1
/* crypto/bn/bntest.c */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5
* This package is an SSL implementation written
6
* by Eric Young (eay@cryptsoft.com).
7
* The implementation was written so as to conform with Netscapes SSL.
9
* This library is free for commercial and non-commercial use as long as
10
* the following conditions are aheared to. The following conditions
11
* apply to all code found in this distribution, be it the RC4, RSA,
12
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13
* included with this distribution is covered by the same copyright terms
14
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
16
* Copyright remains Eric Young's, and as such any Copyright notices in
17
* the code are not to be removed.
18
* If this package is used in a product, Eric Young should be given attribution
19
* as the author of the parts of the library used.
20
* This can be in the form of a textual message at program startup or
21
* in documentation (online or textual) provided with the package.
23
* Redistribution and use in source and binary forms, with or without
24
* modification, are permitted provided that the following conditions
26
* 1. Redistributions of source code must retain the copyright
27
* notice, this list of conditions and the following disclaimer.
28
* 2. Redistributions in binary form must reproduce the above copyright
29
* notice, this list of conditions and the following disclaimer in the
30
* documentation and/or other materials provided with the distribution.
31
* 3. All advertising materials mentioning features or use of this software
32
* must display the following acknowledgement:
33
* "This product includes cryptographic software written by
34
* Eric Young (eay@cryptsoft.com)"
35
* The word 'cryptographic' can be left out if the rouines from the library
36
* being used are not cryptographic related :-).
37
* 4. If you include any Windows specific code (or a derivative thereof) from
38
* the apps directory (application code) you must include an acknowledgement:
39
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53
* The licence and distribution terms for any publically available version or
54
* derivative of this code cannot be changed. i.e. this code cannot simply be
55
* copied and put under another distribution licence
56
* [including the GNU Public Licence.]
58
/* ====================================================================
59
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
61
* Portions of the attached software ("Contribution") are developed by
62
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
64
* The Contribution is licensed pursuant to the Eric Young open source
65
* license provided above.
67
* The binary polynomial arithmetic software is originally written by
68
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
72
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
73
* deprecated functions for openssl-internal code */
74
#ifdef OPENSSL_NO_DEPRECATED
75
#undef OPENSSL_NO_DEPRECATED
84
#include <openssl/bio.h>
85
#include <openssl/bn.h>
86
#include <openssl/rand.h>
87
#include <openssl/x509.h>
88
#include <openssl/err.h>
90
const int num0 = 100; /* number of tests */
91
const int num1 = 50; /* additional tests for some functions */
92
const int num2 = 5; /* number of tests for slow functions */
94
int test_add(BIO *bp);
95
int test_sub(BIO *bp);
96
int test_lshift1(BIO *bp);
97
int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
98
int test_rshift1(BIO *bp);
99
int test_rshift(BIO *bp,BN_CTX *ctx);
100
int test_div(BIO *bp,BN_CTX *ctx);
101
int test_div_word(BIO *bp);
102
int test_div_recp(BIO *bp,BN_CTX *ctx);
103
int test_mul(BIO *bp);
104
int test_sqr(BIO *bp,BN_CTX *ctx);
