1 /* crypto/bn/bntest.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
63 #include "openssl/e_os.h"
65 #include <openssl/bio.h>
66 #include <openssl/bn.h>
67 #include <openssl/rand.h>
68 #include <openssl/x509.h>
69 #include <openssl/err.h>
72 #include "../bio/bss_file.c"
75 const int num0 = 100; /* number of tests */
76 const int num1 = 50; /* additional tests for some functions */
77 const int num2 = 5; /* number of tests for slow functions */
79 int test_add(BIO *bp);
80 int test_sub(BIO *bp);
81 int test_lshift1(BIO *bp);
82 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
83 int test_rshift1(BIO *bp);
84 int test_rshift(BIO *bp,BN_CTX *ctx);
85 int test_div(BIO *bp,BN_CTX *ctx);
86 int test_div_recp(BIO *bp,BN_CTX *ctx);
87 int test_mul(BIO *bp);
88 int test_sqr(BIO *bp,BN_CTX *ctx);
89 int test_mont(BIO *bp,BN_CTX *ctx);
90 int test_mod(BIO *bp,BN_CTX *ctx);
91 int test_mod_mul(BIO *bp,BN_CTX *ctx);
92 int test_mod_exp(BIO *bp,BN_CTX *ctx);
93 int test_exp(BIO *bp,BN_CTX *ctx);
94 int test_kron(BIO *bp,BN_CTX *ctx);
95 int test_sqrt(BIO *bp,BN_CTX *ctx);
101 #include "bss_file.c"
104 static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
105 "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
107 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
109 static void message(BIO *out, char *m)
111 fprintf(stderr, "test %s\n", m);
112 #if defined(linux) || defined(__FreeBSD__) /* can we use GNU bc features? */
113 BIO_puts(out, "print \"test ");
115 BIO_puts(out, "\\n\"\n");
119 int main(int argc, char *argv[])
127 RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
128 * even check its return value
129 * (which we should) */
135 if (strcmp(*argv,"-results") == 0)
137 else if (strcmp(*argv,"-out") == 0)
139 if (--argc < 1) break;
148 if (ctx == NULL) exit(1);
150 out=BIO_new(BIO_s_file());
151 if (out == NULL) exit(1);
154 BIO_set_fp(out,stdout,BIO_NOCLOSE);
158 if (!BIO_write_filename(out,outfile))
166 BIO_puts(out,"obase=16\nibase=16\n");
169 message(out,"BN_add");
170 if (!test_add(out)) goto err;
173 message(out,"BN_sub");
174 if (!test_sub(out)) goto err;
177 message(out,"BN_lshift1");
178 if (!test_lshift1(out)) goto err;
181 message(out,"BN_lshift (fixed)");
182 if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
186 message(out,"BN_lshift");
187 if (!test_lshift(out,ctx,NULL)) goto err;
190 message(out,"BN_rshift1");
191 if (!test_rshift1(out)) goto err;
194 message(out,"BN_rshift");
195 if (!test_rshift(out,ctx)) goto err;
198 message(out,"BN_sqr");
199 if (!test_sqr(out,ctx)) goto err;
202 message(out,"BN_mul");
203 if (!test_mul(out)) goto err;
206 message(out,"BN_div");
207 if (!test_div(out,ctx)) goto err;
210 message(out,"BN_div_recp");
211 if (!test_div_recp(out,ctx)) goto err;
214 message(out,"BN_mod");
215 if (!test_mod(out,ctx)) goto err;
218 message(out,"BN_mod_mul");
219 if (!test_mod_mul(out,ctx)) goto err;
222 message(out,"BN_mont");
