1 /* crypto/bn/bntest.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
61 * Portions of the attached software ("Contribution") are developed by
62 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
64 * The Contribution is licensed pursuant to the Eric Young open source
65 * license provided above.
67 * The binary polynomial arithmetic software is originally written by
68 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
78 #include <openssl/bio.h>
79 #include <openssl/bn.h>
80 #include <openssl/rand.h>
81 #include <openssl/x509.h>
82 #include <openssl/err.h>
84 #ifdef OPENSSL_SYS_WINDOWS
85 #include "../bio/bss_file.c"
88 const int num0 = 100; /* number of tests */
89 const int num1 = 50; /* additional tests for some functions */
90 const int num2 = 5; /* number of tests for slow functions */
92 int test_add(BIO *bp);
93 int test_sub(BIO *bp);
94 int test_lshift1(BIO *bp);
95 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
96 int test_rshift1(BIO *bp);
97 int test_rshift(BIO *bp,BN_CTX *ctx);
98 int test_div(BIO *bp,BN_CTX *ctx);
99 int test_div_recp(BIO *bp,BN_CTX *ctx);
100 int test_mul(BIO *bp);
101 int test_sqr(BIO *bp,BN_CTX *ctx);
102 int test_mont(BIO *bp,BN_CTX *ctx);
103 int test_mod(BIO *bp,BN_CTX *ctx);
104 int test_mod_mul(BIO *bp,BN_CTX *ctx);
105 int test_mod_exp(BIO *bp,BN_CTX *ctx);
106 int test_exp(BIO *bp,BN_CTX *ctx);
107 int test_gf2m_add(BIO *bp);
108 int test_gf2m_mod(BIO *bp);
109 int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
110 int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
111 int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
112 int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
113 int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
114 int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
115 int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
116 int test_kron(BIO *bp,BN_CTX *ctx);
117 int test_sqrt(BIO *bp,BN_CTX *ctx);
119 static int results=0;
121 #ifdef OPENSSL_NO_STDIO
123 #include "bss_file.c"
126 static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
127 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
129 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
131 static void message(BIO *out, char *m)
133 fprintf(stderr, "test %s\n", m);
134 BIO_puts(out, "print \"test ");
136 BIO_puts(out, "\\n\"\n");
139 int main(int argc, char *argv[])
147 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
153 if (strcmp(*argv,"-results") == 0)
155 else if (strcmp(*argv,"-out") == 0)
157 if (--argc < 1) break;
166 if (ctx == NULL) exit(1);
168 out=BIO_new(BIO_s_file());
169 if (out == NULL) exit(1);
172 BIO_set_fp(out,stdout,BIO_NOCLOSE);
176 if (!BIO_write_filename(out,outfile))
184 BIO_puts(out,"obase=16\nibase=16\n");
186 message(out,"BN_add");
187 if (!test_add(out)) goto err;
190 message(out,"BN_sub");
191 if (!test_sub(out)) goto err;
194 message(out,"BN_lshift1");
195 if (!test_lshift1(out)) goto err;
198 message(out,"BN_lshift (fixed)");
199 if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
203 message(out,"BN_lshift");
204 if (!test_lshift(out,ctx,NULL)) goto err;
207 message(out,"BN_rshift1");
208 if (!test_rshift1(out)) goto err;
211 message(out,"BN_rshift");
212 if (!test_rshift(out,ctx)) goto err;
215 message(out,"BN_sqr");