105
int test_mont(BIO *bp,BN_CTX *ctx);
106
int test_mod(BIO *bp,BN_CTX *ctx);
107
int test_mod_mul(BIO *bp,BN_CTX *ctx);
108
int test_mod_exp(BIO *bp,BN_CTX *ctx);
109
int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
110
int test_exp(BIO *bp,BN_CTX *ctx);
111
int test_gf2m_add(BIO *bp);
112
int test_gf2m_mod(BIO *bp);
113
int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
114
int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
115
int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
116
int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
117
int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
118
int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
119
int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
120
int test_kron(BIO *bp,BN_CTX *ctx);
121
int test_sqrt(BIO *bp,BN_CTX *ctx);
123
static int results=0;
125
static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
126
"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
128
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
130
static void message(BIO *out, char *m)
132
fprintf(stderr, "test %s\n", m);
133
BIO_puts(out, "print \"test ");
135
BIO_puts(out, "\\n\"\n");
138
int main(int argc, char *argv[])
146
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
152
if (strcmp(*argv,"-results") == 0)
154
else if (strcmp(*argv,"-out") == 0)
156
if (--argc < 1) break;
165
if (ctx == NULL) EXIT(1);
167
out=BIO_new(BIO_s_file());
168
if (out == NULL) EXIT(1);
171
BIO_set_fp(out,stdout,BIO_NOCLOSE);
175
if (!BIO_write_filename(out,outfile))
183
BIO_puts(out,"obase=16\nibase=16\n");
185
message(out,"BN_add");
186
if (!test_add(out)) goto err;
187
(void)BIO_flush(out);
189
message(out,"BN_sub");
190
if (!test_sub(out)) goto err;
191
(void)BIO_flush(out);
193
message(out,"BN_lshift1");
194
if (!test_lshift1(out)) goto err;
195
(void)BIO_flush(out);
197
message(out,"BN_lshift (fixed)");
198
if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
200
(void)BIO_flush(out);
202
message(out,"BN_lshift");
203
if (!test_lshift(out,ctx,NULL)) goto err;
204
(void)BIO_flush(out);
206
message(out,"BN_rshift1");
207
if (!test_rshift1(out)) goto err;
208
(void)BIO_flush(out);
210
message(out,"BN_rshift");
211
if (!test_rshift(out,ctx)) goto err;
212
(void)BIO_flush(out);
214
message(out,"BN_sqr");
215
if (!test_sqr(out,ctx)) goto err;
216
(void)BIO_flush(out);
218
message(out,"BN_mul");
219
if (!test_mul(out)) goto err;
220
(void)BIO_flush(out);
222
message(out,"BN_div");
223
if (!test_div(out,ctx)) goto err;
224
(void)BIO_flush(out);
226
message(out,"BN_div_word");
227
if (!test_div_word(out)) goto err;
228
(void)BIO_flush(out);
230
message(out,"BN_div_recp");
231
if (!test_div_recp(out,ctx)) goto err;
232
(void)BIO_flush(out);
234
message(out,"BN_mod");
235
if (!test_mod(out,ctx)) goto err;
236
(void)BIO_flush(out);
238
message(out,"BN_mod_mul");
239
if (!test_mod_mul(out,ctx)) goto err;
240
(void)BIO_flush(out);
242
message(out,"BN_mont");
243
if (!test_mont(out,ctx)) goto err;
244
(void)BIO_flush(out);
246
message(out,"BN_mod_exp");
247
if (!test_mod_exp(out,ctx)) goto err;
248
(void)BIO_flush(out);
250
message(out,"BN_mod_exp_mont_consttime");
251
if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
252
(void)BIO_flush(out);
254
message(out,"BN_exp");
255
if (!test_exp(out,ctx)) goto err;
256
(void)BIO_flush(out);
258
message(out,"BN_kronecker");
259
if (!test_kron(out,ctx)) goto err;
260
(void)BIO_flush(out);
262
message(out,"BN_mod_sqrt");
263
if (!test_sqrt(out,ctx)) goto err;
264
(void)BIO_flush(out);
265
#ifndef OPENSSL_NO_EC2M
266
message(out,"BN_GF2m_add");
267
if (!test_gf2m_add(out)) goto err;
268
(void)BIO_flush(out);
270
message(out,"BN_GF2m_mod");