223 if (!test_mont(out,ctx)) goto err;
226 message(out,"BN_mod_exp");
227 if (!test_mod_exp(out,ctx)) goto err;
230 message(out,"BN_exp");
231 if (!test_exp(out,ctx)) goto err;
235 message(out,"BN_kronecker");
236 if (!test_kron(out,ctx)) goto err;
239 message(out,"BN_mod_sqrt");
240 if (!test_sqrt(out,ctx)) goto err;
249 BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
250 * the failure, see test_bn in test/Makefile.ssl*/
252 ERR_load_crypto_strings();
253 ERR_print_errors_fp(stderr);
258 int test_add(BIO *bp)
269 for (i=0; i<num0; i++)
271 BN_rand(&b,450+i,0,0);
275 for (j=0; j<10000; j++)
296 fprintf(stderr,"Add test failed!\n");
306 int test_sub(BIO *bp)
316 for (i=0; i<num0+num1; i++)
322 if (BN_set_bit(&a,i)==0) return(0);
327 BN_rand(&b,400+i-num1,0,0);
332 for (j=0; j<10000; j++)
351 fprintf(stderr,"Subtract test failed!\n");
361 int test_div(BIO *bp, BN_CTX *ctx)
373 for (i=0; i<num0+num1; i++)
383 BN_rand(&b,50+3*(i-num1),0,0);
387 for (j=0; j<100; j++)
388 BN_div(&d,&c,&a,&b,ctx);
389 BN_div(&d,&c,&a,&b,ctx);
412 BN_mul(&e,&d,&b,ctx);
417 fprintf(stderr,"Division test failed!\n");
429 int test_div_recp(BIO *bp, BN_CTX *ctx)
436 BN_RECP_CTX_init(&recp);
443 for (i=0; i<num0+num1; i++)
453 BN_rand(&b,50+3*(i-num1),0,0);
456 BN_RECP_CTX_set(&recp,&b,ctx);
458 for (j=0; j<100; j++)
459 BN_div_recp(&d,&c,&a,&recp,ctx);
460 BN_div_recp(&d,&c,&a,&recp,ctx);
483 BN_mul(&e,&d,&b,ctx);
488 fprintf(stderr,"Reciprocal division test failed!\n");
489 fprintf(stderr,"a=");
490 BN_print_fp(stderr,&a);
491 fprintf(stderr,"\nb=");
492 BN_print_fp(stderr,&b);
493 fprintf(stderr,"\n");
502 BN_RECP_CTX_free(&recp);
506 int test_mul(BIO *bp)
520 for (i=0; i<num0+num1; i++)
528 BN_rand(&b,i-num1,0,0);
532 for (j=0; j<100; j++)
533 BN_mul(&c,&a,&b,&ctx);
534 BN_mul(&c,&a,&b,&ctx);
547 BN_div(&d,&e,&c,&a,&ctx);
549 if(!BN_is_zero(&d) || !BN_is_zero(&e))
551 fprintf(stderr,"Multiplication test failed!\n");
564 int test_sqr(BIO *bp, BN_CTX *ctx)
575 for (i=0; i<num0; i++)
577 BN_rand(&a,40+i*10,0,0);
580 for (j=0; j<100; j++)
595 BN_div(&d,&e,&c,&a,ctx);
597 if(!BN_is_zero(&d) || !BN_is_zero(&e))
599 fprintf(stderr,"Square test failed!\n");
610 int test_mont(BIO *bp, BN_CTX *ctx)
626 mont=BN_MONT_CTX_new();
628 BN_rand(&a,100,0,0); /**/
629 BN_rand(&b,100,0,0); /**/
630 for (i=0; i<num2; i++)
632 int bits = (200*(i+1))/num2;
636 BN_rand(&n,bits,0,1);
637 BN_MONT_CTX_set(mont,&n,ctx);
639 BN_nnmod(&a,&a,&n,ctx);
640 BN_nnmod(&b,&b,&n,ctx);
642 BN_to_montgomery(&A,&a,mont,ctx);
643 BN_to_montgomery(&B,&b,mont,ctx);
646 for (j=0; j<100; j++)
647 BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
648 BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
649 BN_from_montgomery(&A,&c,mont,ctx);/**/
655 fprintf(stderr,"%d * %d %% %d\n",
658 BN_num_bits(mont->N));
664 BN_print(bp,&(mont->N));
670 BN_mod_mul(&d,&a,&b,&n,ctx);
674 fprintf(stderr,"Montgomery multiplication test failed!\n");
678 BN_MONT_CTX_free(mont);