216 if (!test_sqr(out,ctx)) goto err;
219 message(out,"BN_mul");
220 if (!test_mul(out)) goto err;
223 message(out,"BN_div");
224 if (!test_div(out,ctx)) goto err;
227 message(out,"BN_div_recp");
228 if (!test_div_recp(out,ctx)) goto err;
231 message(out,"BN_mod");
232 if (!test_mod(out,ctx)) goto err;
235 message(out,"BN_mod_mul");
236 if (!test_mod_mul(out,ctx)) goto err;
239 message(out,"BN_mont");
240 if (!test_mont(out,ctx)) goto err;
243 message(out,"BN_mod_exp");
244 if (!test_mod_exp(out,ctx)) goto err;
247 message(out,"BN_exp");
248 if (!test_exp(out,ctx)) goto err;
251 message(out,"BN_kronecker");
252 if (!test_kron(out,ctx)) goto err;
255 message(out,"BN_mod_sqrt");
256 if (!test_sqrt(out,ctx)) goto err;
259 message(out,"BN_GF2m_add");
260 if (!test_gf2m_add(out)) goto err;
263 message(out,"BN_GF2m_mod");
264 if (!test_gf2m_mod(out)) goto err;
267 message(out,"BN_GF2m_mod_mul");
268 if (!test_gf2m_mod_mul(out,ctx)) goto err;
271 message(out,"BN_GF2m_mod_sqr");
272 if (!test_gf2m_mod_sqr(out,ctx)) goto err;
275 message(out,"BN_GF2m_mod_inv");
276 if (!test_gf2m_mod_inv(out,ctx)) goto err;
279 message(out,"BN_GF2m_mod_div");
280 if (!test_gf2m_mod_div(out,ctx)) goto err;
283 message(out,"BN_GF2m_mod_exp");
284 if (!test_gf2m_mod_exp(out,ctx)) goto err;
287 message(out,"BN_GF2m_mod_sqrt");
288 if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
291 message(out,"BN_GF2m_mod_solve_quad");
292 if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
301 BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
302 * the failure, see test_bn in test/Makefile.ssl*/
304 ERR_load_crypto_strings();
305 ERR_print_errors_fp(stderr);
310 int test_add(BIO *bp)
319 BN_bntest_rand(&a,512,0,0);
320 for (i=0; i<num0; i++)
322 BN_bntest_rand(&b,450+i,0,0);
344 fprintf(stderr,"Add test failed!\n");
354 int test_sub(BIO *bp)
363 for (i=0; i<num0+num1; i++)
367 BN_bntest_rand(&a,512,0,0);
369 if (BN_set_bit(&a,i)==0) return(0);
374 BN_bntest_rand(&b,400+i-num1,0,0);
395 fprintf(stderr,"Subtract test failed!\n");
405 int test_div(BIO *bp, BN_CTX *ctx)
416 for (i=0; i<num0+num1; i++)
420 BN_bntest_rand(&a,400,0,0);
426 BN_bntest_rand(&b,50+3*(i-num1),0,0);
429 BN_div(&d,&c,&a,&b,ctx);
452 BN_mul(&e,&d,&b,ctx);
457 fprintf(stderr,"Division test failed!\n");
469 int test_div_recp(BIO *bp, BN_CTX *ctx)
475 BN_RECP_CTX_init(&recp);
482 for (i=0; i<num0+num1; i++)
486 BN_bntest_rand(&a,400,0,0);
492 BN_bntest_rand(&b,50+3*(i-num1),0,0);
495 BN_RECP_CTX_set(&recp,&b,ctx);
496 BN_div_recp(&d,&c,&a,&recp,ctx);
519 BN_mul(&e,&d,&b,ctx);
524 fprintf(stderr,"Reciprocal division test failed!\n");
525 fprintf(stderr,"a=");
526 BN_print_fp(stderr,&a);
527 fprintf(stderr,"\nb=");
528 BN_print_fp(stderr,&b);
529 fprintf(stderr,"\n");
538 BN_RECP_CTX_free(&recp);
542 int test_mul(BIO *bp)
549 if (ctx == NULL) exit(1);
557 for (i=0; i<num0+num1; i++)
561 BN_bntest_rand(&a,100,0,0);
562 BN_bntest_rand(&b,100,0,0);
565 BN_bntest_rand(&b,i-num1,0,0);
568 BN_mul(&c,&a,&b,ctx);
581 BN_div(&d,&e,&c,&a,ctx);
583 if(!BN_is_zero(&d) || !BN_is_zero(&e))
585 fprintf(stderr,"Multiplication test failed!\n");
598 int test_sqr(BIO *bp, BN_CTX *ctx)
608 for (i=0; i<num0; i++)
610 BN_bntest_rand(&a,40+i*10,0,0);
625 BN_div(&d,&e,&c,&a,ctx);
627 if(!BN_is_zero(&d) || !BN_is_zero(&e))
