi_inv_mod( &Z, &X, &Y ); TEST_ASSERT( res == div_result ); if( res == 0 ) @@ -1296,7 +1296,7 @@ void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result ) int res; mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( res == div_result ); @@ -1382,8 +1382,8 @@ void mbedtls_mpi_shift_l( int radix_X, char * input_X, int shift_X, mbedtls_mpi X, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); @@ -1399,8 +1399,8 @@ void mbedtls_mpi_shift_r( int radix_X, char * input_X, int shift_X, mbedtls_mpi X, A; mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A ); - TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bc469b68d..a249ba251 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -670,8 +670,8 @@ void pk_rsa_verify_test_vec( data_t * message_str, int digest, int mod, rsa = mbedtls_pk_rsa( pk ); rsa->len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); if( mbedtls_md_info_from_type( digest ) != NULL ) @@ -713,8 +713,8 @@ void pk_rsa_verify_ext_test_vec( data_t * message_str, int digest, rsa = mbedtls_pk_rsa( pk ); rsa->len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); if( digest != MBEDTLS_MD_NONE ) @@ -801,7 +801,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 ); TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); @@ -985,8 +985,8 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, rsa = mbedtls_pk_rsa( pk ); rsa->len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, output, &olen, sizeof( output ), @@ -1024,12 +1024,12 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, rsa = mbedtls_pk_rsa( pk ); /* load public key */ - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); /* load private key */ - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 9af6aec8a..d3553403a 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -28,8 +28,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -76,10 +76,10 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); @@ -289,10 +289,10 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); @@ -335,8 +335,8 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( hash_result, 0x00, sizeof( hash_result ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d3d016da0..1de166d2d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -532,10 +532,10 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -578,8 +578,8 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); @@ -616,10 +616,10 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -687,8 +687,8 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -751,8 +751,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -792,8 +792,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -840,10 +840,10 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -886,8 +886,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -945,10 +945,10 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); @@ -1021,11 +1021,11 @@ void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E, if( strlen( input_N ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); } if( strlen( input_E ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); } TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); @@ -1053,36 +1053,36 @@ void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P, ctx.len = mod / 8; if( strlen( input_P ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, radix_P, input_P ) == 0 ); } if( strlen( input_Q ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, radix_Q, input_Q ) == 0 ); } if( strlen( input_N ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, radix_N, input_N ) == 0 ); } if( strlen( input_E ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, radix_E, input_E ) == 0 ); } if( strlen( input_D ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, radix_D, input_D ) == 0 ); } #if !defined(MBEDTLS_RSA_NO_CRT) if( strlen( input_DP ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, radix_DP, input_DP ) == 0 ); } if( strlen( input_DQ ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, radix_DQ, input_DQ ) == 0 ); } if( strlen( input_QP ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, radix_QP, input_QP ) == 0 ); } #else ((void) radix_DP); ((void) input_DP); @@ -1117,45 +1117,45 @@ void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub, if( strlen( input_Npub ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, radix_Npub, input_Npub ) == 0 ); } if( strlen( input_Epub ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, radix_Epub, input_Epub ) == 0 ); } if( strlen( input_P ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, radix_P, input_P ) == 0 ); } if( strlen( input_Q ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, radix_Q, input_Q ) == 0 ); } if( strlen( input_N ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, radix_N, input_N ) == 0 ); } if( strlen( input_E ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, radix_E, input_E ) == 0 ); } if( strlen( input_D ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, radix_D, input_D ) == 0 ); } #if !defined(MBEDTLS_RSA_NO_CRT) if( strlen( input_DP ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, radix_DP, input_DP ) == 0 ); } if( strlen( input_DQ ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, radix_DQ, input_DQ ) == 0 ); } if( strlen( input_QP ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, radix_QP, input_QP ) == 0 ); } #else ((void) radix_DP); ((void) input_DP); @@ -1216,11 +1216,11 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Qp, radix_P, output_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Pp, radix_Q, output_Q ) == 0 ); if( corrupt ) TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); @@ -1257,10 +1257,10 @@ void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P, mbedtls_mpi_init( &E ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Dp, radix_D, output_D ) == 0 ); if( corrupt ) { @@ -1343,19 +1343,19 @@ void mbedtls_rsa_import( int radix_N, char *input_N, (const unsigned char *) pers, strlen( pers ) ) == 0 ); if( have_N ) - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); if( have_P ) - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); if( have_Q ) - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); if( have_D ) - TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); if( have_E ) - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); if( !successive ) { @@ -1487,19 +1487,19 @@ void mbedtls_rsa_export( int radix_N, char *input_N, /* Setup RSA context */ if( have_N ) - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); if( have_P ) - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); if( have_Q ) - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); if( have_D ) - TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); if( have_E ) - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, strlen( input_N ) ? &N : NULL, @@ -1607,19 +1607,19 @@ void mbedtls_rsa_validate_params( int radix_N, char *input_N, strlen( pers ) ) == 0 ); if( have_N ) - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); if( have_P ) - TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 ); if( have_Q ) - TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 ); if( have_D ) - TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 ); if( have_E ) - TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL, have_P ? &P : NULL, diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 59ea17b2c..ce475e613 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -246,7 +246,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, (void) rsa_alt; #endif - TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 ); if( ver != -1 ) mbedtls_x509write_crt_set_version( &crt, ver ); From b53b218bf2994c865e808fc286ca0aed2a5b2f60 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jun 2021 15:34:15 +0200 Subject: [PATCH 04/37] Test the validity of the sign bit after constructing an MPI object This is mostly to look for cases where the sign bit may have been left at 0 after zerozing memory, or a value of 0 with the sign bit set to -11. Both of these mostly work fine, so they can go otherwise undetected by unit tests, but they can break when certain combinations of functions are used. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.function | 63 ++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index f4753fb78..8b37c02b3 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -6,6 +6,18 @@ #define MPI_MAX_BITS_LARGER_THAN_792 #endif +/* Check the validity of the sign bit in an MPI object. Reject representations + * that are not supported by the rest of the library and indicate a bug when + * constructing the value. */ +static int sign_is_valid( const mbedtls_mpi *X ) +{ + if( X->s != 1 && X->s != -1 ) + return( 0 ); // invalid sign bit, e.g. 0 + if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 ) + return( 0 ); // negative zero + return( 1 ); +} + typedef struct mbedtls_test_mpi_random { data_t *data; @@ -365,6 +377,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A, TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); if( result_read == 0 ) { + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write ); if( result_write == 0 ) { @@ -389,6 +402,7 @@ void mbedtls_mpi_read_binary( data_t * buf, int radix_A, char * input_A ) TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 ); TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 ); @@ -408,6 +422,7 @@ void mbedtls_mpi_read_binary_le( data_t * buf, int radix_A, char * input_A ) TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 ); TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 ); @@ -502,6 +517,7 @@ void mbedtls_mpi_read_file( int radix_X, char * input_file, if( result == 0 ) { + TEST_ASSERT( sign_is_valid( &X ) ); buflen = mbedtls_mpi_size( &X ); TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); @@ -572,6 +588,7 @@ void mbedtls_mpi_set_bit( int radix_X, char * input_X, int pos, int val, if( result == 0 ) { + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); } @@ -619,6 +636,7 @@ void mbedtls_mpi_gcd( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); exit: @@ -707,6 +725,7 @@ void mbedtls_mpi_copy_sint( int input_X, int input_Y ) TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 ); @@ -727,6 +746,7 @@ void mbedtls_mpi_copy_binary( data_t *input_X, data_t *input_Y ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); @@ -781,9 +801,11 @@ void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign, TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 0 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 ); TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 1 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); exit: @@ -809,10 +831,14 @@ void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign, TEST_ASSERT( mbedtls_mpi_copy( &YY, &Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &YY ) == 0 ); TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &XX ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &YY ) == 0 ); @@ -834,6 +860,8 @@ void mbedtls_mpi_swap_sint( int input_X, int input_Y ) TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_Y ) == 0 ); mbedtls_mpi_swap( &X, &Y ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_Y ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 ); @@ -855,6 +883,8 @@ void mbedtls_mpi_swap_binary( data_t *input_X, data_t *input_Y ) TEST_ASSERT( mbedtls_mpi_read_binary( &Y0, input_Y->x, input_Y->len ) == 0 ); mbedtls_mpi_swap( &X, &Y ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); @@ -874,6 +904,7 @@ void mpi_swap_self( data_t *input_X ) TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 ); mbedtls_mpi_swap( &X, &X ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); exit: @@ -892,15 +923,18 @@ void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); exit: @@ -920,13 +954,16 @@ void mbedtls_mpi_add_mpi_inplace( int radix_X, char * input_X, int radix_A, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); exit: @@ -946,15 +983,18 @@ void mbedtls_mpi_add_abs( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); exit: @@ -972,6 +1012,7 @@ void mbedtls_mpi_add_int( int radix_X, char * input_X, int input_Y, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); exit: @@ -990,15 +1031,18 @@ void mbedtls_mpi_sub_mpi( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); exit: @@ -1021,17 +1065,20 @@ void mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y, res = mbedtls_mpi_sub_abs( &Z, &X, &Y ); TEST_ASSERT( res == sub_result ); + TEST_ASSERT( sign_is_valid( &Z ) ); if( res == 0 ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); /* result == first operand */ TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result ); + TEST_ASSERT( sign_is_valid( &X ) ); if( sub_result == 0 ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); /* result == second operand */ TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result ); + TEST_ASSERT( sign_is_valid( &Y ) ); if( sub_result == 0 ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 ); @@ -1050,6 +1097,7 @@ void mbedtls_mpi_sub_int( int radix_X, char * input_X, int input_Y, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); exit: @@ -1068,6 +1116,7 @@ void mbedtls_mpi_mul_mpi( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); exit: @@ -1086,6 +1135,7 @@ void mbedtls_mpi_mul_int( int radix_X, char * input_X, int input_Y, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 ); + TEST_ASSERT( sign_is_valid( &Z ) ); if( strcmp( result_comparison, "==" ) == 0 ) TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); else if( strcmp( result_comparison, "!