689 int test_mod(BIO *bp, BN_CTX *ctx)
691 BIGNUM *a,*b,*c,*d,*e;
701 BN_rand(a,1024,0,0); /**/
702 for (i=0; i<num0; i++)
704 BN_rand(b,450+i*10,0,0); /**/
708 for (j=0; j<100; j++)
709 BN_mod(c,a,b,ctx);/**/
710 BN_mod(c,a,b,ctx);/**/
727 fprintf(stderr,"Modulo test failed!\n");
739 int test_mod_mul(BIO *bp, BN_CTX *ctx)
741 BIGNUM *a,*b,*c,*d,*e;
750 BN_rand(c,1024,0,0); /**/
751 for (i=0; i<num0; i++)
753 BN_rand(a,475+i*10,0,0); /**/
754 BN_rand(b,425+i*11,0,0); /**/
758 for (j=0; j<100; j++)
759 BN_mod_mul(d,a,b,c,ctx);*/ /**/
761 if (!BN_mod_mul(e,a,b,c,ctx))
765 while ((l=ERR_get_error()))
766 fprintf(stderr,"ERROR:%s\n",
767 ERR_error_string(l,NULL));
779 if ((a->neg ^ b->neg) && !BN_is_zero(e))
781 /* If (a*b) % c is negative, c must be added
782 * in order to obtain the normalized remainder
783 * (new with OpenSSL 0.9.7, previous versions of
784 * BN_mod_mul could generate negative results)
799 fprintf(stderr,"Modulo multiply test failed!\n");
800 ERR_print_errors_fp(stderr);
812 int test_mod_exp(BIO *bp, BN_CTX *ctx)
814 BIGNUM *a,*b,*c,*d,*e;
823 BN_rand(c,30,0,1); /* must be odd for montgomery */
824 for (i=0; i<num2; i++)
826 BN_rand(a,20+i*5,0,0); /**/
827 BN_rand(b,2+i,0,0); /**/
829 if (!BN_mod_exp(d,a,b,c,ctx))
851 fprintf(stderr,"Modulo exponentiation test failed!\n");
863 int test_exp(BIO *bp, BN_CTX *ctx)
865 BIGNUM *a,*b,*d,*e,*one;
875 for (i=0; i<num2; i++)
877 BN_rand(a,20+i*5,0,0); /**/
878 BN_rand(b,2+i,0,0); /**/
880 if (!BN_exp(d,a,b,ctx))
896 for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
901 fprintf(stderr,"Exponentiation test failed!\n");
913 static void genprime_cb(int p, int n, void *arg)
927 int test_kron(BIO *bp, BN_CTX *ctx)
931 int legendre, kronecker;
938 if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
940 /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
941 * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
942 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
943 * So we generate a random prime b and compare these values
944 * for a number of random a's. (That is, we run the Solovay-Strassen
945 * primality test to confirm that b is prime, except that we
946 * don't want to test whether b is prime but whether BN_kronecker
950 if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err;
952 if (!BN_set_word(b,65537)) goto err;
956 for (i = 0; i < num0; i++)
959 if (!BN_rand(a, 512, 0, 0)) goto err;
962 if (!BN_bin2bn("\x01\xff\xff\xff\xff", 5, a)) goto err;
965 /* t := (b-1)/2 (note that b is odd) */
966 if (!BN_copy(t, b)) goto err;
967 if (!BN_sub_word(t, 1)) goto err;
968 if (!BN_rshift1(t, t)) goto err;
971 if (!BN_mod_exp(r, a, t, b, ctx)) goto err;
973 if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
975 if (!BN_mod_exp_simple(r, a, t, b, ctx)) goto err;
978 if (BN_is_word(r, 1))
980 else if (BN_is_zero(r))
984 if (!BN_add_word(r, 1)) goto err;
985 if (0 != BN_cmp(r, b))
987 fprintf(stderr, "Legendre symbol computation failed\n");