271
if (!test_gf2m_mod(out)) goto err;
272
(void)BIO_flush(out);
274
message(out,"BN_GF2m_mod_mul");
275
if (!test_gf2m_mod_mul(out,ctx)) goto err;
276
(void)BIO_flush(out);
278
message(out,"BN_GF2m_mod_sqr");
279
if (!test_gf2m_mod_sqr(out,ctx)) goto err;
280
(void)BIO_flush(out);
282
message(out,"BN_GF2m_mod_inv");
283
if (!test_gf2m_mod_inv(out,ctx)) goto err;
284
(void)BIO_flush(out);
286
message(out,"BN_GF2m_mod_div");
287
if (!test_gf2m_mod_div(out,ctx)) goto err;
288
(void)BIO_flush(out);
290
message(out,"BN_GF2m_mod_exp");
291
if (!test_gf2m_mod_exp(out,ctx)) goto err;
292
(void)BIO_flush(out);
294
message(out,"BN_GF2m_mod_sqrt");
295
if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
296
(void)BIO_flush(out);
298
message(out,"BN_GF2m_mod_solve_quad");
299
if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
300
(void)BIO_flush(out);
308
BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
309
* the failure, see test_bn in test/Makefile.ssl*/
310
(void)BIO_flush(out);
311
ERR_load_crypto_strings();
312
ERR_print_errors_fp(stderr);
317
int test_add(BIO *bp)
326
BN_bntest_rand(&a,512,0,0);
327
for (i=0; i<num0; i++)
329
BN_bntest_rand(&b,450+i,0,0);
351
fprintf(stderr,"Add test failed!\n");
361
int test_sub(BIO *bp)
370
for (i=0; i<num0+num1; i++)
374
BN_bntest_rand(&a,512,0,0);
376
if (BN_set_bit(&a,i)==0) return(0);
381
BN_bntest_rand(&b,400+i-num1,0,0);
402
fprintf(stderr,"Subtract test failed!\n");
412
int test_div(BIO *bp, BN_CTX *ctx)
423
for (i=0; i<num0+num1; i++)
427
BN_bntest_rand(&a,400,0,0);
433
BN_bntest_rand(&b,50+3*(i-num1),0,0);
436
BN_div(&d,&c,&a,&b,ctx);
459
BN_mul(&e,&d,&b,ctx);
464
fprintf(stderr,"Division test failed!\n");
476
static void print_word(BIO *bp,BN_ULONG w)
478
#ifdef SIXTY_FOUR_BIT
479
if (sizeof(w) > sizeof(unsigned long))
481
unsigned long h=(unsigned long)(w>>32),
482
l=(unsigned long)(w);
484
if (h) BIO_printf(bp,"%lX%08lX",h,l);
485
else BIO_printf(bp,"%lX",l);
489
BIO_printf(bp,BN_HEX_FMT1,w);
492
int test_div_word(BIO *bp)
501
for (i=0; i<num0; i++)
504
BN_bntest_rand(&a,512,-1,0);
505
BN_bntest_rand(&b,BN_BITS2,-1,0);
510
r = BN_div_word(&b, s);
539
fprintf(stderr,"Division (word) test failed!\n");
548
int test_div_recp(BIO *bp, BN_CTX *ctx)
554
BN_RECP_CTX_init(&recp);
561
for (i=0; i<num0+num1; i++)
565
BN_bntest_rand(&a,400,0,0);
571
BN_bntest_rand(&b,50+3*(i-num1),0,0);
574
BN_RECP_CTX_set(&recp,&b,ctx);
575
BN_div_recp(&d,&c,&a,&recp,ctx);
598
BN_mul(&e,&d,&b,ctx);
603
fprintf(stderr,"Reciprocal division test failed!\n");
604
fprintf(stderr,"a=");
605
BN_print_fp(stderr,&a);
606
fprintf(stderr,"\nb=");
607
BN_print_fp(stderr,&b);
608
fprintf(stderr,"\n");
617
BN_RECP_CTX_free(&recp);
621
int test_mul(BIO *bp)
628
if (ctx == NULL) EXIT(1);
636
for (i=0; i<num0+num1; i++)
640
BN_bntest_rand(&a,100,0,0);
641
BN_bntest_rand(&b,100,0,0);
644
BN_bntest_rand(&b,i-num1,0,0);
647
BN_mul(&c,&a,&b,ctx);
660
BN_div(&d,&e,&c,&a,ctx);
662
if(!BN_is_zero(&d) || !BN_is_zero(&e))
664
fprintf(stderr,"Multiplication test failed!\n");
677
int test_sqr(BIO *bp, BN_CTX *ctx)
687
for (i=0; i<num0; i++)
689
BN_bntest_rand(&a,40+i*10,0,0);
704
BN_div(&d,&e,&c,&a,ctx);
706
if(!BN_is_zero(&d) || !BN_is_zero(&e))
708
fprintf(stderr,"Square test failed!\n");
719
int test_mont(BIO *bp, BN_CTX *ctx)
734
mont=BN_MONT_CTX_new();
738
BN_bntest_rand(&a,100,0,0); /**/
739
BN_bntest_rand(&b,100,0,0); /**/
740
for (i=0; i<num2; i++)
742
int bits = (200*(i+1))/num2;
746
BN_bntest_rand(&n,bits,0,1);
747
BN_MONT_CTX_set(mont,&n,ctx);
749
BN_nnmod(&a,&a,&n,ctx);
750
BN_nnmod(&b,&b,&n,ctx);
752
BN_to_montgomery(&A,&a,mont,ctx);
753
BN_to_montgomery(&B,&b,mont,ctx);
755
BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
756