629 fprintf(stderr,"Square test failed!\n");
640 int test_mont(BIO *bp, BN_CTX *ctx)
655 mont=BN_MONT_CTX_new();
657 BN_bntest_rand(&a,100,0,0); /**/
658 BN_bntest_rand(&b,100,0,0); /**/
659 for (i=0; i<num2; i++)
661 int bits = (200*(i+1))/num2;
665 BN_bntest_rand(&n,bits,0,1);
666 BN_MONT_CTX_set(mont,&n,ctx);
668 BN_nnmod(&a,&a,&n,ctx);
669 BN_nnmod(&b,&b,&n,ctx);
671 BN_to_montgomery(&A,&a,mont,ctx);
672 BN_to_montgomery(&B,&b,mont,ctx);
674 BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
675 BN_from_montgomery(&A,&c,mont,ctx);/**/
681 fprintf(stderr,"%d * %d %% %d\n",
684 BN_num_bits(mont->N));
690 BN_print(bp,&(mont->N));
696 BN_mod_mul(&d,&a,&b,&n,ctx);
700 fprintf(stderr,"Montgomery multiplication test failed!\n");
704 BN_MONT_CTX_free(mont);
715 int test_mod(BIO *bp, BN_CTX *ctx)
717 BIGNUM *a,*b,*c,*d,*e;
726 BN_bntest_rand(a,1024,0,0); /**/
727 for (i=0; i<num0; i++)
729 BN_bntest_rand(b,450+i*10,0,0); /**/
732 BN_mod(c,a,b,ctx);/**/
749 fprintf(stderr,"Modulo test failed!\n");
761 int test_mod_mul(BIO *bp, BN_CTX *ctx)
763 BIGNUM *a,*b,*c,*d,*e;
772 for (j=0; j<3; j++) {
773 BN_bntest_rand(c,1024,0,0); /**/
774 for (i=0; i<num0; i++)
776 BN_bntest_rand(a,475+i*10,0,0); /**/
777 BN_bntest_rand(b,425+i*11,0,0); /**/
780 if (!BN_mod_mul(e,a,b,c,ctx))
784 while ((l=ERR_get_error()))
785 fprintf(stderr,"ERROR:%s\n",
786 ERR_error_string(l,NULL));
798 if ((a->neg ^ b->neg) && !BN_is_zero(e))
800 /* If (a*b) % c is negative, c must be added
801 * in order to obtain the normalized remainder
802 * (new with OpenSSL 0.9.7, previous versions of
803 * BN_mod_mul could generate negative results)
818 fprintf(stderr,"Modulo multiply test failed!\n");
819 ERR_print_errors_fp(stderr);
832 int test_mod_exp(BIO *bp, BN_CTX *ctx)
834 BIGNUM *a,*b,*c,*d,*e;
843 BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
844 for (i=0; i<num2; i++)
846 BN_bntest_rand(a,20+i*5,0,0); /**/
847 BN_bntest_rand(b,2+i,0,0); /**/
849 if (!BN_mod_exp(d,a,b,c,ctx))
871 fprintf(stderr,"Modulo exponentiation test failed!\n");
883 int test_exp(BIO *bp, BN_CTX *ctx)
885 BIGNUM *a,*b,*d,*e,*one;
895 for (i=0; i<num2; i++)
897 BN_bntest_rand(a,20+i*5,0,0); /**/
898 BN_bntest_rand(b,2+i,0,0); /**/
900 if (!BN_exp(d,a,b,ctx))
916 for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
921 fprintf(stderr,"Exponentiation test failed!\n");
933 int test_gf2m_add(BIO *bp)
942 for (i=0; i<num0; i++)
945 BN_copy(&b, BN_value_one());
948 BN_GF2m_add(&c,&a,&b);
949 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
963 /* Test that two added values have the correct parity. */
964 if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
966 fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
969 BN_GF2m_add(&c,&c,&c);
970 /* Test that c + c = 0. */
973 fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
985 int test_gf2m_mod(BIO *bp)
987 BIGNUM *a,*b[2],*c,*d,*e;
989 unsigned int p0[] = {163,7,6,3,0};
990 unsigned int p1[] = {193,15,0};
999 BN_GF2m_arr2poly(p0, b[0]);
1000 BN_GF2m_arr2poly(p1, b[1]);
1002 for (i=0; i<num0; i++)
1004 BN_bntest_rand(a, 1024, 0, 0);
1005 for (j=0; j < 2; j++)
1007 BN_GF2m_mod(c, a, b[j]);
1008 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1022 BN_GF2m_add(d, a, c);
1023 BN_GF2m_mod(e, d, b[j]);
1024 /* Test that a + (a mod p) mod p == 0. */