=" ) == 0 ) @@ -1116,6 +1166,8 @@ void mbedtls_mpi_div_mpi( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( res == div_result ); if( res == 0 ) { + TEST_ASSERT( sign_is_valid( &Q ) ); + TEST_ASSERT( sign_is_valid( &R ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 ); } @@ -1143,6 +1195,8 @@ void mbedtls_mpi_div_int( int radix_X, char * input_X, int input_Y, TEST_ASSERT( res == div_result ); if( res == 0 ) { + TEST_ASSERT( sign_is_valid( &Q ) ); + TEST_ASSERT( sign_is_valid( &R ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 ); } @@ -1169,6 +1223,7 @@ void mbedtls_mpi_mod_mpi( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( res == div_result ); if( res == 0 ) { + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); } @@ -1222,6 +1277,7 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, TEST_ASSERT( res == div_result ); if( res == 0 ) { + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); } @@ -1281,6 +1337,7 @@ void mbedtls_mpi_inv_mod( int radix_X, char * input_X, int radix_Y, TEST_ASSERT( res == div_result ); if( res == 0 ) { + TEST_ASSERT( sign_is_valid( &Z ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 ); } @@ -1356,6 +1413,7 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) TEST_ASSERT( actual_bits >= (size_t) bits ); TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, @@ -1385,6 +1443,7 @@ void mbedtls_mpi_shift_l( int radix_X, char * input_X, int shift_X, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); exit: @@ -1402,6 +1461,7 @@ void mbedtls_mpi_shift_r( int radix_X, char * input_X, int shift_X, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 ); TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); exit: @@ -1443,6 +1503,7 @@ void mpi_fill_random( int wanted_bytes, int rng_bytes, TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros == (size_t) wanted_bytes ); TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes ); + TEST_ASSERT( sign_is_valid( &X ) ); } exit: @@ -1500,6 +1561,7 @@ void mpi_random_many( int min, data_t *bound_bytes, int iterations ) TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound, mbedtls_test_rnd_std_rand, NULL ) ); + TEST_ASSERT( sign_is_valid( &result ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 ); TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 ); if( full_stats ) @@ -1581,6 +1643,7 @@ void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before ) bound_bytes->x, bound_bytes->len ) ); TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound, mbedtls_test_rnd_std_rand, NULL ) ); + TEST_ASSERT( sign_is_valid( &result ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 ); TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 ); From 77f55c9b00256fad59450b980364abc918427cfd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jun 2021 15:17:30 +0200 Subject: [PATCH 05/37] Overhaul testing of mbedtls_mpi_copy Replace the two test functions mbedtls_mpi_copy_sint (supporting signed inputs but always with exactly one limb) and mbedtls_mpi_copy_binary (supporting arbitrary-sized inputs but not negative inputs) by a single function that supports both arbitrary-sized inputs and arbitrary-signed inputs. This will allows testing combinations like negative source and zero-sized destination. Also generalize mpi_copy_self to support arbitrary inputs. Generate a new list of test cases systematically enumerating all possibilities among various categories: zero with 0 or 1 limb, negative or positive with 1 limb, negative or positive with >1 limb. I used the following Perl script: ``` sub rhs { $_ = $_[0]; s/bead/beef/; s/ca5cadedb01dfaceacc01ade/face1e55ca11ab1ecab005e5/; $_ } %v = ( "zero (null)" => "", "zero (1 limb)" => "0", "small positive" => "bead", "large positive" => "ca5cadedb01dfaceacc01ade", "small negative" => "-bead", "large negative" => "-ca5cadedb01dfaceacc01ade", ); foreach $s (sort keys %v) { foreach $d (sort keys %v) { printf "Copy %s to %s\nmbedtls_mpi_copy:\"%s\":\"%s\"\n\n", $s, $d, $v{$s}, rhs($v{$d}); } } foreach $s (sort keys %v) { printf "Copy self: %s\nmpi_copy_self:\"%s\"\n\n", $s, $v{$s}; } ``` Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 137 ++++++++++++++++++++++----- tests/suites/test_suite_mpi.function | 56 ++++------- 2 files changed, 133 insertions(+), 60 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index da357a196..8d61f7636 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -316,44 +316,131 @@ mbedtls_mpi_cmp_abs:10:"2":10:"-3":-1 Base test mbedtls_mpi_cmp_abs (Mix values) #3 mbedtls_mpi_cmp_abs:10:"-2":10:"1":1 -Copy zero (1 limb) to positive (1 limb) -mbedtls_mpi_copy_sint:0:1500 +Copy large negative to large negative +mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5" -Copy zero (1 limb) to negative (1 limb) -mbedtls_mpi_copy_sint:0:-1500 +Copy large negative to large positive +mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5" -Copy positive (1 limb) to zero (1 limb) -mbedtls_mpi_copy_sint:1500:0 +Copy large negative to small negative +mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-beef" -Copy negative (1 limb) to zero (1 limb) -mbedtls_mpi_copy_sint:-1500:0 +Copy large negative to small positive +mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"beef" -Copy positive (1 limb) to negative (1 limb) -mbedtls_mpi_copy_sint:1500:-42 +Copy large negative to zero (1 limb) +mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"0" -Copy negative (1 limb) to positive (1 limb) -mbedtls_mpi_copy_sint:-42:1500 +Copy large negative to zero (null) +mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"" + +Copy large positive to large negative +mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5" + +Copy large positive to large positive +mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5" + +Copy large positive to small negative +mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-beef" + +Copy large positive to small positive +mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"beef" + +Copy large positive to zero (1 limb) +mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"0" + +Copy large positive to zero (null) +mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"" + +Copy small negative to large negative +mbedtls_mpi_copy:"-bead":"-face1e55ca11ab1ecab005e5" + +Copy small negative to large positive +mbedtls_mpi_copy:"-bead":"face1e55ca11ab1ecab005e5" + +Copy small negative to small negative +mbedtls_mpi_copy:"-bead":"-beef" + +Copy small negative to small positive +mbedtls_mpi_copy:"-bead":"beef" + +Copy small negative to zero (1 limb) +mbedtls_mpi_copy:"-bead":"0" + +Copy small negative to zero (null) +mbedtls_mpi_copy:"-bead":"" + +Copy small positive to large negative +mbedtls_mpi_copy:"bead":"-face1e55ca11ab1ecab005e5" + +Copy small positive to large positive +mbedtls_mpi_copy:"bead":"face1e55ca11ab1ecab005e5" + +Copy small positive to small negative +mbedtls_mpi_copy:"bead":"-beef" + +Copy small positive to small positive +mbedtls_mpi_copy:"bead":"beef" + +Copy small positive to zero (1 limb) +mbedtls_mpi_copy:"bead":"0" + +Copy small positive to zero (null) +mbedtls_mpi_copy:"bead":"" + +Copy zero (1 limb) to large negative +mbedtls_mpi_copy:"0":"-face1e55ca11ab1ecab005e5" + +Copy zero (1 limb) to large positive +mbedtls_mpi_copy:"0":"face1e55ca11ab1ecab005e5" + +Copy zero (1 limb) to small negative +mbedtls_mpi_copy:"0":"-beef" + +Copy zero (1 limb) to small positive +mbedtls_mpi_copy:"0":"beef" + +Copy zero (1 limb) to zero (1 limb) +mbedtls_mpi_copy:"0":"0" + +Copy zero (1 limb) to zero (null) +mbedtls_mpi_copy:"0":"" + +Copy zero (null) to large negative +mbedtls_mpi_copy:"":"-face1e55ca11ab1ecab005e5" + +Copy zero (null) to large positive +mbedtls_mpi_copy:"":"face1e55ca11ab1ecab005e5" + +Copy zero (null) to small negative +mbedtls_mpi_copy:"":"-beef" + +Copy zero (null) to small positive +mbedtls_mpi_copy:"":"beef" + +Copy zero (null) to zero (1 limb) +mbedtls_mpi_copy:"":"0" Copy zero (null) to zero (null) -mbedtls_mpi_copy_binary:"":"" +mbedtls_mpi_copy:"":"" -Copy zero (null) to positive (1 limb) -mbedtls_mpi_copy_binary:"":"1234" +Copy self: large negative +mpi_copy_self:"-ca5cadedb01dfaceacc01ade" -Copy positive (1 limb) to zero (null) -mbedtls_mpi_copy_binary:"1234":"" +Copy self: large positive +mpi_copy_self:"ca5cadedb01dfaceacc01ade" -Copy positive to larger -mbedtls_mpi_copy_binary:"bead":"ca5cadedb01dfaceacc01ade" +Copy self: small negative +mpi_copy_self:"-bead" -Copy positive to smaller -mbedtls_mpi_copy_binary:"ca5cadedb01dfaceacc01ade":"bead" - -Copy self: positive (1 limb) -mpi_copy_self:14 +Copy self: small positive +mpi_copy_self:"bead" Copy self: zero (1 limb) -mpi_copy_self:0 +mpi_copy_self:"0" + +Copy self: zero (null) +mpi_copy_self:"" Swap zero (1 limb) with positive (1 limb) mbedtls_mpi_swap_sint:0:1500 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 8b37c02b3..8b8eef287 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -716,56 +716,42 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_copy_sint( int input_X, int input_Y ) +void mbedtls_mpi_copy( char *src_hex, char *dst_hex ) { - mbedtls_mpi X, Y; - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); + mbedtls_mpi src, dst; + mbedtls_mpi_init( &src ); + mbedtls_mpi_init( &dst ); - TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &src, 16, src_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 ); - TEST_ASSERT( sign_is_valid( &Y ) ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 ); + TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 ); + + TEST_ASSERT( sign_is_valid( &dst ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); + mbedtls_mpi_free( &src ); + mbedtls_mpi_free( &dst ); } /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_mpi_copy_binary( data_t *input_X, data_t *input_Y ) +void mpi_copy_self( char *input_X ) { - mbedtls_mpi X, Y, X0; - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &X0 ); - - TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_binary( &Y, input_Y->x, input_Y->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 ); - TEST_ASSERT( sign_is_valid( &Y ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); - -exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &X0 ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void mpi_copy_self( int input_X ) -{ - mbedtls_mpi X; + mbedtls_mpi X, A; + mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); - TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 ); TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 ); + + TEST_ASSERT( mbedtls_test_read_mpi( &A, 16, input_X ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 ); exit: + mbedtls_mpi_free( &A ); mbedtls_mpi_free( &X ); } /* END_CASE */ From d382c289764f19d9a718651785582c41f5dd316d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jun 2021 22:29:57 +0200 Subject: [PATCH 06/37] Overhaul testing of mbedtls_mpi_swap Similarly to "Overhaul testing of mbedtls_mpi_copy", simplify the code to test mbedtls_mpi_swap to have just one function for distinct MPIs and one function for swapping an MPI with itself, covering all cases of size (0, 1, >1) and sign (>0, <0). The test cases are exactly the same as for mbedtls_mpi_copy with the following replacements: * `Copy` -> `Swap` * ` to ` -> ` with ` * `_copy` -> `_swap` Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 135 ++++++++++++++++++++++----- tests/suites/test_suite_mpi.function | 106 +++++++++------------ 2 files changed, 153 insertions(+), 88 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 8d61f7636..baaa091c8 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -442,43 +442,130 @@ mpi_copy_self:"0" Copy self: zero (null) mpi_copy_self:"" -Swap zero (1 limb) with positive (1 limb) -mbedtls_mpi_swap_sint:0:1500 +Swap large negative with large negative +mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5" -Swap zero (1 limb) with negative (1 limb) -mbedtls_mpi_swap_sint:0:-1500 +Swap large negative with large positive +mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5" -Swap positive (1 limb) with zero (1 limb) -mbedtls_mpi_swap_sint:1500:0 +Swap large negative with small negative +mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-beef" -Swap negative (1 limb) with zero (1 limb) -mbedtls_mpi_swap_sint:-1500:0 +Swap large negative with small positive +mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"beef" -Swap positive (1 limb) with negative (1 limb) -mbedtls_mpi_swap_sint:1500:-42 +Swap large negative with zero (1 limb) +mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"0" -Swap negative (1 limb) with positive (1 limb) -mbedtls_mpi_swap_sint:-42:1500 +Swap large negative with zero (null) +mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"" + +Swap large positive with large negative +mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5" + +Swap large positive with large positive +mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5" + +Swap large positive with small negative +mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-beef" + +Swap large positive with small positive +mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"beef" + +Swap large positive with zero (1 limb) +mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"0" + +Swap large positive with zero (null) +mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"" + +Swap small negative with large negative +mbedtls_mpi_swap:"-bead":"-face1e55ca11ab1ecab005e5" + +Swap small negative with large positive +mbedtls_mpi_swap:"-bead":"face1e55ca11ab1ecab005e5" + +Swap small negative with small negative +mbedtls_mpi_swap:"-bead":"-beef" + +Swap small negative with small positive +mbedtls_mpi_swap:"-bead":"beef" + +Swap small negative with zero (1 limb) +mbedtls_mpi_swap:"-bead":"0" + +Swap small negative with zero (null) +mbedtls_mpi_swap:"-bead":"" + +Swap small positive with large negative +mbedtls_mpi_swap:"bead":"-face1e55ca11ab1ecab005e5" + +Swap small positive with large positive +mbedtls_mpi_swap:"bead":"face1e55ca11ab1ecab005e5" + +Swap small positive with small negative +mbedtls_mpi_swap:"bead":"-beef" + +Swap small positive with small positive +mbedtls_mpi_swap:"bead":"beef" + +Swap small positive with zero (1 limb) +mbedtls_mpi_swap:"bead":"0" + +Swap small positive with zero (null) +mbedtls_mpi_swap:"bead":"" + +Swap zero (1 limb) with large negative +mbedtls_mpi_swap:"0":"-face1e55ca11ab1ecab005e5" + +Swap zero (1 limb) with large positive +mbedtls_mpi_swap:"0":"face1e55ca11ab1ecab005e5" + +Swap zero (1 limb) with small negative +mbedtls_mpi_swap:"0":"-beef" + +Swap zero (1 limb) with small positive +mbedtls_mpi_swap:"0":"beef" + +Swap zero (1 limb) with zero (1 limb) +mbedtls_mpi_swap:"0":"0" + +Swap zero (1 limb) with zero (null) +mbedtls_mpi_swap:"0":"" + +Swap zero (null) with large negative +mbedtls_mpi_swap:"":"-face1e55ca11ab1ecab005e5" + +Swap zero (null) with large positive +mbedtls_mpi_swap:"":"face1e55ca11ab1ecab005e5" + +Swap zero (null) with small negative +mbedtls_mpi_swap:"":"-beef" + +Swap zero (null) with small positive +mbedtls_mpi_swap:"":"beef" + +Swap zero (null) with zero (1 limb) +mbedtls_mpi_swap:"":"0" Swap zero (null) with zero (null) -mbedtls_mpi_swap_binary:"":"" +mbedtls_mpi_swap:"":"" -Swap zero (null) with positive (1 limb) -mbedtls_mpi_swap_binary:"":"1234" +Swap self: large negative +mpi_swap_self:"-ca5cadedb01dfaceacc01ade" -Swap positive (1 limb) with zero (null) -mbedtls_mpi_swap_binary:"1234":"" +Swap self: large positive +mpi_swap_self:"ca5cadedb01dfaceacc01ade" -Swap positive with larger -mbedtls_mpi_swap_binary:"bead":"ca5cadedb01dfaceacc01ade" +Swap self: small negative +mpi_swap_self:"-bead" -Swap positive with smaller -mbedtls_mpi_swap_binary:"ca5cadedb01dfaceacc01ade":"bead" +Swap self: small positive +mpi_swap_self:"bead" -Swap self: 1 limb -mpi_swap_self:"face" +Swap self: zero (1 limb) +mpi_swap_self:"0" -Swap self: null +Swap self: zero (null) mpi_swap_self:"" Shrink 2 limbs in a buffer of size 2 to 4 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 8b8eef287..9992c0b0f 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -756,6 +756,48 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_mpi_swap( char *X_hex, char *Y_hex ) +{ + mbedtls_mpi X, Y, X0, Y0; + mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); + mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 ); + + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y0, 16, Y_hex ) == 0 ); + + mbedtls_mpi_swap( &X, &Y ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); + +exit: + mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); + mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mpi_swap_self( char *X_hex ) +{ + mbedtls_mpi X, X0; + mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 ); + + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 ); + + mbedtls_mpi_swap( &X, &X ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); + +exit: + mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_mpi_shrink( int before, int used, int min, int after ) { @@ -834,70 +876,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void mbedtls_mpi_swap_sint( int input_X, int input_Y ) -{ - mbedtls_mpi X, Y; - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - - TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_Y ) == 0 ); - - mbedtls_mpi_swap( &X, &Y ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( sign_is_valid( &Y ) ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_Y ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 ); - -exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void mbedtls_mpi_swap_binary( data_t *input_X, data_t *input_Y ) -{ - mbedtls_mpi X, Y, X0, Y0; - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 ); - - TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_binary( &Y, input_Y->x, input_Y->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_binary( &Y0, input_Y->x, input_Y->len ) == 0 ); - - mbedtls_mpi_swap( &X, &Y ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( sign_is_valid( &Y ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); - -exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); - mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void mpi_swap_self( data_t *input_X ) -{ - mbedtls_mpi X, X0; - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 ); - - TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 ); - - mbedtls_mpi_swap( &X, &X ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); - -exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 ); -} -/* END_CASE */ - /* BEGIN_CASE */ void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y, char * input_Y, int radix_A, char * input_A ) From 502316724f7a62dcfb98685887b4a4aa2ec853b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jun 2021 23:00:33 +0200 Subject: [PATCH 07/37] Test mbedtls_mpi_safe_cond_{assign,swap} with the basic functions Test mbedtls_mpi_safe_cond_assign() and mbedtls_mpi_safe_cond_swap() with their "unsafe" counterparts mbedtls_mpi_copy() and mbedtls_mpi_swap(). This way we don't need to repeat the coverage of test cases. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 36 --------- tests/suites/test_suite_mpi.function | 111 +++++++++++---------------- 2 files changed, 45 insertions(+), 102 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index baaa091c8..13237e4d3 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -592,42 +592,6 @@ mbedtls_mpi_shrink:4:1:0:1 Shrink 0 limbs in a buffer of size 4 to 0 yielding 1 mbedtls_mpi_shrink:4:0:0:1 -Test mbedtls_mpi_safe_cond_assign #1 -mbedtls_mpi_safe_cond_assign:+1:"01":+1:"02" - -Test mbedtls_mpi_safe_cond_assign #2 -mbedtls_mpi_safe_cond_assign:+1:"FF000000000000000001":+1:"02" - -Test mbedtls_mpi_safe_cond_assign #3 -mbedtls_mpi_safe_cond_assign:+1:"01":+1:"FF000000000000000002" - -Test mbedtls_mpi_safe_cond_assign #4 -mbedtls_mpi_safe_cond_assign:+1:"01":-1:"02" - -Test mbedtls_mpi_safe_cond_assign #5 -mbedtls_mpi_safe_cond_assign:-1:"01":+1:"02" - -Test mbedtls_mpi_safe_cond_assign #6 -mbedtls_mpi_safe_cond_assign:-1:"01":-1:"02" - -Test mbedtls_mpi_safe_cond_swap #1 -mbedtls_mpi_safe_cond_swap:+1:"01":+1:"02" - -Test mbedtls_mpi_safe_cond_swap #2 -mbedtls_mpi_safe_cond_swap:+1:"FF000000000000000001":+1:"02" - -Test mbedtls_mpi_safe_cond_swap #3 -mbedtls_mpi_safe_cond_swap:+1:"01":+1:"FF000000000000000002" - -Test mbedtls_mpi_safe_cond_swap #4 -mbedtls_mpi_safe_cond_swap:+1:"01":-1:"02" - -Test mbedtls_mpi_safe_cond_swap #5 -mbedtls_mpi_safe_cond_swap:-1:"01":+1:"02" - -Test mbedtls_mpi_safe_cond_swap #6 -mbedtls_mpi_safe_cond_swap:-1:"01":-1:"02" - Base test mbedtls_mpi_add_abs #1 mbedtls_mpi_add_abs:10:"12345678":10:"642531":10:"12988209" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 9992c0b0f..18ca6d249 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -718,21 +718,38 @@ exit: /* BEGIN_CASE */ void mbedtls_mpi_copy( char *src_hex, char *dst_hex ) { - mbedtls_mpi src, dst; + mbedtls_mpi src, dst, ref; mbedtls_mpi_init( &src ); mbedtls_mpi_init( &dst ); + mbedtls_mpi_init( &ref ); TEST_ASSERT( mbedtls_test_read_mpi( &src, 16, src_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &ref, 16, dst_hex ) == 0 ); + + /* mbedtls_mpi_copy() */ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); - TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 ); - TEST_ASSERT( sign_is_valid( &dst ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); + /* mbedtls_mpi_safe_cond_assign(), assignment done */ + mbedtls_mpi_free( &dst ); + TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 ); + TEST_ASSERT( sign_is_valid( &dst ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 ); + + /* mbedtls_mpi_safe_cond_assign(), assignment not done */ + mbedtls_mpi_free( &dst ); + TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 ); + TEST_ASSERT( sign_is_valid( &dst ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 ); + exit: mbedtls_mpi_free( &src ); mbedtls_mpi_free( &dst ); + mbedtls_mpi_free( &ref ); } /* END_CASE */ @@ -763,17 +780,40 @@ void mbedtls_mpi_swap( char *X_hex, char *Y_hex ) mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 ); - TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); - TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &Y0, 16, Y_hex ) == 0 ); + /* mbedtls_mpi_swap() */ + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); mbedtls_mpi_swap( &X, &Y ); TEST_ASSERT( sign_is_valid( &X ) ); TEST_ASSERT( sign_is_valid( &Y ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); + /* mbedtls_mpi_safe_cond_swap(), swap done */ + mbedtls_mpi_free( &X ); + mbedtls_mpi_free( &Y ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 ); + + /* mbedtls_mpi_safe_cond_swap(), swap not done */ + mbedtls_mpi_free( &X ); + mbedtls_mpi_free( &Y ); + TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 ); + TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 ); + TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 ); + TEST_ASSERT( sign_is_valid( &X ) ); + TEST_ASSERT( sign_is_valid( &Y ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 ); + exit: mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 ); @@ -815,67 +855,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign, - char * y_str ) -{ - mbedtls_mpi X, Y, XX; - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX ); - - TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x_str ) == 0 ); - X.s = x_sign; - TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y_str ) == 0 ); - Y.s = y_sign; - TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 0 ) == 0 ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 1 ) == 0 ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 ); - -exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &XX ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign, - char * y_str ) -{ - mbedtls_mpi X, Y, XX, YY; - - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); - mbedtls_mpi_init( &XX ); mbedtls_mpi_init( &YY ); - - TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x_str ) == 0 ); - X.s = x_sign; - TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y_str ) == 0 ); - Y.s = y_sign; - - TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 ); - TEST_ASSERT( mbedtls_mpi_copy( &YY, &Y ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( sign_is_valid( &Y ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &YY ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 ); - TEST_ASSERT( sign_is_valid( &X ) ); - TEST_ASSERT( sign_is_valid( &Y ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &XX ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &YY ) == 0 ); - -exit: - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); - mbedtls_mpi_free( &XX ); mbedtls_mpi_free( &YY ); -} -/* END_CASE */ - /* BEGIN_CASE */ void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y, char * input_Y, int radix_A, char * input_A ) From 673d3eaa08420060cef0641127cb8fb80360b51d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 10:52:12 +0200 Subject: [PATCH 08/37] Add some GCD tests Add GCD tests with negative arguments and with large non-co-prime arguments. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 41 +++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 13237e4d3..1dfdbedb5 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -900,9 +900,48 @@ mbedtls_mpi_gcd:10:"1764":10:"868":10:"28" Base test GCD #3 mbedtls_mpi_gcd:10:"768454923":10:"542167814":10:"1" -Test GCD #1 +Test GCD #1: A > 0, B > 0 mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" +Test GCD #1 with A > B +mbedtls_mpi_gcd:10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"1" + +Test GCD #1: A > 0, B < 0 +mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" + +Test GCD #1: A < 0, B > 0 +mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" + +Test GCD #1: A < 0, B < 0 +mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" + +Test GCD #2 +mbedtls_mpi_gcd:10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"2" + +Test GCD #2 with A > B +mbedtls_mpi_gcd:10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"2" + +Test GCD #3 +mbedtls_mpi_gcd:10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"3" + +Test GCD #3 with A > B +mbedtls_mpi_gcd:10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"3" + +Test GCD #4 +mbedtls_mpi_gcd:10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"4" + +Test GCD #4 with A > B +mbedtls_mpi_gcd:10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"4" + +Test GCD #6 +mbedtls_mpi_gcd:10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"6" + +Test GCD #5 (A = B) +mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847" + +Test GCD #6 with A > B +mbedtls_mpi_gcd:10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"6" + Base test mbedtls_mpi_inv_mod #1 mbedtls_mpi_inv_mod:10:"3":10:"11":10:"4":0 From 1c6d6be355c0f677400f7af2976c3e70fcac2911 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 18:28:35 +0200 Subject: [PATCH 09/37] mbedtls_mpi_exp_mod test: don't read RR from test data Remove the RR parameter to the mbedtls_mpi_exp_mod test function. It was never used in the test data, so there is no loss of functionality. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 18 +++++++++--------- tests/suites/test_suite_mpi.function | 6 +----- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 1dfdbedb5..2821db46a 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -845,22 +845,22 @@ Base test mbedtls_mpi_mod_int #8 (By 2) mbedtls_mpi_mod_int:10:"1000":2:0:0 Base test mbedtls_mpi_exp_mod #1 -mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"":10:"24":0 +mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0 Base test mbedtls_mpi_exp_mod #2 (Even N) -mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Base test mbedtls_mpi_exp_mod #3 (Negative N) -mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Base test mbedtls_mpi_exp_mod #4 (Negative base) -mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"":10:"5":0 +mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"5":0 Base test mbedtls_mpi_exp_mod #5 (Negative exponent) -mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent) -mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_exp_mod: MAX_SIZE exponent mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:10:"":0 @@ -882,14 +882,14 @@ mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:MBEDTLS_MPI_MAX_SIZE + 1:10: Test mbedtls_mpi_exp_mod #1 depends_on:MPI_MAX_BITS_LARGER_THAN_792 -mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0 +mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0 Test mbedtls_mpi_exp_mod (Negative base) [#1] -mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0 +mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"1":0 Test mbedtls_mpi_exp_mod (Negative base) [#2] depends_on:MPI_MAX_BITS_LARGER_THAN_792 -mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0 +mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0 Base test GCD #1 mbedtls_mpi_gcd:10:"693":10:"609":10:"21" diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 18ca6d249..b13428f91 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -1200,8 +1200,7 @@ exit: /* BEGIN_CASE */ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, char * input_E, int radix_N, char * input_N, - int radix_RR, char * input_RR, int radix_X, - char * input_X, int div_result ) + int radix_X, char * input_X, int div_result ) { mbedtls_mpi A, E, N, RR, Z, X; int res; @@ -1213,9 +1212,6 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); - if( strlen( input_RR ) ) - TEST_ASSERT( mbedtls_test_read_mpi( &RR, radix_RR, input_RR ) == 0 ); - res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); TEST_ASSERT( res == div_result ); if( res == 0 ) From 4cc8021a007f493962aa0bbd3102ea3ed373d881 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 18:31:35 +0200 Subject: [PATCH 10/37] Test mbedtls_mpi_exp_mod both with and without _RR mbedtls_mpi_exp_mod can be called in three ways regarding the speed-up parameter _RR: null (unused), zero (will be updated), nonzero (will be used). Systematically test all three. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.function | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b13428f91..a622a4e43 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -1212,6 +1212,24 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); + res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL ); + TEST_ASSERT( res == div_result ); + if( res == 0 ) + { + TEST_ASSERT( sign_is_valid( &Z ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); + } + + /* Now test again with the speed-up parameter supplied as an output. */ + res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); + TEST_ASSERT( res == div_result ); + if( res == 0 ) + { + TEST_ASSERT( sign_is_valid( &Z ) ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 ); + } + + /* Now test again with the speed-up parameter supplied in calculated form. */ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); TEST_ASSERT( res == div_result ); if( res == 0 ) From bcfc83f7c846f858ab66c8096c98d940fcb6504a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Jun 2021 23:01:13 +0200 Subject: [PATCH 11/37] Add many test cases involving 0 Test both 0 represented with 0 limbs ("0 (null)") and 0 represented with 1 limb ("0 (1 limb)"), because occasionally there are bugs with 0-limb bignums and occasionally there are bugs with removing leading zero limbs. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 319 +++++++++++++++++++++++++++ tests/suites/test_suite_mpi.function | 3 +- 2 files changed, 321 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 2821db46a..09ac023cb 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -121,6 +121,12 @@ mbedtls_mpi_read_file:10:"data_files/mpi_too_big":"":MBEDTLS_ERR_MPI_BUFFER_TOO_ Base test mbedtls_mpi_write_file #1 mbedtls_mpi_write_file:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"data_files/mpi_write" +Test mbedtls_mpi_lsb: 0 (null) +mbedtls_mpi_lsb:16:"":0 + +Test mbedtls_mpi_lsb: 0 (1 limb) +mbedtls_mpi_lsb:16:"0":0 + Base test mbedtls_mpi_lsb #1 mbedtls_mpi_lsb:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":2 @@ -151,6 +157,9 @@ mbedtls_mpi_bitlen:10:"16":5 Base test mbedtls_mpi_bitlen #6 mbedtls_mpi_bitlen:10:"10":4 +Base test mbedtls_mpi_bitlen: 0 (null) +mbedtls_mpi_bitlen:10:"":0 + Base test mbedtls_mpi_bitlen: 0 (1 limb) mbedtls_mpi_bitlen:10:"0":0 @@ -199,6 +208,30 @@ mbedtls_mpi_cmp_mpi:10:"2":10:"-3":1 Base test mbedtls_mpi_cmp_mpi (Mixed values) #6 mbedtls_mpi_cmp_mpi:10:"-2":10:"31231231289798":-1 +Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (null) +mbedtls_mpi_cmp_mpi:10:"":10:"":0 + +Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (1 limb) +mbedtls_mpi_cmp_mpi:10:"":10:"0":0 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (null) +mbedtls_mpi_cmp_mpi:10:"0":10:"":0 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (1 limb) +mbedtls_mpi_cmp_mpi:10:"0":10:"0":0 + +Test mbedtls_mpi_cmp_mpi: 0 < positive +mbedtls_mpi_cmp_mpi:10:"0":10:"123":-1 + +Test mbedtls_mpi_cmp_mpi: 0 > negative +mbedtls_mpi_cmp_mpi:10:"0":10:"-123":1 + +Test mbedtls_mpi_cmp_mpi: positive > 0 +mbedtls_mpi_cmp_mpi:10:"123":10:"":1 + +Test mbedtls_mpi_cmp_mpi: negative < 0 +mbedtls_mpi_cmp_mpi:10:"-123":10:"":-1 + Base test mbedtls_mpi_lt_mpi_ct #1 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 @@ -232,6 +265,9 @@ mbedtls_mpi_lt_mpi_ct:3:"2B5":2:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA Base test mbedtls_mpi_lt_mpi_ct (Y is longer in storage) mbedtls_mpi_lt_mpi_ct:3:"2B5":4:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Base test mbedtls_mpi_lt_mpi_ct (length=0) +mbedtls_mpi_lt_mpi_ct:0:"":0:"":0:0 + Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #1 mbedtls_mpi_lt_mpi_ct:2:"7FFFFFFFFFFFFFFF":2:"FF":0:0 @@ -304,6 +340,15 @@ mbedtls_mpi_cmp_abs:10:"-2":10:"-3":-1 Base test mbedtls_mpi_cmp_abs (Negative values) #3 mbedtls_mpi_cmp_abs:10:"-2":10:"-1":1 +Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (null) +mbedtls_mpi_cmp_abs:10:"":10:"":0 + +Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (1 limb) +mbedtls_mpi_cmp_abs:10:"":10:"0":0 + +Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (null) +mbedtls_mpi_cmp_abs:10:"0":10:"":0 + Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (1 limb) mbedtls_mpi_cmp_abs:10:"0":10:"0":0 @@ -568,6 +613,9 @@ mpi_swap_self:"0" Swap self: zero (null) mpi_swap_self:"" +Shrink 0 limbs in a buffer of size 0 to 0 +mbedtls_mpi_shrink:0:0:0:0 + Shrink 2 limbs in a buffer of size 2 to 4 mbedtls_mpi_shrink:2:2:4:4 @@ -604,6 +652,15 @@ mbedtls_mpi_add_abs:10:"12345678":10:"-642531":10:"12988209" Base test mbedtls_mpi_add_abs #4 mbedtls_mpi_add_abs:10:"-12345678":10:"-642531":10:"12988209" +Test mbedtls_mpi_add_abs: 0 + 0 +mbedtls_mpi_add_abs:16:"":16:"":16:"" + +Test mbedtls_mpi_add_abs: 0 + 1 +mbedtls_mpi_add_abs:16:"":16:"01":16:"01" + +Test mbedtls_mpi_add_abs: 1 + 0 +mbedtls_mpi_add_abs:16:"01":16:"":16:"01" + Test mbedtls_mpi_add_abs #1 mbedtls_mpi_add_abs:10:"-643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924" @@ -625,6 +682,21 @@ mbedtls_mpi_add_mpi:10:"12345678":10:"-642531":10:"11703147" Base test mbedtls_mpi_add_mpi #4 mbedtls_mpi_add_mpi:10:"-12345678":10:"-642531":10:"-12988209" +Test mbedtls_mpi_add_mpi: 0 + 0 +mbedtls_mpi_add_mpi:16:"":16:"":16:"" + +Test mbedtls_mpi_add_mpi: 0 + 1 +mbedtls_mpi_add_mpi:16:"":16:"01":16:"01" + +Test mbedtls_mpi_add_mpi: 1 + 0 +mbedtls_mpi_add_mpi:16:"01":16:"":16:"01" + +Test mbedtls_mpi_add_mpi: 0 + -1 +mbedtls_mpi_add_mpi:16:"":16:"-01":16:"-01" + +Test mbedtls_mpi_add_mpi: -1 + 0 +mbedtls_mpi_add_mpi:16:"-01":16:"":16:"-01" + Test mbedtls_mpi_add_mpi #1 mbedtls_mpi_add_mpi:10:"203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123":10:"531872289054204184185084734375133399408303613982130856645299464930952178606045848877129147820387996428175564228204785846141207532462936339834139412401975338705794646595487324365194792822189473092273993580587964571659678084484152603881094176995594813302284232006001752128168901293560051833646881436219":10:"735829167410606161590850601304167976688497607296479119740072111384235241328747126510065763883532084601487937110881909725679916932621242907172467691556475037071866553361927361439411910627880345885122142692610250903804554267860479115964668998643528806263534149325837971432443181537363155848647445226342" @@ -646,6 +718,12 @@ mbedtls_mpi_add_int:10:"20395687835640197740576586692903457728019399331434826309 Test mbedtls_mpi_add_int #2 mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097" +Test mbedtls_mpi_add_int: 0 (null) + 0 +mbedtls_mpi_add_int:16:"":0:16:"" + +Test mbedtls_mpi_add_int: 0 (null) + 1 +mbedtls_mpi_add_int:16:"":1:16:"1" + Base test mbedtls_mpi_sub_abs #1 (|B| > |A|) mbedtls_mpi_sub_abs:10:"5":10:"7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE @@ -682,6 +760,24 @@ mbedtls_mpi_sub_abs:10:"-7":10:"5":10:"2":0 Base test mbedtls_mpi_sub_abs #4 mbedtls_mpi_sub_abs:10:"7":10:"-5":10:"2":0 +Test mbedtls_mpi_sub_abs: 0 (null) - 0 (null) +mbedtls_mpi_sub_abs:16:"":16:"":16:"":0 + +Test mbedtls_mpi_sub_abs: 0 (null) - 0 (1 limb) +mbedtls_mpi_sub_abs:16:"":16:"00":16:"":0 + +Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (null) +mbedtls_mpi_sub_abs:16:"00":16:"":16:"":0 + +Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (1 limb) +mbedtls_mpi_sub_abs:16:"00":16:"00":16:"":0 + +Test mbedtls_mpi_sub_abs: 1 - 0 (null) +mbedtls_mpi_sub_abs:16:"01":16:"":16:"01":0 + +Test mbedtls_mpi_sub_abs: 0 (null) - 1 +mbedtls_mpi_sub_abs:16:"":16:"01":16:"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE + Test mbedtls_mpi_sub_abs #1 mbedtls_mpi_sub_abs:16:"FFFFFFFFFF":16:"01":16:"FFFFFFFFFE":0 @@ -706,6 +802,27 @@ mbedtls_mpi_sub_mpi:10:"-5":10:"7":10:"-12" Base test mbedtls_mpi_sub_mpi #4 (Test with negative subtraction) mbedtls_mpi_sub_mpi:10:"5":10:"-7":10:"12" +Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (null) +mbedtls_mpi_sub_mpi:16:"":16:"":16:"" + +Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (1 limb) +mbedtls_mpi_sub_mpi:16:"":16:"00":16:"" + +Test mbedtls_mpi_sub_mpi: 0 (null) - 1 +mbedtls_mpi_sub_mpi:16:"":16:"1":16:"-1" + +Test mbedtls_mpi_sub_mpi: 0 (null) - -1 +mbedtls_mpi_sub_mpi:16:"":16:"-1":16:"1" + +Test mbedtls_mpi_sub_mpi: 0 (1 limb) - 0 (null) +mbedtls_mpi_sub_mpi:16:"00":16:"":16:"" + +Test mbedtls_mpi_sub_mpi: 1 - 0 (null) +mbedtls_mpi_sub_mpi:16:"1":16:"":16:"1" + +Test mbedtls_mpi_sub_mpi: -1 - 0 (null) +mbedtls_mpi_sub_mpi:16:"-1":16:"":16:"-1" + Test mbedtls_mpi_sub_mpi #1 mbedtls_mpi_sub_mpi:10:"531872289054204184185084734375133399408303613982130856645299464930952178606045848877129147820387996428175564228204785846141207532462936339834139412401975338705794646595487324365194792822189473092273993580587964571659678084484152603881094176995594813302284232006001752128168901293560051833646881436219":10:"203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123":10:"327915410697802206779318867446098822128109620667782593550526818477669115883344571244192531757243908254863191345527661966602498132304629772495811133247475640339722739829047287290977675016498600299425844468565678239514801901107826091797519355347660820341034314686165532823894621049756947818646317646096" @@ -718,12 +835,30 @@ mbedtls_mpi_sub_int:10:"20395687835640197740576586692903457728019399331434826309 Test mbedtls_mpi_sub_int #2 mbedtls_mpi_sub_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097" +Test mbedtls_mpi_sub_int: 0 (null) - 0 +mbedtls_mpi_sub_int:16:"":0:16:"" + +Test mbedtls_mpi_sub_int: 0 (null) - 1 +mbedtls_mpi_sub_int:16:"":1:16:"-1" + +Test mbedtls_mpi_sub_int: 0 (null) - -1 +mbedtls_mpi_sub_int:16:"":-1:16:"1" + Test mbedtls_mpi_shift_l #1 mbedtls_mpi_shift_l:10:"64":1:10:"128" Test mbedtls_mpi_shift_l #2 mbedtls_mpi_shift_l:10:"658385546911733550164516088405238961461880256029834598831972039469421755117818013653494814438931957316403111689187691446941406788869098983929874080332195117465344344350008880118042764943201875870917468833709791733282363323948005998269792207":37:10:"90487820548639020691922304619723076305400961610119884872723190678642804168382367856686134531865643066983017249846286450251272364365605022750900439437595355052945035915579216557330505438734955340526145476988250171181404966718289259743378883640981192704" +Test mbedtls_mpi_shift_l: 0 (null) <<= 0 +mbedtls_mpi_shift_l:16:"":1:16:"" + +Test mbedtls_mpi_shift_l: 0 (null) <<= 1 +mbedtls_mpi_shift_l:16:"":1:16:"" + +Test mbedtls_mpi_shift_l: 0 (null) <<= 64 +mbedtls_mpi_shift_l:16:"":64:16:"" + Test mbedtls_mpi_shift_r #1 mbedtls_mpi_shift_r:10:"128":1:10:"64" @@ -742,6 +877,15 @@ mbedtls_mpi_shift_r:16:"FFFFFFFFFFFFFFFF":65:16:"00" Test mbedtls_mpi_shift_r #7 mbedtls_mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00" +Test mbedtls_mpi_shift_r: 0 (null) >>= 0 +mbedtls_mpi_shift_r:16:"":0:16:"" + +Test mbedtls_mpi_shift_r: 0 (null) >>= 1 +mbedtls_mpi_shift_r:16:"":1:16:"" + +Test mbedtls_mpi_shift_r: 0 (null) >>= 64 +mbedtls_mpi_shift_r:16:"":64:16:"" + Base test mbedtls_mpi_mul_mpi #1 mbedtls_mpi_mul_mpi:10:"5":10:"7":10:"35" @@ -754,6 +898,27 @@ mbedtls_mpi_mul_mpi:10:"5":10:"-7":10:"-35" Base test mbedtls_mpi_mul_mpi #4 mbedtls_mpi_mul_mpi:10:"-5":10:"-7":10:"35" +Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (null) +mbedtls_mpi_mul_mpi:16:"":16:"":16:"" + +Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (1 limb) +mbedtls_mpi_mul_mpi:16:"":16:"00":16:"" + +Test mbedtls_mpi_mul_mpi: 0 (null) * 1 +mbedtls_mpi_mul_mpi:16:"":16:"01":16:"" + +Test mbedtls_mpi_mul_mpi: 0 (null) * -1 +mbedtls_mpi_mul_mpi:16:"":16:"-01":16:"" + +Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null) +mbedtls_mpi_mul_mpi:16:"":16:"00":16:"" + +Test mbedtls_mpi_mul_mpi: 1 * 0 (null) +mbedtls_mpi_mul_mpi:16:"01":16:"":16:"" + +Test mbedtls_mpi_mul_mpi: -1 * 0 (null) +mbedtls_mpi_mul_mpi:16:"-01":16:"":16:"" + Test mbedtls_mpi_mul_mpi #1 mbedtls_mpi_mul_mpi:10:"28911710017320205966167820725313234361535259163045867986277478145081076845846493521348693253530011243988160148063424837895971948244167867236923919506962312185829914482993478947657472351461336729641485069323635424692930278888923450060546465883490944265147851036817433970984747733020522259537":10:"16471581891701794764704009719057349996270239948993452268812975037240586099924712715366967486587417803753916334331355573776945238871512026832810626226164346328807407669366029926221415383560814338828449642265377822759768011406757061063524768140567867350208554439342320410551341675119078050953":10:"476221599179424887669515829231223263939342135681791605842540429321038144633323941248706405375723482912535192363845116154236465184147599697841273424891410002781967962186252583311115708128167171262206919514587899883547279647025952837516324649656913580411611297312678955801899536937577476819667861053063432906071315727948826276092545739432005962781562403795455162483159362585281248265005441715080197800335757871588045959754547836825977169125866324128449699877076762316768127816074587766799018626179199776188490087103869164122906791440101822594139648973454716256383294690817576188761" @@ -769,15 +934,45 @@ mbedtls_mpi_mul_int:10:"-2039568783564019774057658669290345772801939933143482630 Test mbedtls_mpi_mul_int #4 (Unsigned, thus failure) mbedtls_mpi_mul_int:10:"-2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":"!