993 kronecker = BN_kronecker(a, b, ctx);
994 if (kronecker < -1) goto err;
996 if (legendre != kronecker)
998 fprintf(stderr, "legendre != kronecker; a = ");
999 BN_print_fp(stderr, a);
1000 fprintf(stderr, ", a = ");
1001 BN_print_fp(stderr, b);
1002 fprintf(stderr, "\n");
1014 if (a != NULL) BN_free(a);
1015 if (b != NULL) BN_free(b);
1016 if (r != NULL) BN_free(r);
1017 if (t != NULL) BN_free(t);
1021 int test_sqrt(BIO *bp, BN_CTX *ctx)
1030 if (a == NULL || p == NULL || r == NULL) goto err;
1032 for (i = 0; i < 16; i++)
1036 unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
1038 if (!BN_set_word(p, primes[i])) goto err;
1042 if (!BN_set_word(a, 32)) goto err;
1043 if (!BN_set_word(r, 2*i + 1)) goto err;
1045 if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err;
1049 for (j = 0; j < num2; j++)
1051 /* construct 'a' such that it is a square modulo p,
1052 * but in general not a proper square and not reduced modulo p */
1053 if (!BN_rand(r, 256, 0, 3)) goto err;
1054 if (!BN_nnmod(r, r, p, ctx)) goto err;
1055 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1056 if (!BN_rand(a, 256, 0, 3)) goto err;
1057 if (!BN_nnmod(a, a, p, ctx)) goto err;
1058 if (!BN_mod_sqr(a, a, p, ctx)) goto err;
1059 if (!BN_mul(a, a, r, ctx)) goto err;
1061 if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
1062 if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1064 if (!BN_nnmod(a, a, p, ctx)) goto err;
1066 if (BN_cmp(a, r) != 0)
1068 fprintf(stderr, "BN_mod_sqrt failed: a = ");
1069 BN_print_fp(stderr, a);
1070 fprintf(stderr, ", r = ");
1071 BN_print_fp(stderr, r);
1072 fprintf(stderr, ", p = ");
1073 BN_print_fp(stderr, p);
1074 fprintf(stderr, "\n");
1087 if (a != NULL) BN_free(a);
1088 if (p != NULL) BN_free(p);
1089 if (r != NULL) BN_free(r);
1093 int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
1108 BN_rand(a,200,0,0); /**/
1111 for (i=0; i<num0; i++)
1131 fprintf(stderr,"Left shift test failed!\n");
1132 fprintf(stderr,"a=");
1133 BN_print_fp(stderr,a);
1134 fprintf(stderr,"\nb=");
1135 BN_print_fp(stderr,b);
1136 fprintf(stderr,"\nc=");
1137 BN_print_fp(stderr,c);
1138 fprintf(stderr,"\nd=");
1139 BN_print_fp(stderr,d);
1140 fprintf(stderr,"\n");
1151 int test_lshift1(BIO *bp)
1160 BN_rand(a,200,0,0); /**/
1162 for (i=0; i<num0; i++)
1170 BIO_puts(bp," * 2");
1180 fprintf(stderr,"Left shift one test failed!\n");
1192 int test_rshift(BIO *bp,BN_CTX *ctx)
1194 BIGNUM *a,*b,*c,*d,*e;
1204 BN_rand(a,200,0,0); /**/
1206 for (i=0; i<num0; i++)
1222 BN_div(d,e,a,c,ctx);
1226 fprintf(stderr,"Right shift test failed!\n");
1238 int test_rshift1(BIO *bp)
1247 BN_rand(a,200,0,0); /**/
1249 for (i=0; i<num0; i++)
1257 BIO_puts(bp," / 2");
1265 if(!BN_is_zero(c) && !BN_is_one(c))
1267 fprintf(stderr,"Right shift one test failed!\n");
1280 static unsigned int neg=0;
1281 static int sign[8]={0,0,0,1,1,0,1,1};
1283 return(sign[(neg++)%8]);
projects / openssl.git / blob