1027 fprintf(stderr,"GF(2^m) modulo test failed!\n");
1043 int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
1045 BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
1047 unsigned int p0[] = {163,7,6,3,0};
1048 unsigned int p1[] = {193,15,0};
1060 BN_GF2m_arr2poly(p0, b[0]);
1061 BN_GF2m_arr2poly(p1, b[1]);
1063 for (i=0; i<num0; i++)
1065 BN_bntest_rand(a, 1024, 0, 0);
1066 BN_bntest_rand(c, 1024, 0, 0);
1067 BN_bntest_rand(d, 1024, 0, 0);
1068 for (j=0; j < 2; j++)
1070 BN_GF2m_mod_mul(e, a, c, b[j], ctx);
1071 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1087 BN_GF2m_add(f, a, d);
1088 BN_GF2m_mod_mul(g, f, c, b[j], ctx);
1089 BN_GF2m_mod_mul(h, d, c, b[j], ctx);
1090 BN_GF2m_add(f, e, g);
1091 BN_GF2m_add(f, f, h);
1092 /* Test that (a+d)*c = a*c + d*c. */
1095 fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
1114 int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
1116 BIGNUM *a,*b[2],*c,*d;
1118 unsigned int p0[] = {163,7,6,3,0};
1119 unsigned int p1[] = {193,15,0};
1127 BN_GF2m_arr2poly(p0, b[0]);
1128 BN_GF2m_arr2poly(p1, b[1]);
1130 for (i=0; i<num0; i++)
1132 BN_bntest_rand(a, 1024, 0, 0);
1133 for (j=0; j < 2; j++)
1135 BN_GF2m_mod_sqr(c, a, b[j], ctx);
1137 BN_GF2m_mod_mul(d, a, d, b[j], ctx);
1138 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1144 BIO_puts(bp," ^ 2 % ");
1146 BIO_puts(bp, " = ");
1148 BIO_puts(bp,"; a * a = ");
1154 BN_GF2m_add(d, c, d);
1155 /* Test that a*a = a^2. */
1158 fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
1173 int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
1175 BIGNUM *a,*b[2],*c,*d;
1177 unsigned int p0[] = {163,7,6,3,0};
1178 unsigned int p1[] = {193,15,0};
1186 BN_GF2m_arr2poly(p0, b[0]);
1187 BN_GF2m_arr2poly(p1, b[1]);
1189 for (i=0; i<num0; i++)
1191 BN_bntest_rand(a, 512, 0, 0);
1192 for (j=0; j < 2; j++)
1194 BN_GF2m_mod_inv(c, a, b[j], ctx);
1195 BN_GF2m_mod_mul(d, a, c, b[j], ctx);
1196 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1202 BIO_puts(bp, " * ");
1204 BIO_puts(bp," - 1 % ");
1210 /* Test that ((1/a)*a) = 1. */
1213 fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
1228 int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
1230 BIGNUM *a,*b[2],*c,*d,*e,*f;
1232 unsigned int p0[] = {163,7,6,3,0};
1233 unsigned int p1[] = {193,15,0};
1243 BN_GF2m_arr2poly(p0, b[0]);
1244 BN_GF2m_arr2poly(p1, b[1]);
1246 for (i=0; i<num0; i++)
1248 BN_bntest_rand(a, 512, 0, 0);
1249 BN_bntest_rand(c, 512, 0, 0);
1250 for (j=0; j < 2; j++)
1252 BN_GF2m_mod_div(d, a, c, b[j], ctx);
1253 BN_GF2m_mod_mul(e, d, c, b[j], ctx);
1254 BN_GF2m_mod_div(f, a, e, b[j], ctx);
1255 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1261 BIO_puts(bp, " = ");
1265 BIO_puts(bp, " % ");
1271 /* Test that ((a/c)*c)/a = 1. */
1274 fprintf(stderr,"GF(2^m) modular division test failed!\n");
1291 int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
1293 BIGNUM *a,*b[2],*c,*d,*e,*f;
1295 unsigned int p0[] = {163,7,6,3,0};
1296 unsigned int p1[] = {193,15,0};
1306 BN_GF2m_arr2poly(p0, b[0]);
1307 BN_GF2m_arr2poly(p1, b[1]);
1309 for (i=0; i<num0; i++)
1311 BN_bntest_rand(a, 512, 0, 0);
1312 BN_bntest_rand(c, 512, 0, 0);
1313 BN_bntest_rand(d, 512, 0, 0);
1314 for (j=0; j < 2; j++)
1316 BN_GF2m_mod_exp(e, a, c, b[j], ctx);