=" +Test mbedtls_mpi_mul_int: 0 (null) * 0 +mbedtls_mpi_mul_int:16:"":0:16:"":"==" + +Test mbedtls_mpi_mul_int: 0 (null) * 1 +mbedtls_mpi_mul_int:16:"":1:16:"":"==" + +Test mbedtls_mpi_mul_int: 0 (null) * 0x1234 +mbedtls_mpi_mul_int:16:"":0x1234:16:"":"==" + Base test mbedtls_mpi_div_mpi #1 mbedtls_mpi_div_mpi:10:"1000":10:"13":10:"76":10:"12":0 Base test mbedtls_mpi_div_mpi #2 (Divide by zero (1 limb)) mbedtls_mpi_div_mpi:10:"1000":10:"0":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO +Base test mbedtls_mpi_div_mpi #2 (Divide by zero (null)) +mbedtls_mpi_div_mpi:10:"1000":10:"":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + Base test mbedtls_mpi_div_mpi #3 mbedtls_mpi_div_mpi:10:"1000":10:"-13":10:"-76":10:"12":0 +Test mbedtls_mpi_div_mpi: 0 (null) / 0 (null) +mbedtls_mpi_div_mpi:16:"":16:"":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + +Test mbedtls_mpi_div_mpi: 0 (null) / 0 (1 limb) +mbedtls_mpi_div_mpi:16:"":16:"0":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + +Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (null) +mbedtls_mpi_div_mpi:16:"0":16:"":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + +Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (1 limb) +mbedtls_mpi_div_mpi:16:"0":16:"0":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + +Test mbedtls_mpi_div_mpi: 0 (null) / 1 +mbedtls_mpi_div_mpi:16:"":16:"1":16:"":16:"":0 + +Test mbedtls_mpi_div_mpi: 0 (null) / -1 +mbedtls_mpi_div_mpi:16:"":16:"-1":16:"":16:"":0 + Test mbedtls_mpi_div_mpi #1 mbedtls_mpi_div_mpi:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":10:"34":10:"592148724779947824773845002981655249516095268533053127589864347174804198178334111238460803":10:"26":0 @@ -805,9 +1000,21 @@ mbedtls_mpi_div_int:10:"20133056642518226042310730101376278483547239130123806338 Test mbedtls_mpi_div_int #2 mbedtls_mpi_div_int:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":-34:10:"-592148724779947824773845002981655249516095268533053127589864347174804198178334111238460803":10:"26":0 +Test mbedtls_mpi_div_int: 0 (null) / 0 +mbedtls_mpi_div_int:16:"":0:16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + +Test mbedtls_mpi_div_int: 0 (1 limb) / 0 +mbedtls_mpi_div_int:16:"00":0:16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + +Test mbedtls_mpi_div_int: 0 (null) / 1 +mbedtls_mpi_div_int:16:"":1:16:"":16:"":0 + Base test mbedtls_mpi_mod_mpi #1 mbedtls_mpi_mod_mpi:10:"1000":10:"13":10:"12":0 +Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (null)) +mbedtls_mpi_mod_mpi:10:"1000":10:"":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO + Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (1 limb)) mbedtls_mpi_mod_mpi:10:"1000":10:"0":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO @@ -820,6 +1027,12 @@ mbedtls_mpi_mod_mpi:10:"1000":10:"-13":10:"-1":MBEDTLS_ERR_MPI_NEGATIVE_VALUE Base test mbedtls_mpi_mod_mpi #5 (Negative modulo) mbedtls_mpi_mod_mpi:10:"-1000":10:"-13":10:"-12":MBEDTLS_ERR_MPI_NEGATIVE_VALUE +Test mbedtls_mpi_mod_mpi: 0 (null) % 1 +mbedtls_mpi_mod_mpi:16:"":16:"1":16:"":0 + +Test mbedtls_mpi_mod_mpi: 0 (null) % -1 +mbedtls_mpi_mod_mpi:16:"":16:"-1":16:"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE + Base test mbedtls_mpi_mod_int #1 mbedtls_mpi_mod_int:10:"1000":13:12:0 @@ -844,12 +1057,21 @@ mbedtls_mpi_mod_int:10:"1001":2:1:0 Base test mbedtls_mpi_mod_int #8 (By 2) mbedtls_mpi_mod_int:10:"1000":2:0:0 +Test mbedtls_mpi_mod_int: 0 (null) % 1 +mbedtls_mpi_mod_int:16:"":1:0:0 + +Test mbedtls_mpi_mod_int: 0 (null) % -1 +mbedtls_mpi_mod_int:16:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE + Base test mbedtls_mpi_exp_mod #1 mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0 Base test mbedtls_mpi_exp_mod #2 (Even N) mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Base test mbedtls_mpi_exp_mod #2 (N = 0 (null)) +mbedtls_mpi_exp_mod:10:"23":10:"13":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Base test mbedtls_mpi_exp_mod #3 (Negative N) mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA @@ -862,6 +1084,52 @@ mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DA Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent) mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (null) mod 9 +depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH +mbedtls_mpi_exp_mod:16:"":16:"":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (1 limb) mod 9 +depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH +mbedtls_mpi_exp_mod:16:"":16:"00":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 0 (null) ^ 1 mod 9 +depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH +mbedtls_mpi_exp_mod:16:"":16:"01":16:"09":16:"":0 + +Test mbedtls_mpi_exp_mod: 0 (null) ^ 2 mod 9 +depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH +mbedtls_mpi_exp_mod:16:"":16:"02":16:"09":16:"":0 + +Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (null) mod 9 +mbedtls_mpi_exp_mod:16:"00":16:"":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (1 limb) mod 9 +mbedtls_mpi_exp_mod:16:"00":16:"00":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 1 mod 9 +mbedtls_mpi_exp_mod:16:"00":16:"01":16:"09":16:"":0 + +Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 2 mod 9 +mbedtls_mpi_exp_mod:16:"00":16:"02":16:"09":16:"":0 + +Test mbedtls_mpi_exp_mod: 1 ^ 0 (null) mod 9 +mbedtls_mpi_exp_mod:16:"01":16:"":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 4 ^ 0 (null) mod 9 +mbedtls_mpi_exp_mod:16:"04":16:"":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 10 ^ 0 (null) mod 9 +mbedtls_mpi_exp_mod:16:"0a":16:"":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 1 ^ 0 (1 limb) mod 9 +mbedtls_mpi_exp_mod:16:"01":16:"00":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 4 ^ 0 (1 limb) mod 9 +mbedtls_mpi_exp_mod:16:"04":16:"00":16:"09":16:"1":0 + +Test mbedtls_mpi_exp_mod: 10 ^ 0 (1 limb) mod 9 +mbedtls_mpi_exp_mod:16:"0a":16:"00":16:"09":16:"1":0 + Test mbedtls_mpi_exp_mod: MAX_SIZE exponent mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:10:"":0 @@ -900,6 +1168,39 @@ mbedtls_mpi_gcd:10:"1764":10:"868":10:"28" Base test GCD #3 mbedtls_mpi_gcd:10:"768454923":10:"542167814":10:"1" +Test GCD: 0 (null), 0 (null) +mbedtls_mpi_gcd:16:"":16:"":16:"" + +Test GCD: 0 (null), 0 (1 limb) +mbedtls_mpi_gcd:16:"":16:"00":16:"" + +Test GCD: 0 (null), 3 +mbedtls_mpi_gcd:16:"":16:"03":16:"3" + +Test GCD: 0 (null), 6 +mbedtls_mpi_gcd:16:"":16:"06":16:"6" + +Test GCD: 0 (1 limb), 0 (null) +mbedtls_mpi_gcd:16:"00":16:"00":16:"" + +Test GCD: 0 (1 limb), 3 +mbedtls_mpi_gcd:16:"00":16:"03":16:"3" + +Test GCD: 0 (1 limb), 6 +mbedtls_mpi_gcd:16:"00":16:"06":16:"6" + +Test GCD: 3, 0 (null) +mbedtls_mpi_gcd:16:"03":16:"":16:"3" + +Test GCD: 3, 0 (1 limb) +mbedtls_mpi_gcd:16:"03":16:"00":16:"3" + +Test GCD: 6, 0 (null) +mbedtls_mpi_gcd:16:"06":16:"":16:"6" + +Test GCD: 6, 0 (1 limb) +mbedtls_mpi_gcd:16:"06":16:"00":16:"6" + Test GCD #1: A > 0, B > 0 mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" @@ -945,6 +1246,9 @@ mbedtls_mpi_gcd:10:"346892299678669733829054550006704459555027502778749383722549 Base test mbedtls_mpi_inv_mod #1 mbedtls_mpi_inv_mod:10:"3":10:"11":10:"4":0 +Test mbedtls_mpi_inv_mod: mod 0 (null) +mbedtls_mpi_inv_mod:10:"3":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Test mbedtls_mpi_inv_mod: mod 0 (1 limb) mbedtls_mpi_inv_mod:10:"3":10:"0":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA @@ -957,6 +1261,12 @@ mbedtls_mpi_inv_mod:10:"2":10:"4":10:"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE Test mbedtls_mpi_inv_mod: mod 1 mbedtls_mpi_inv_mod:10:"3":10:"1":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_inv_mod: 0 (null) ^-1 +mbedtls_mpi_inv_mod:16:"":16:"11":16:"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +Test mbedtls_mpi_inv_mod: 0 (1 limb) ^-1 +mbedtls_mpi_inv_mod:16:"00":16:"11":16:"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + Test mbedtls_mpi_inv_mod #1 mbedtls_mpi_inv_mod:16:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":16:"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":16:"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0 @@ -1141,6 +1451,9 @@ mbedtls_mpi_get_bit:10:"49979687":26:0 Test bit getting (Larger and non-existing limb) mbedtls_mpi_get_bit:10:"49979687":500:0 +Test bit getting in 0 (null) +mbedtls_mpi_get_bit:10:"":500:0 + Test bit getting (Value bit 24) mbedtls_mpi_get_bit:10:"49979687":24:0 @@ -1159,6 +1472,12 @@ mbedtls_mpi_set_bit:10:"49979687":80:0:10:"49979687":0 Test bit set (Add above existing limbs with a 1) mbedtls_mpi_set_bit:10:"49979687":80:1:10:"1208925819614629224685863":0 +Test bit set (Add to 0 (null) with a 0) +mbedtls_mpi_set_bit:16:"":65:0:16:"":0 + +Test bit set (Add to 0 (null) with a 1) +mbedtls_mpi_set_bit:16:"":65:1:16:"020000000000000000":0 + Test bit set (Bit index larger than 31 with a 0) mbedtls_mpi_set_bit:16:"FFFFFFFFFFFFFFFF":32:0:16:"FFFFFFFEFFFFFFFF":0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index a622a4e43..112488ff4 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -846,7 +846,8 @@ void mbedtls_mpi_shrink( int before, int used, int min, int after ) TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 ); TEST_ASSERT( used <= before ); - memset( X.p, 0x2a, used * sizeof( mbedtls_mpi_uint ) ); + if( before > 0 ) + memset( X.p, 0x2a, used * sizeof( mbedtls_mpi_uint ) ); TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 ); TEST_ASSERT( X.n == (size_t) after ); From f643e8e8a9b4af852659722d4402e2c086328582 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Jun 2021 23:17:42 +0200 Subject: [PATCH 12/37] Fix null pointer dereference in mbedtls_mpi_exp_mod Fix a null pointer dereference in mbedtls_mpi_exp_mod(X, A, N, E, _RR) when A is the value 0 represented with 0 limbs. Make the code a little more robust against similar bugs. Signed-off-by: Gilles Peskine --- library/bignum.c | 27 +++++++++++++++++++++++++-- tests/suites/test_suite_mpi.data | 4 ---- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 3acc4b9b4..4aa25a4c6 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -203,7 +203,13 @@ static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs ) } /* - * Copy the contents of Y into X + * Copy the contents of Y into X. + * + * This function is not constant-time. Leading zeros in Y may be removed. + * + * Ensure that X does not shrink. This is not guaranteed by the public API, + * but some code in the bignum module relies on this property, for example + * in mbedtls_mpi_exp_mod(). */ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) { @@ -217,7 +223,11 @@ int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) if( Y->n == 0 ) { - mbedtls_mpi_free( X ); + if( X->n != 0 ) + { + X->s = 1; + memset( X->p, 0, X->n * ciL ); + } return( 0 ); } @@ -2175,6 +2185,11 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, #endif j = N->n + 1; + /* All W[i] and X must have at least N->n limbs for the mpi_montmul() + * and mpi_montred() calls later. Here we ensure that W[1] and X are + * large enough, and later we'll grow other W[i] to the same length. + * They must not be shrunk midway through this function! + */ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); @@ -2209,10 +2224,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * W[1] = A * R^2 * R^-1 mod N = A * R mod N */ if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 ) + { MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) ); + /* This should be a no-op because W[1] is already that large before + * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow + * in mpi_montmul() below, so let's make sure. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n +1 ) ); + } else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); + /* Note that this is safe because W[1] always has at least N->n limbs + * (it grew above and was preserved by mbedtls_mpi_copy()). */ mpi_montmul( &W[1], &RR, N, mm, &T ); /* diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 09ac023cb..84595f224 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1085,19 +1085,15 @@ Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent) mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (null) mod 9 -depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH mbedtls_mpi_exp_mod:16:"":16:"":16:"09":16:"1":0 Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (1 limb) mod 9 -depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH mbedtls_mpi_exp_mod:16:"":16:"00":16:"09":16:"1":0 Test mbedtls_mpi_exp_mod: 0 (null) ^ 1 mod 9 -depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH mbedtls_mpi_exp_mod:16:"":16:"01":16:"09":16:"":0 Test mbedtls_mpi_exp_mod: 0 (null) ^ 2 mod 9 -depends_on:TEST_TEMPORARILY_DISABLED_BECAUSE_IT_CAUSES_A_CRASH mbedtls_mpi_exp_mod:16:"":16:"02":16:"09":16:"":0 Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (null) mod 9 From 37e7736d8e990d637a206a2aa20f5cc7413a7859 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 18:55:57 +0200 Subject: [PATCH 13/37] Changelog for the fix to mbedtls_mpi_exp_mod(A=0) In Mbed TLS 2.26.0, the bug was hard to trigger, since all methods for parsing a bignum (mbedtls_mpi_read_xxx functions) constructed an mbedtls_mpi object with at least one limb. In the development branch, after the commit "New internal function mbedtls_mpi_resize_clear", this bug could be triggered by a TLS server, by passing invalid custom Diffie-Hellman parameters with G=0 transmitted as a 0-length byte string. Since the behavior change in mbedtls_mpi_read_binary and mbedtls_mpi_read_binary_le (constructing 0 limbs instead of 1 when passed empty input) turned out to have consequences despite being in principle an internal detail, mention it in the changelog. Signed-off-by: Gilles Peskine --- ChangeLog.d/mpi_exp_mod-zero.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/mpi_exp_mod-zero.txt diff --git a/ChangeLog.d/mpi_exp_mod-zero.txt b/ChangeLog.d/mpi_exp_mod-zero.txt new file mode 100644 index 000000000..9df9031a9 --- /dev/null +++ b/ChangeLog.d/mpi_exp_mod-zero.txt @@ -0,0 +1,7 @@ +Bugfix + * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with + A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug + could not be triggered by code that constructed A with one of the + mbedtls_mpi_read_xxx functions (including in particular TLS code) since + those always built an mpi object with at least one limb. + Credit to OSS-Fuzz. Fixes #4641. From b5e56ec5fd0f07ef398527f66b49bc0f2f0cef03 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 13:26:43 +0200 Subject: [PATCH 14/37] mbedtls_mpi_gcd: fix the case B==0 Signed-off-by: Gilles Peskine --- ChangeLog.d/mpi_gcd-0.txt | 4 ++++ library/bignum.c | 10 ++++++++++ 2 files changed, 14 insertions(+) create mode 100644 ChangeLog.d/mpi_gcd-0.txt diff --git a/ChangeLog.d/mpi_gcd-0.txt b/ChangeLog.d/mpi_gcd-0.txt new file mode 100644 index 000000000..41e11e1f6 --- /dev/null +++ b/ChangeLog.d/mpi_gcd-0.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no + effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect + applications that call mbedtls_mpi_gcd() directly. Fixes #4642. diff --git a/library/bignum.c b/library/bignum.c index 4aa25a4c6..9f6873dbc 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2391,6 +2391,16 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B lz = mbedtls_mpi_lsb( &TA ); lzt = mbedtls_mpi_lsb( &TB ); + /* The loop below gives the correct result when A==0 but not when B==0. + * So have a special case for B==0. Leverage the fact that we just + * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test + * slightly more efficient than cmp_int(). */ + if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 ) + { + ret = mbedtls_mpi_copy( G, A ); + goto cleanup; + } + if( lzt < lz ) lz = lzt; From c86acc543478dd70445710b2e647e073d40642b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 13:27:05 +0200 Subject: [PATCH 15/37] mbedtls_mpi_gcd: small optimization Shifting TA and TB before the loop is not necessary. If A != 0, it will be done at the start of the loop iteration. If A == 0, then lz==0 and G is correctly set to B after 0 loop iterations. Signed-off-by: Gilles Peskine --- library/bignum.