1317 BN_GF2m_mod_exp(f, a, d, b[j], ctx);
1318 BN_GF2m_mod_mul(e, e, f, b[j], ctx);
1320 BN_GF2m_mod_exp(f, a, f, b[j], ctx);
1321 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1327 BIO_puts(bp, " ^ (");
1331 BIO_puts(bp, ") = ");
1333 BIO_puts(bp, "; - ");
1335 BIO_puts(bp, " % ");
1341 BN_GF2m_add(f, e, f);
1342 /* Test that a^(c+d)=a^c*a^d. */
1345 fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
1362 int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
1364 BIGNUM *a,*b[2],*c,*d,*e,*f;
1366 unsigned int p0[] = {163,7,6,3,0};
1367 unsigned int p1[] = {193,15,0};
1377 BN_GF2m_arr2poly(p0, b[0]);
1378 BN_GF2m_arr2poly(p1, b[1]);
1380 for (i=0; i<num0; i++)
1382 BN_bntest_rand(a, 512, 0, 0);
1383 for (j=0; j < 2; j++)
1385 BN_GF2m_mod(c, a, b[j]);
1386 BN_GF2m_mod_sqrt(d, a, b[j], ctx);
1387 BN_GF2m_mod_sqr(e, d, b[j], ctx);
1388 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1394 BIO_puts(bp, " ^ 2 - ");
1400 BN_GF2m_add(f, c, e);
1401 /* Test that d^2 = a, where d = sqrt(a). */
1404 fprintf(stderr,"GF(2^m) modular square root test failed!\n");
1421 int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
1423 BIGNUM *a,*b[2],*c,*d,*e;
1424 int i, j, s = 0, t, ret = 0;
1425 unsigned int p0[] = {163,7,6,3,0};
1426 unsigned int p1[] = {193,15,0};
1435 BN_GF2m_arr2poly(p0, b[0]);
1436 BN_GF2m_arr2poly(p1, b[1]);
1438 for (i=0; i<num0; i++)
1440 BN_bntest_rand(a, 512, 0, 0);
1441 for (j=0; j < 2; j++)
1443 t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1447 BN_GF2m_mod_sqr(d, c, b[j], ctx);
1448 BN_GF2m_add(d, c, d);
1449 BN_GF2m_mod(e, a, b[j]);
1450 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1456 BIO_puts(bp, " is root of z^2 + z = ");
1458 BIO_puts(bp, " % ");
1464 BN_GF2m_add(e, e, d);
1465 /* Test that solution of quadratic c satisfies c^2 + c = a. */
1468 fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
1475 #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1480 BIO_puts(bp, "There are no roots of z^2 + z = ");
1482 BIO_puts(bp, " % ");
1493 fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
1494 fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
1508 static void genprime_cb(int p, int n, void *arg)
1522 int test_kron(BIO *bp, BN_CTX *ctx)
1526 int legendre, kronecker;
1533 if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
1535 /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
1536 * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
1537 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
1538 * So we generate a random prime b and compare these values
1539 * for a number of random a's. (That is, we run the Solovay-Strassen
1540 * primality test to confirm that b is prime, except that we
1541 * don't want to test whether b is prime but whether BN_kronecker
1544 if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err;
1545 b->neg = rand_neg();
1548 for (i = 0; i < num0; i++)
1550 if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
1551 a->neg = rand_neg();
1553 /* t := (|b|-1)/2 (note that b is odd) */
1554 if (!BN_copy(t, b)) goto err;
1556 if (!BN_sub_word(t, 1)) goto err;
1557 if (!BN_rshift1(t, t)) goto err;
1558 /* r := a^t mod b */
1561 if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
1564 if (BN_is_word(r, 1))
1566 else if (BN_is_zero(r))
1570 if (!BN_add_word(r, 1)) goto err;
1571 if (0 != BN_ucmp(r, b))
1573 fprintf(stderr, "Legendre symbol computation failed\n");
1579 kronecker = BN_kronecker(a, b, ctx);
1580 if (kronecker < -1) goto err;
1581 /* we actually need BN_kronecker(a, |b|) */
1582 if (a->neg && b->neg)
1583 kronecker = -kronecker;
1585 if (legendre != kronecker)
1587 fprintf(stderr, "legendre != kronecker; a = ");
1588 BN_print_fp(stderr, a);
1589 fprintf(stderr, ", b = ");
1590 BN_print_fp(stderr, b);
1591 fprintf(stderr, "\n");
1603 if (a != NULL) BN_free(a);
1604 if (b != NULL) BN_free(b);
1605 if (r != NULL) BN_free(r);
1606 if (t != NULL) BN_free(t);
1610 int test_sqrt(BIO *bp, BN_CTX *ctx)
1619 if (a == NULL || p == NULL || r == NULL) goto err;
1621 for (i = 0; i < 16; i++)
1625 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
1627 if (!BN_set_word(p, primes[i])) goto err;
1631 if (!BN_set_word(a, 32)) goto err;
1632 if (!BN_set_word(r, 2*i + 1)) goto err;
1634 if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err;
1637 p->neg = rand_neg();
1639 for (j = 0; j < num2; j++)
1641 /* construct 'a' such that it is a square modulo p,
1642 * but in general not a proper square and not reduced modulo p */
1643 if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
1644 if (!BN_nnmod(r, r, p, ctx)) goto err;
1645 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1646 if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
1647 if (!BN_nnmod(a, a, p, ctx)) goto err;
1648 if (!BN_mod_sqr(a, a, p, ctx)) goto err;
1649 if (!BN_mul(a, a, r, ctx)) goto err;
1651 if (!BN_sub(a, a, p)) goto err;
1653 if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
1654 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1656 if (!BN_nnmod(a, a, p, ctx)) goto err;
1658 if (BN_cmp(a, r) != 0)
1660 fprintf(stderr, "BN_mod_sqrt failed: a = ");
1661 BN_print_fp(stderr, a);
1662 fprintf(stderr, ", r = ");
1663 BN_print_fp(stderr, r);
1664 fprintf(stderr, ", p = ");
1665 BN_print_fp(stderr, p);
1666 fprintf(stderr, "\n");
1679 if (a != NULL) BN_free(a);
1680 if (p != NULL) BN_free(p);
1681 if (r != NULL) BN_free(r);
1685 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
1700 BN_bntest_rand(a,200,0,0); /**/
1703 for (i=0; i<num0; i++)
1723 fprintf(stderr,"Left shift test failed!\n");
1724 fprintf(stderr,"a=");
1725 BN_print_fp(stderr,a);
1726 fprintf(stderr,"\nb=");
1727 BN_print_fp(stderr,b);
1728 fprintf(stderr,"\nc=");
1729 BN_print_fp(stderr,c);
1730 fprintf(stderr,"\nd=");
1731 BN_print_fp(stderr,d);
1732 fprintf(stderr,"\n");
1743 int test_lshift1(BIO *bp)
1752 BN_bntest_rand(a,200,0,0); /**/
1754 for (i=0; i<num0; i++)
1762 BIO_puts(bp," * 2");
1772 fprintf(stderr,"Left shift one test failed!\n");
1784 int test_rshift(BIO *bp,BN_CTX *ctx)
1786 BIGNUM *a,*b,*c,*d,*e;
1796 BN_bntest_rand(a,200,0,0); /**/
1798 for (i=0; i<num0; i++)
1814 BN_div(d,e,a,c,ctx);
1818 fprintf(stderr,"Right shift test failed!\n");
1830 int test_rshift1(BIO *bp)
1839 BN_bntest_rand(a,200,0,0); /**/
1841 for (i=0; i<num0; i++)
1849 BIO_puts(bp," / 2");
1857 if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
1859 fprintf(stderr,"Right shift one test failed!\n");
1872 static unsigned int neg=0;
1873 static int sign[8]={0,0,0,1,1,0,1,1};
1875 return(sign[(neg++)%8]);
projects / openssl.git / blob