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 9f6873dbc..1c83e6357 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2404,9 +2404,6 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B if( lzt < lz ) lz = lzt; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) ); - TA.s = TB.s = 1; while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) From 70a7dcda3f993de59f796920f319960da252fa06 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 10 Jun 2021 15:51:54 +0200 Subject: [PATCH 16/37] Fix multiplication producing a negative zero Fix mbedtls_mpi_mul_mpi() when one of the operands is zero and the other is negative. The sign of the result must be 1, since some library functions do not treat {-1, 0, NULL} or {-1, n, {0}} as representing the value 0. Signed-off-by: Gilles Peskine --- ChangeLog.d/mpi_read_negative_zero.txt | 8 ++++++-- library/bignum.c | 12 +++++++++++- tests/suites/test_suite_mpi.data | 6 ++++++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/mpi_read_negative_zero.txt b/ChangeLog.d/mpi_read_negative_zero.txt index e338de70b..32857694a 100644 --- a/ChangeLog.d/mpi_read_negative_zero.txt +++ b/ChangeLog.d/mpi_read_negative_zero.txt @@ -1,3 +1,7 @@ Bugfix - * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated - as equal to 0 in all cases. Fix it to produce the same object as "0". + * Fix some cases in the bignum module where the library constructed an + unintended representation of the value 0 which was not processed + correctly by some bignum operations. This could happen when + mbedtls_mpi_read_string() was called on "-0", or when + mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of + the arguments being negative and the other being 0. Fixes #4643. diff --git a/library/bignum.c b/library/bignum.c index 1c83e6357..748490066 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1658,7 +1658,17 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi for( ; j > 0; j-- ) mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); - X->s = A->s * B->s; + /* If the result is 0, we don't shortcut the operation, which reduces + * but does not eliminate side channels leaking the zero-ness. We do + * need to take care to set the sign bit properly since the library does + * not fully support an MPI object with a value of 0 and s == -1. */ + if( ( i == 0 && ( A->n == 0 || A->p[0] == 0 ) ) || + ( j == 0 && ( B->n == 0 || B->p[0] == 0 ) ) ) + { + X->s = 1; + } + else + X->s = A->s * B->s; cleanup: diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 84595f224..da227ad87 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -910,6 +910,9 @@ mbedtls_mpi_mul_mpi:16:"":16:"01":16:"" Test mbedtls_mpi_mul_mpi: 0 (null) * -1 mbedtls_mpi_mul_mpi:16:"":16:"-01":16:"" +Test mbedtls_mpi_mul_mpi: 0 (1 limb) * -1 +mbedtls_mpi_mul_mpi:16:"00":16:"-01":16:"" + Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null) mbedtls_mpi_mul_mpi:16:"":16:"00":16:"" @@ -919,6 +922,9 @@ mbedtls_mpi_mul_mpi:16:"01":16:"":16:"" Test mbedtls_mpi_mul_mpi: -1 * 0 (null) mbedtls_mpi_mul_mpi:16:"-01":16:"":16:"" +Test mbedtls_mpi_mul_mpi: -1 * 0 (1 limb) +mbedtls_mpi_mul_mpi:16:"-01":16:"00":16:"" + Test mbedtls_mpi_mul_mpi #1 mbedtls_mpi_mul_mpi:10:"28911710017320205966167820725313234361535259163045867986277478145081076845846493521348693253530011243988160148063424837895971948244167867236923919506962312185829914482993478947657472351461336729641485069323635424692930278888923450060546465883490944265147851036817433970984747733020522259537":10:"16471581891701794764704009719057349996270239948993452268812975037240586099924712715366967486587417803753916334331355573776945238871512026832810626226164346328807407669366029926221415383560814338828449642265377822759768011406757061063524768140567867350208554439342320410551341675119078050953":10:"476221599179424887669515829231223263939342135681791605842540429321038144633323941248706405375723482912535192363845116154236465184147599697841273424891410002781967962186252583311115708128167171262206919514587899883547279647025952837516324649656913580411611297312678955801899536937577476819667861053063432906071315727948826276092545739432005962781562403795455162483159362585281248265005441715080197800335757871588045959754547836825977169125866324128449699877076762316768127816074587766799018626179199776188490087103869164122906791440101822594139648973454716256383294690817576188761" From 88ea3e86d722fdf243890ab2679b1be9bc065b33 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 16:24:35 +0200 Subject: [PATCH 17/37] Add RSA tests with message=0 Signed-off-by: Gilles Peskine --- tests/suites/test_suite_rsa.data | 6 ++++++ tests/suites/test_suite_rsa.function | 8 ++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 6f9406ce1..2da814db5 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -389,12 +389,18 @@ mbedtls_rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d041 RSA Private (Data larger than N) mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA +RSA Private (Data = 0 ) +mbedtls_rsa_private:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 + RSA Public (Correct) mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0 RSA Public (Data larger than N) mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA +RSA Public (Data = 0) +mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0 + RSA Generate Key - 128bit key mbedtls_rsa_gen_key:128:3:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1de166d2d..2d7fb8ef6 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -890,10 +890,12 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + + /* Check test data consistency */ + TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result ); if( result == 0 ) { @@ -951,11 +953,13 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + + /* Check test data consistency */ + TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - /* repeat three times to test updating of blinding values */ for( i = 0; i < 3; i++ ) { From 0bea4d14e04c3c4c4cb5c0d52ec683877c89a065 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Jun 2021 13:37:31 +0200 Subject: [PATCH 18/37] DHM: test some edge cases for the generator Signed-off-by: Gilles Peskine --- tests/suites/test_suite_dhm.data | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index 33c721659..3346bf2aa 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -85,6 +85,27 @@ dhm_do_dhm:10:"3":1:10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED+MBEDTLS_ERR_MPI_BA Diffie-Hellman zero modulus dhm_do_dhm:10:"0":1:10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA +Diffie-Hellman with G=0 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"0":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman with G=1 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman with G=P-1 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman with G=P-2 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409621":0 + +Diffie-Hellman with G=P +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409623":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman with G=P+1 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409624":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + +Diffie-Hellman with G=P+2 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409625":0 + Diffie-Hellman: x_size < 0 dhm_do_dhm:10:"93450983094850938450983409623":-1:10:"9345098304850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA From d48761317c985f99a4829ed7d28450706aee8ad4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Jun 2021 18:32:34 +0200 Subject: [PATCH 19/37] mbedtls_mpi_read_string: make an empty bignum for an empty string In mbedtls_mpi_read_string, if the string is empty, return an empty bignum rather than a bignum with one limb with the value 0. Both representations are correct, so this is not, in principle, a user-visible change. The change does leak however through mbedtls_mpi_write_string in base 16 (but not in other bases), as it writes a bignum with 0 limbs as "" but a bignum with the value 0 and at least one limb as "00". This change makes it possible to construct an empty bignum through mbedtls_mpi_read_string, which is especially useful to construct test cases (a common use of mbedtls_mpi_read_string, as most formats use in production encode numbers in binary, to be read with mbedtls_mpi_read_binary or mbedtls_mpi_read_binary_le). Signed-off-by: Gilles Peskine --- library/bignum.c | 6 ++++++ tests/suites/test_suite_mpi.data | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 748490066..208d50873 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -512,6 +512,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) mbedtls_mpi_init( &T ); + if( s[0] == 0 ) + { + mbedtls_mpi_free( X ); + return( 0 ); + } + if( s[0] == '-' ) { ++s; diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index da227ad87..2460d3fa3 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -68,13 +68,13 @@ Test mpi_read_write_string #7 mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0 Test mpi_read_write_string #8 (Empty MPI hex -> hex) -mpi_read_write_string:16:"":16:"00":4:0:0 +mpi_read_write_string:16:"":16:"":4:0:0 Test mpi_read_write_string #9 (Empty MPI hex -> dec) mpi_read_write_string:16:"":10:"0":4:0:0 Test mpi_read_write_string #8 (Empty MPI dec -> hex) -mpi_read_write_string:10:"":16:"00":4:0:0 +mpi_read_write_string:10:"":16:"":4:0:0 Test mpi_read_write_string #9 (Empty MPI dec -> dec) mpi_read_write_string:10:"":10:"0":4:0:0 From c513934f8cc8b30fb603b0a13a208e20803697d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 16:25:36 +0200 Subject: [PATCH 20/37] Changelog entry for the mbedtls_mpi_read_xxx changes mbedtls_mpi_read_binary{,_le} (in https://github.com/ARMmbed/mbedtls/pull/4276) and mbedtls_mpi_read_string (in https://github.com/ARMmbed/mbedtls/pull/4644) changed their behavior on an empty input from constructing an MPI object with one limb to not allocating a limb. In principle, this change should be transparent to applications, however it caused a bug in the library and it does affect the value when writing back out, so list the change in the changelog. Signed-off-by: Gilles Peskine --- ChangeLog.d/mpi_read_zero.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ChangeLog.d/mpi_read_zero.txt diff --git a/ChangeLog.d/mpi_read_zero.txt b/ChangeLog.d/mpi_read_zero.txt new file mode 100644 index 000000000..0c25159d9 --- /dev/null +++ b/ChangeLog.d/mpi_read_zero.txt @@ -0,0 +1,9 @@ +Changes + * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and + mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs + when their input has length 0. Note that this is an implementation detail + and can change at any time, so this change should be transparent, but it + may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string() + now writing an empty string where it previously wrote one or more + zero digits when operating from values constructed with an mpi_read + function and some mpi operations. From 2c65b17b4ea92e2020e12f0c38a113138cbd6ff7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:10:16 +0200 Subject: [PATCH 21/37] Make GCD test descriptions more uniform Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 2460d3fa3..00c8b59fe 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1203,46 +1203,46 @@ mbedtls_mpi_gcd:16:"06":16:"":16:"6" Test GCD: 6, 0 (1 limb) mbedtls_mpi_gcd:16:"06":16:"00":16:"6" -Test GCD #1: A > 0, B > 0 +Test GCD: gcd=1, 0 < A < B mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" -Test GCD #1 with A > B +Test GCD: gcd=1, 0 < B < A mbedtls_mpi_gcd:10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"1" -Test GCD #1: A > 0, B < 0 +Test GCD: gcd=1, A > 0, B < 0 mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" -Test GCD #1: A < 0, B > 0 +Test GCD: gcd=1, A < 0 < B, |A| < |B| mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" -Test GCD #1: A < 0, B < 0 +Test GCD: gcd=1, B < A < 0 mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1" -Test GCD #2 +Test GCD: gcd=2, 0 < A < B mbedtls_mpi_gcd:10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"2" -Test GCD #2 with A > B +Test GCD: gcd=2, 0 < B < A mbedtls_mpi_gcd:10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"2" -Test GCD #3 +Test GCD: gcd=3, 0 < A < B mbedtls_mpi_gcd:10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"3" -Test GCD #3 with A > B +Test GCD: gcd=3, 0 < B < A mbedtls_mpi_gcd:10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"3" -Test GCD #4 +Test GCD: gcd=4, 0 < A < B mbedtls_mpi_gcd:10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"4" -Test GCD #4 with A > B +Test GCD: gcd=4, 0 < B < A mbedtls_mpi_gcd:10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"4" -Test GCD #6 +Test GCD: gcd=6, 0 < A < B mbedtls_mpi_gcd:10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"6" -Test GCD #5 (A = B) +Test GCD: 0 < A = B mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847" -Test GCD #6 with A > B +Test GCD: gcd=6, 0 < B < A mbedtls_mpi_gcd:10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"6" Base test mbedtls_mpi_inv_mod #1 From d9aeb129758da5d22d54181cf6efa45e80a0fbe2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:10:50 +0200 Subject: [PATCH 22/37] Tweak grouping of GCD test cases Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 00c8b59fe..62158bade 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1239,12 +1239,12 @@ mbedtls_mpi_gcd:10:"231261533119113155886036366671136306370018335185832922481699 Test GCD: gcd=6, 0 < A < B mbedtls_mpi_gcd:10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"6" -Test GCD: 0 < A = B -mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847" - Test GCD: gcd=6, 0 < B < A mbedtls_mpi_gcd:10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"6" +Test GCD: 0 < A = B +mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847" + Base test mbedtls_mpi_inv_mod #1 mbedtls_mpi_inv_mod:10:"3":10:"11":10:"4":0 From 399c8fad552375f0a633e0655854f7c7907a0ac8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:19:18 +0200 Subject: [PATCH 23/37] mpi_shrink test: just set the top bit No need to bypass the API to fill limbs. It's a better test to just set the top bit that we want to have set, and it's one less bypass of the API. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 112488ff4..1f71f2915 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -845,11 +845,14 @@ void mbedtls_mpi_shrink( int before, int used, int min, int after ) mbedtls_mpi_init( &X ); TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 ); - TEST_ASSERT( used <= before ); - if( before > 0 ) - memset( X.p, 0x2a, used * sizeof( mbedtls_mpi_uint ) ); + if( used > 0 ) + { + size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint ); + TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 ); + } + TEST_EQUAL( X.n, (size_t) before ); TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 ); - TEST_ASSERT( X.n == (size_t) after ); + TEST_EQUAL( X.n, (size_t) after ); exit: mbedtls_mpi_free( &X ); From 0759cadddf2e71b975df7ae1a0389a866e27991d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:22:48 +0200 Subject: [PATCH 24/37] Whitespace fix Signed-off-by: Gilles Peskine --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 208d50873..d72dcf3e3 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2245,7 +2245,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* This should be a no-op because W[1] is already that large before * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow * in mpi_montmul() below, so let's make sure. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n +1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) ); } else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); From d65b50063a3c52064d4c655b5be2851dc3c0f692 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:44:32 +0200 Subject: [PATCH 25/37] Fix multiplication with negative result and a low-order 0 limb Fix a bug introduced in "Fix multiplication producing a negative zero" that caused the sign to be forced to +1 when A > 0, B < 0 and B's low-order limb is 0. Add a non-regression test. More generally, systematically test combinations of leading zeros, trailing zeros and signs. Signed-off-by: Gilles Peskine --- library/bignum.c | 10 ++-- tests/suites/test_suite_mpi.data | 98 +++++++++++++++++++++++++++++++- 2 files changed, 103 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index d72dcf3e3..d66d8e896 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1641,6 +1641,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j; mbedtls_mpi TA, TB; + int result_is_zero = 0; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); @@ -1653,10 +1654,14 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi for( i = A->n; i > 0; i-- ) if( A->p[i - 1] != 0 ) break; + if( i == 0 && ( A->n == 0 || A->p[0] == 0 ) ) + result_is_zero = 1; for( j = B->n; j > 0; j-- ) if( B->p[j - 1] != 0 ) break; + if( j == 0 && ( B->n == 0 || B->p[0] == 0 ) ) + result_is_zero = 1; MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); @@ -1668,11 +1673,8 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * but does not eliminate side channels leaking the zero-ness. We do * need to take care to set the sign bit properly since the library does * not fully support an MPI object with a value of 0 and s == -1. */ - if( ( i == 0 && ( A->n == 0 || A->p[0] == 0 ) ) || - ( j == 0 && ( B->n == 0 || B->p[0] == 0 ) ) ) - { + if( result_is_zero ) X->s = 1; - } else X->s = A->s * B->s; diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 62158bade..c2b719ecc 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -926,7 +926,103 @@ Test mbedtls_mpi_mul_mpi: -1 * 0 (1 limb) mbedtls_mpi_mul_mpi:16:"-01":16:"00":16:"" Test mbedtls_mpi_mul_mpi #1 -mbedtls_mpi_mul_mpi:10:"28911710017320205966167820725313234361535259163045867986277478145081076845846493521348693253530011243988160148063424837895971948244167867236923919506962312185829914482993478947657472351461336729641485069323635424692930278888923450060546465883490944265147851036817433970984747733020522259537":10:"16471581891701794764704009719057349996270239948993452268812975037240586099924712715366967486587417803753916334331355573776945238871512026832810626226164346328807407669366029926221415383560814338828449642265377822759768011406757061063524768140567867350208554439342320410551341675119078050953":10:"476221599179424887669515829231223263939342135681791605842540429321038144633323941248706405375723482912535192363845116154236465184147599697841273424891410002781967962186252583311115708128167171262206919514587899883547279647025952837516324649656913580411611297312678955801899536937577476819667861053063432906071315727948826276092545739432005962781562403795455162483159362585281248265005441715080197800335757871588045959754547836825977169125866324128449699877076762316768127816074587766799018626179199776188490087103869164122906791440101822594139648973454716256383294690817576188761" +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A +mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0 +mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, B < 0 +mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, B < 0 +mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" + +Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0, B < 0 +mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000" Test mbedtls_mpi_mul_int #1 mbedtls_mpi_mul_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":"==" From 9078e756b0ffa5e4529b2ee85b9d43ae2d662dca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:49:31 +0200 Subject: [PATCH 26/37] In test cases where the result is 0, express it as "0", not "" Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 50 ++++++++++++++++---------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index c2b719ecc..0927aea75 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -653,7 +653,7 @@ Base test mbedtls_mpi_add_abs #4 mbedtls_mpi_add_abs:10:"-12345678":10:"-642531":10:"12988209" Test mbedtls_mpi_add_abs: 0 + 0 -mbedtls_mpi_add_abs:16:"":16:"":16:"" +mbedtls_mpi_add_abs:16:"":16:"":16:"0" Test mbedtls_mpi_add_abs: 0 + 1 mbedtls_mpi_add_abs:16:"":16:"01":16:"01" @@ -683,7 +683,7 @@ Base test mbedtls_mpi_add_mpi #4 mbedtls_mpi_add_mpi:10:"-12345678":10:"-642531":10:"-12988209" Test mbedtls_mpi_add_mpi: 0 + 0 -mbedtls_mpi_add_mpi:16:"":16:"":16:"" +mbedtls_mpi_add_mpi:16:"":16:"":16:"0" Test mbedtls_mpi_add_mpi: 0 + 1 mbedtls_mpi_add_mpi:16:"":16:"01":16:"01" @@ -719,7 +719,7 @@ Test mbedtls_mpi_add_int #2 mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097" Test mbedtls_mpi_add_int: 0 (null) + 0 -mbedtls_mpi_add_int:16:"":0:16:"" +mbedtls_mpi_add_int:16:"":0:16:"0" Test mbedtls_mpi_add_int: 0 (null) + 1 mbedtls_mpi_add_int:16:"":1:16:"1" @@ -803,10 +803,10 @@ Base test mbedtls_mpi_sub_mpi #4 (Test with negative subtraction) mbedtls_mpi_sub_mpi:10:"5":10:"-7":10:"12" Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (null) -mbedtls_mpi_sub_mpi:16:"":16:"":16:"" +mbedtls_mpi_sub_mpi:16:"":16:"":16:"0" Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (1 limb) -mbedtls_mpi_sub_mpi:16:"":16:"00":16:"" +mbedtls_mpi_sub_mpi:16:"":16:"00":16:"0" Test mbedtls_mpi_sub_mpi: 0 (null) - 1 mbedtls_mpi_sub_mpi:16:"":16:"1":16:"-1" @@ -815,7 +815,7 @@ Test mbedtls_mpi_sub_mpi: 0 (null) - -1 mbedtls_mpi_sub_mpi:16:"":16:"-1":16:"1" Test mbedtls_mpi_sub_mpi: 0 (1 limb) - 0 (null) -mbedtls_mpi_sub_mpi:16:"00":16:"":16:"" +mbedtls_mpi_sub_mpi:16:"00":16:"":16:"0" Test mbedtls_mpi_sub_mpi: 1 - 0 (null) mbedtls_mpi_sub_mpi:16:"1":16:"":16:"1" @@ -836,7 +836,7 @@ Test mbedtls_mpi_sub_int #2 mbedtls_mpi_sub_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097" Test mbedtls_mpi_sub_int: 0 (null) - 0 -mbedtls_mpi_sub_int:16:"":0:16:"" +mbedtls_mpi_sub_int:16:"":0:16:"0" Test mbedtls_mpi_sub_int: 0 (null) - 1 mbedtls_mpi_sub_int:16:"":1:16:"-1" @@ -851,13 +851,13 @@ Test mbedtls_mpi_shift_l #2 mbedtls_mpi_shift_l:10:"658385546911733550164516088405238961461880256029834598831972039469421755117818013653494814438931957316403111689187691446941406788869098983929874080332195117465344344350008880118042764943201875870917468833709791733282363323948005998269792207":37:10:"90487820548639020691922304619723076305400961610119884872723190678642804168382367856686134531865643066983017249846286450251272364365605022750900439437595355052945035915579216557330505438734955340526145476988250171181404966718289259743378883640981192704" Test mbedtls_mpi_shift_l: 0 (null) <<= 0 -mbedtls_mpi_shift_l:16:"":1:16:"" +mbedtls_mpi_shift_l:16:"":1:16:"0" Test mbedtls_mpi_shift_l: 0 (null) <<= 1 -mbedtls_mpi_shift_l:16:"":1:16:"" +mbedtls_mpi_shift_l:16:"":1:16:"0" Test mbedtls_mpi_shift_l: 0 (null) <<= 64 -mbedtls_mpi_shift_l:16:"":64:16:"" +mbedtls_mpi_shift_l:16:"":64:16:"0" Test mbedtls_mpi_shift_r #1 mbedtls_mpi_shift_r:10:"128":1:10:"64" @@ -878,13 +878,13 @@ Test mbedtls_mpi_shift_r #7 mbedtls_mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00" Test mbedtls_mpi_shift_r: 0 (null) >>= 0 -mbedtls_mpi_shift_r:16:"":0:16:"" +mbedtls_mpi_shift_r:16:"":0:16:"0" Test mbedtls_mpi_shift_r: 0 (null) >>= 1 -mbedtls_mpi_shift_r:16:"":1:16:"" +mbedtls_mpi_shift_r:16:"":1:16:"0" Test mbedtls_mpi_shift_r: 0 (null) >>= 64 -mbedtls_mpi_shift_r:16:"":64:16:"" +mbedtls_mpi_shift_r:16:"":64:16:"0" Base test mbedtls_mpi_mul_mpi #1 mbedtls_mpi_mul_mpi:10:"5":10:"7":10:"35" @@ -899,31 +899,31 @@ Base test mbedtls_mpi_mul_mpi #4 mbedtls_mpi_mul_mpi:10:"-5":10:"-7":10:"35" Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (null) -mbedtls_mpi_mul_mpi:16:"":16:"":16:"" +mbedtls_mpi_mul_mpi:16:"":16:"":16:"0" Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (1 limb) -mbedtls_mpi_mul_mpi:16:"":16:"00":16:"" +mbedtls_mpi_mul_mpi:16:"":16:"00":16:"0" Test mbedtls_mpi_mul_mpi: 0 (null) * 1 -mbedtls_mpi_mul_mpi:16:"":16:"01":16:"" +mbedtls_mpi_mul_mpi:16:"":16:"01":16:"0" Test mbedtls_mpi_mul_mpi: 0 (null) * -1 -mbedtls_mpi_mul_mpi:16:"":16:"-01":16:"" +mbedtls_mpi_mul_mpi:16:"":16:"-01":16:"0" Test mbedtls_mpi_mul_mpi: 0 (1 limb) * -1 -mbedtls_mpi_mul_mpi:16:"00":16:"-01":16:"" +mbedtls_mpi_mul_mpi:16:"00":16:"-01":16:"0" Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null) -mbedtls_mpi_mul_mpi:16:"":16:"00":16:"" +mbedtls_mpi_mul_mpi:16:"":16:"00":16:"0" Test mbedtls_mpi_mul_mpi: 1 * 0 (null) -mbedtls_mpi_mul_mpi:16:"01":16:"":16:"" +mbedtls_mpi_mul_mpi:16:"01":16:"":16:"0" Test mbedtls_mpi_mul_mpi: -1 * 0 (null) -mbedtls_mpi_mul_mpi:16:"-01":16:"":16:"" +mbedtls_mpi_mul_mpi:16:"-01":16:"":16:"0" Test mbedtls_mpi_mul_mpi: -1 * 0 (1 limb) -mbedtls_mpi_mul_mpi:16:"-01":16:"00":16:"" +mbedtls_mpi_mul_mpi:16:"-01":16:"00":16:"0" Test mbedtls_mpi_mul_mpi #1 mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" @@ -1267,10 +1267,10 @@ Base test GCD #3 mbedtls_mpi_gcd:10:"768454923":10:"542167814":10:"1" Test GCD: 0 (null), 0 (null) -mbedtls_mpi_gcd:16:"":16:"":16:"" +mbedtls_mpi_gcd:16:"":16:"":16:"0" Test GCD: 0 (null), 0 (1 limb) -mbedtls_mpi_gcd:16:"":16:"00":16:"" +mbedtls_mpi_gcd:16:"":16:"00":16:"0" Test GCD: 0 (null), 3 mbedtls_mpi_gcd:16:"":16:"03":16:"3" @@ -1279,7 +1279,7 @@ Test GCD: 0 (null), 6 mbedtls_mpi_gcd:16:"":16:"06":16:"6" Test GCD: 0 (1 limb), 0 (null) -mbedtls_mpi_gcd:16:"00":16:"00":16:"" +mbedtls_mpi_gcd:16:"00":16:"00":16:"0" Test GCD: 0 (1 limb), 3 mbedtls_mpi_gcd:16:"00":16:"03":16:"3" From 14db18dd85b7b4aa5a2797b3765b69dcbd437a1f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:53:47 +0200 Subject: [PATCH 27/37] Unify G=1 and G=-1 test cases Signed-off-by: Gilles Peskine --- tests/suites/test_suite_dhm.data | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index 3346bf2aa..4e13e4853 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -73,12 +73,6 @@ dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622 Diffie-Hellman full exchange: 286-bit dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":36:10:"9345098309485093845098340962223981329819812792137312973297123912791271":0 -Diffie-Hellman trivial subgroup #1 -dhm_do_dhm:10:"23":1:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA - -Diffie-Hellman trivial subgroup #2 -dhm_do_dhm:10:"23":1:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA - Diffie-Hellman small modulus dhm_do_dhm:10:"3":1:10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA @@ -91,6 +85,9 @@ dhm_do_dhm:10:"93450983094850938450983409623":13:10:"0":MBEDTLS_ERR_DHM_BAD_INPU Diffie-Hellman with G=1 dhm_do_dhm:10:"93450983094850938450983409623":13:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA +Diffie-Hellman with G=-1 +dhm_do_dhm:10:"93450983094850938450983409623":13:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA + Diffie-Hellman with G=P-1 dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA From 3df0554c7e78eb97546e44d99998bb649a6e435f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 21:55:05 +0200 Subject: [PATCH 28/37] Fix copypasta in test function argument name Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 1f71f2915..360916a4a 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -1204,7 +1204,7 @@ exit: /* BEGIN_CASE */ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, char * input_E, int radix_N, char * input_N, - int radix_X, char * input_X, int div_result ) + int radix_X, char * input_X, int exp_result ) { mbedtls_mpi A, E, N, RR, Z, X; int res; @@ -1217,7 +1217,7 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 ); res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL ); - TEST_ASSERT( res == div_result ); + TEST_ASSERT( res == exp_result ); if( res == 0 ) { TEST_ASSERT( sign_is_valid( &Z ) ); @@ -1226,7 +1226,7 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, /* Now test again with the speed-up parameter supplied as an output. */ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); - TEST_ASSERT( res == div_result ); + TEST_ASSERT( res == exp_result ); if( res == 0 ) { TEST_ASSERT( sign_is_valid( &Z ) ); @@ -1235,7 +1235,7 @@ void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E, /* Now test again with the speed-up parameter supplied in calculated form. */ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ); - TEST_ASSERT( res == div_result ); + TEST_ASSERT( res == exp_result ); if( res == 0 ) { TEST_ASSERT( sign_is_valid( &Z ) ); From cd147d6ddc9cb1f84a3472f33cdb57495f58a26d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 22:01:23 +0200 Subject: [PATCH 29/37] Improve coverage of mbedtls_mpi_cmp_mpi Test with and without leading zeros on each side. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 68 ++++++++++++++++++++++++++++++-- 1 file changed, 64 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 0927aea75..ed48e64cc 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -220,18 +220,78 @@ mbedtls_mpi_cmp_mpi:10:"0":10:"":0 Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (1 limb) mbedtls_mpi_cmp_mpi:10:"0":10:"0":0 -Test mbedtls_mpi_cmp_mpi: 0 < positive +Test mbedtls_mpi_cmp_mpi: 0 (null) < positive +mbedtls_mpi_cmp_mpi:10:"":10:"123":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive mbedtls_mpi_cmp_mpi:10:"0":10:"123":-1 -Test mbedtls_mpi_cmp_mpi: 0 > negative +Test mbedtls_mpi_cmp_mpi: 0 (null) > negative +mbedtls_mpi_cmp_mpi:10:"":10:"-123":1 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative mbedtls_mpi_cmp_mpi:10:"0":10:"-123":1 -Test mbedtls_mpi_cmp_mpi: positive > 0 +Test mbedtls_mpi_cmp_mpi: positive > 0 (null) mbedtls_mpi_cmp_mpi:10:"123":10:"":1 -Test mbedtls_mpi_cmp_mpi: negative < 0 +Test mbedtls_mpi_cmp_mpi: positive > 0 (1 limb) +mbedtls_mpi_cmp_mpi:10:"123":10:"0":1 + +Test mbedtls_mpi_cmp_mpi: negative < 0 (null) mbedtls_mpi_cmp_mpi:10:"-123":10:"":-1 +Test mbedtls_mpi_cmp_mpi: negative < 0 (1 limb) +mbedtls_mpi_cmp_mpi:10:"-123":10:"0":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (null) < positive with leading zero limb +mbedtls_mpi_cmp_mpi:16:"":16:"0000000000000000123":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive with leading zero limb +mbedtls_mpi_cmp_mpi:16:"0":16:"0000000000000000123":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (null) > negative with leading zero limb +mbedtls_mpi_cmp_mpi:16:"":16:"-0000000000000000123":1 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative with leading zero limb +mbedtls_mpi_cmp_mpi:16:"0":16:"-0000000000000000123":1 + +Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (null) +mbedtls_mpi_cmp_mpi:16:"0000000000000000123":16:"":1 + +Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (1 limb) +mbedtls_mpi_cmp_mpi:16:"0000000000000000123":16:"0":1 + +Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (null) +mbedtls_mpi_cmp_mpi:16:"-0000000000000000123":16:"":-1 + +Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (1 limb) +mbedtls_mpi_cmp_mpi:16:"-0000000000000000123":16:"0":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (null) < large positive +mbedtls_mpi_cmp_mpi:16:"":16:"1230000000000000000":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < large positive +mbedtls_mpi_cmp_mpi:16:"0":16:"1230000000000000000":-1 + +Test mbedtls_mpi_cmp_mpi: 0 (null) > large negative +mbedtls_mpi_cmp_mpi:16:"":16:"-1230000000000000000":1 + +Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > large negative +mbedtls_mpi_cmp_mpi:16:"0":16:"-1230000000000000000":1 + +Test mbedtls_mpi_cmp_mpi: large positive > 0 (null) +mbedtls_mpi_cmp_mpi:16:"1230000000000000000":16:"":1 + +Test mbedtls_mpi_cmp_mpi: large positive > 0 (1 limb) +mbedtls_mpi_cmp_mpi:16:"1230000000000000000":16:"0":1 + +Test mbedtls_mpi_cmp_mpi: large negative < 0 (null) +mbedtls_mpi_cmp_mpi:16:"-1230000000000000000":16:"":-1 + +Test mbedtls_mpi_cmp_mpi: large negative < 0 (1 limb) +mbedtls_mpi_cmp_mpi:16:"-1230000000000000000":16:"0":-1 + Base test mbedtls_mpi_lt_mpi_ct #1 mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0 From 2c9916994f1ae182502c19cac63c4302a2de9959 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 22:03:37 +0200 Subject: [PATCH 30/37] Annotate the choice of representation of 0 in more places Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index ed48e64cc..79f88acef 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -712,13 +712,13 @@ mbedtls_mpi_add_abs:10:"12345678":10:"-642531":10:"12988209" Base test mbedtls_mpi_add_abs #4 mbedtls_mpi_add_abs:10:"-12345678":10:"-642531":10:"12988209" -Test mbedtls_mpi_add_abs: 0 + 0 +Test mbedtls_mpi_add_abs: 0 (null) + 0 (null) mbedtls_mpi_add_abs:16:"":16:"":16:"0" -Test mbedtls_mpi_add_abs: 0 + 1 +Test mbedtls_mpi_add_abs: 0 (null) + 1 mbedtls_mpi_add_abs:16:"":16:"01":16:"01" -Test mbedtls_mpi_add_abs: 1 + 0 +Test mbedtls_mpi_add_abs: 1 + 0 (null) mbedtls_mpi_add_abs:16:"01":16:"":16:"01" Test mbedtls_mpi_add_abs #1 @@ -742,19 +742,19 @@ mbedtls_mpi_add_mpi:10:"12345678":10:"-642531":10:"11703147" Base test mbedtls_mpi_add_mpi #4 mbedtls_mpi_add_mpi:10:"-12345678":10:"-642531":10:"-12988209" -Test mbedtls_mpi_add_mpi: 0 + 0 +Test mbedtls_mpi_add_mpi: 0 (null) + 0 (null) mbedtls_mpi_add_mpi:16:"":16:"":16:"0" -Test mbedtls_mpi_add_mpi: 0 + 1 +Test mbedtls_mpi_add_mpi: 0 (null) + 1 mbedtls_mpi_add_mpi:16:"":16:"01":16:"01" -Test mbedtls_mpi_add_mpi: 1 + 0 +Test mbedtls_mpi_add_mpi: 1 + 0 (null) mbedtls_mpi_add_mpi:16:"01":16:"":16:"01" -Test mbedtls_mpi_add_mpi: 0 + -1 +Test mbedtls_mpi_add_mpi: 0 (null) + -1 mbedtls_mpi_add_mpi:16:"":16:"-01":16:"-01" -Test mbedtls_mpi_add_mpi: -1 + 0 +Test mbedtls_mpi_add_mpi: -1 + 0 (null) mbedtls_mpi_add_mpi:16:"-01":16:"":16:"-01" Test mbedtls_mpi_add_mpi #1 From ae7f75c908690ac31a698751737c9eaf8a308433 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 22:06:02 +0200 Subject: [PATCH 31/37] Fix copypasta in test cases Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 79f88acef..5c00b54a4 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -911,7 +911,7 @@ Test mbedtls_mpi_shift_l #2 mbedtls_mpi_shift_l:10:"658385546911733550164516088405238961461880256029834598831972039469421755117818013653494814438931957316403111689187691446941406788869098983929874080332195117465344344350008880118042764943201875870917468833709791733282363323948005998269792207":37:10:"90487820548639020691922304619723076305400961610119884872723190678642804168382367856686134531865643066983017249846286450251272364365605022750900439437595355052945035915579216557330505438734955340526145476988250171181404966718289259743378883640981192704" Test mbedtls_mpi_shift_l: 0 (null) <<= 0 -mbedtls_mpi_shift_l:16:"":1:16:"0" +mbedtls_mpi_shift_l:16:"":0:16:"0" Test mbedtls_mpi_shift_l: 0 (null) <<= 1 mbedtls_mpi_shift_l:16:"":1:16:"0" @@ -974,7 +974,7 @@ Test mbedtls_mpi_mul_mpi: 0 (1 limb) * -1 mbedtls_mpi_mul_mpi:16:"00":16:"-01":16:"0" Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null) -mbedtls_mpi_mul_mpi:16:"":16:"00":16:"0" +mbedtls_mpi_mul_mpi:16:"00":16:"":16:"0" Test mbedtls_mpi_mul_mpi: 1 * 0 (null) mbedtls_mpi_mul_mpi:16:"01":16:"":16:"0" @@ -1339,7 +1339,7 @@ Test GCD: 0 (null), 6 mbedtls_mpi_gcd:16:"":16:"06":16:"6" Test GCD: 0 (1 limb), 0 (null) -mbedtls_mpi_gcd:16:"00":16:"00":16:"0" +mbedtls_mpi_gcd:16:"00":16:"":16:"0" Test GCD: 0 (1 limb), 3 mbedtls_mpi_gcd:16:"00":16:"03":16:"3" From 6537bdb5e0e7f5845ba818ec964f2ea51996a640 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Jun 2021 22:09:39 +0200 Subject: [PATCH 32/37] Explain how the code relates to the description in HAC Signed-off-by: Gilles Peskine --- library/bignum.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/bignum.c b/library/bignum.c index d66d8e896..9995c7f9b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2424,6 +2424,13 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B TA.s = TB.s = 1; + /* We follow the procedure described in HAC 14.54, except that sequences + * of divisions by 2 are grouped into a single shift. The procedure in HAC + * assumes that the numbers are initially positive. The case B=0 was + * short-circuited above. If A=0, the loop goes through 0 iterations + * and the result is correctly B. + */ + while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) { MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) ); From ea9aa14b3a764cc404e5695ace2b2048c07785e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 16 Jun 2021 13:42:04 +0200 Subject: [PATCH 33/37] Write a proof of correctness for mbedtls_mpi_gcd Signed-off-by: Gilles Peskine --- library/bignum.c | 51 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 9995c7f9b..08ac4d6e9 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2424,18 +2424,49 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B TA.s = TB.s = 1; - /* We follow the procedure described in HAC 14.54, except that sequences - * of divisions by 2 are grouped into a single shift. The procedure in HAC - * assumes that the numbers are initially positive. The case B=0 was - * short-circuited above. If A=0, the loop goes through 0 iterations - * and the result is correctly B. + /* We mostly follow the procedure described in HAC 14.54, but with some + * minor differences: + * - Sequences of multiplications or divisions by 2 are grouped into a + * single shift operation. + * - The procedure in HAC assumes that 0 < A <= B. + * - The condition A <= B is not actually necessary for correctness; + * the first round through the loop results in TA < TB. + * - If A = 0, the loop goes through 0 iterations and the result is + * correctly B. + * - The case B=0 was short-circuited above. + * + * For the correctness proof below, decompose the original values of + * A and B as + * A = sa * 2^a * A' with A'=0 or A' odd, and sa = +-1 + * B = sb * 2^b * B' with B'=0 or B' odd, and sb = +-1 + * Then gcd(A, B) = 2^{min(a,b)} * gcd(A',B'), + * and gcd(A',B') is odd or 0. + * + * At the beginning, we have TA = |A| and TB = |B| so gcd(A,B) = gcd(TA,TB). + * The code maintains the following invariant: + * gcd(A,B) = 2^k * gcd(TA,TB) for some k (I) */ + /* Proof that the loop terminates: + * At each iteration, either the right-shift by 1 is made on a nonzero + * value and the nonnegative integer bitlen(TA) + bitlen(TB) decreases + * by at least 1, or the right-shift by 1 is made on zero and then + * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted + * since in that case TB is calculated from TB-TA with the condition TB>TA). + */ while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) { + /* Divisions by 2 preserve the invariant (I). */ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) ); + /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd, + * TA-TB is even so the division by 2 has an integer result. + * Invariant (I) is preserved since any odd divisor of both TA and TB + * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2 + * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also + * divides TA. + */ if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) ); @@ -2446,8 +2477,18 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) ); } + /* Note that one of TA or TB is still odd. */ } + /* By invariant (I), gcd(A,B) = 2^k * gcd(TA,TB) for some k. + * At the loop exit, TA = 0, so gcd(TA,TB) = TB. + * - If there was at least one loop iteration, then one of TA or TB is odd, + * and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case, + * lz = min(a,b) so gcd(A,B) = 2^lz * TB. + * - If there was no loop iteration, then A was 0, and gcd(A,B) = B. + * In this case, B = 2^lz * TB so gcd(A,B) = 2^lz * TB as well. + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) ); From 8802b127b5079de8df99546541140fab1a8fe283 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 17 Jun 2021 14:31:54 +0200 Subject: [PATCH 34/37] Fix copypasta in test data Signed-off-by: Gilles Peskine --- tests/suites/test_suite_mpi.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 5c00b54a4..2addd23b4 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1013,16 +1013,16 @@ Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0, B < 0 mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B -mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" +mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0 -mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" +mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, B < 0 -mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" +mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0, B < 0 -mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"00000000000000000503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" +mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59" Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000" From 38a384d2ccddb9b2dce0fb7bb867269dee258dc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 17 Jun 2021 14:35:25 +0200 Subject: [PATCH 35/37] Simplify is-zero check The loop exits early iff there is a nonzero limb, so i==0 means that all limbs are 0, whether the number of limbs is 0 or not. Signed-off-by: Gilles Peskine --- library/bignum.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 08ac4d6e9..3593e29ed 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1654,13 +1654,13 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi for( i = A->n; i > 0; i-- ) if( A->p[i - 1] != 0 ) break; - if( i == 0 && ( A->n == 0 || A->p[0] == 0 ) ) + if( i == 0 ) result_is_zero = 1; for( j = B->n; j > 0; j-- ) if( B->p[j - 1] != 0 ) break; - if( j == 0 && ( B->n == 0 || B->p[0] == 0 ) ) + if( j == 0 ) result_is_zero = 1; MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); From b798b35374ecb29fc2e99e7f373c851f6f403bb8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Jun 2021 11:40:38 +0200 Subject: [PATCH 36/37] Clarification in a comment Signed-off-by: Gilles Peskine --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index 3593e29ed..aaa4ac703 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2486,7 +2486,7 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case, * lz = min(a,b) so gcd(A,B) = 2^lz * TB. * - If there was no loop iteration, then A was 0, and gcd(A,B) = B. - * In this case, B = 2^lz * TB so gcd(A,B) = 2^lz * TB as well. + * In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well. */ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) ); From 37d690c45b30249bf95cce5e3c94d2f645feea82 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 21 Jun 2021 18:58:39 +0200 Subject: [PATCH 37/37] Correct some statements about the ordering of A and B Signed-off-by: Gilles Peskine --- library/bignum.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index aaa4ac703..8e4d89335 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2428,12 +2428,15 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * minor differences: * - Sequences of multiplications or divisions by 2 are grouped into a * single shift operation. - * - The procedure in HAC assumes that 0 < A <= B. - * - The condition A <= B is not actually necessary for correctness; - * the first round through the loop results in TA < TB. - * - If A = 0, the loop goes through 0 iterations and the result is - * correctly B. - * - The case B=0 was short-circuited above. + * - The procedure in HAC assumes that 0 < TB <= TA. + * - The condition TB <= TA is not actually necessary for correctness. + * TA and TB have symmetric roles except for the loop termination + * condition, and the shifts at the beginning of the loop body + * remove any significance from the ordering of TA vs TB before + * the shifts. + * - If TA = 0, the loop goes through 0 iterations and the result is + * correctly TB. + * - The case TB = 0 was short-circuited above. * * For the correctness proof below, decompose the original values of * A and B as