BN_from_montgomery(&A,&c,mont,ctx);/**/
762
fprintf(stderr,"%d * %d %% %d\n",
765
BN_num_bits(mont->N));
771
BN_print(bp,&(mont->N));
777
BN_mod_mul(&d,&a,&b,&n,ctx);
781
fprintf(stderr,"Montgomery multiplication test failed!\n");
785
BN_MONT_CTX_free(mont);
796
int test_mod(BIO *bp, BN_CTX *ctx)
798
BIGNUM *a,*b,*c,*d,*e;
807
BN_bntest_rand(a,1024,0,0); /**/
808
for (i=0; i<num0; i++)
810
BN_bntest_rand(b,450+i*10,0,0); /**/
813
BN_mod(c,a,b,ctx);/**/
830
fprintf(stderr,"Modulo test failed!\n");
842
int test_mod_mul(BIO *bp, BN_CTX *ctx)
844
BIGNUM *a,*b,*c,*d,*e;
853
for (j=0; j<3; j++) {
854
BN_bntest_rand(c,1024,0,0); /**/
855
for (i=0; i<num0; i++)
857
BN_bntest_rand(a,475+i*10,0,0); /**/
858
BN_bntest_rand(b,425+i*11,0,0); /**/
861
if (!BN_mod_mul(e,a,b,c,ctx))
865
while ((l=ERR_get_error()))
866
fprintf(stderr,"ERROR:%s\n",
867
ERR_error_string(l,NULL));
879
if ((a->neg ^ b->neg) && !BN_is_zero(e))
881
/* If (a*b) % c is negative, c must be added
882
* in order to obtain the normalized remainder
883
* (new with OpenSSL 0.9.7, previous versions of
884
* BN_mod_mul could generate negative results)
899
fprintf(stderr,"Modulo multiply test failed!\n");
900
ERR_print_errors_fp(stderr);
913
int test_mod_exp(BIO *bp, BN_CTX *ctx)
915
BIGNUM *a,*b,*c,*d,*e;
924
BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
925
for (i=0; i<num2; i++)
927
BN_bntest_rand(a,20+i*5,0,0); /**/
928
BN_bntest_rand(b,2+i,0,0); /**/
930
if (!BN_mod_exp(d,a,b,c,ctx))
952
fprintf(stderr,"Modulo exponentiation test failed!\n");
964
int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
966
BIGNUM *a,*b,*c,*d,*e;
975
BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
976
for (i=0; i<num2; i++)
978
BN_bntest_rand(a,20+i*5,0,0); /**/
979
BN_bntest_rand(b,2+i,0,0); /**/
981
if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
1000
BN_div(a,b,e,c,ctx);
1003
fprintf(stderr,"Modulo exponentiation test failed!\n");
1015
int test_exp(BIO *bp, BN_CTX *ctx)
1017
BIGNUM *a,*b,*d,*e,*one;
1027
for (i=0; i<num2; i++)
1029
BN_bntest_rand(a,20+i*5,0,0); /**/
1030
BN_bntest_rand(b,2+i,0,0); /**/
1032
if (BN_exp(d,a,b,ctx) <= 0)
1048
for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
1053
fprintf(stderr,"Exponentiation test failed!\n");
1064
#ifndef OPENSSL_NO_EC2M
1065
int test_gf2m_add(BIO *bp)
1074
for (i=0; i<num0; i++)
1076
BN_rand(&a,512,0,0);
1077
BN_copy(&b, BN_value_one());
1080
BN_GF2m_add(&c,&a,&b);
1081
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1095
/* Test that two added values have the correct parity. */
1096
if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
1098
fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
1101
BN_GF2m_add(&c,&c,&c);
1102
/* Test that c + c = 0. */
1105
fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
1117
int test_gf2m_mod(BIO *bp)
1119
BIGNUM *a,*b[2],*c,*d,*e;
1121
int p0[] = {163,7,6,3,0,-1};
1122
int p1[] = {193,15,0,-1};
1131
BN_GF2m_arr2poly(p0, b[0]);
1132
BN_GF2m_arr2poly(p1, b[1]);
1134
for (i=0; i<num0; i++)
1136
BN_bntest_rand(a, 1024, 0, 0);
1137
for (j=0; j < 2; j++)
1139
BN_GF2m_mod(c, a, b[j]);
1140
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1154
BN_GF2m_add(d, a, c);
1155
BN_GF2m_mod(e, d, b[j]);
1156
/* Test that a + (a mod p) mod p == 0. */
1159
fprintf(stderr,"GF(2^m) modulo test failed!\n");
1175
int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
1177
BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
1179
int p0[] = {163,7,6,3,0,-1};
1180
int p1[] = {193,15,0,-1};
1192
BN_GF2m_arr2poly(p0, b[0]);
1193
BN_GF2m_arr2poly(p1, b[1]);
1195
for (i=0; i<num0; i++)
1197
BN_bntest_rand(a, 1024, 0, 0);
1198
BN_bntest_rand(c, 1024, 0, 0);
1199
BN_bntest_rand(d, 1024, 0, 0);
1200
for (j=0; j < 2; j++)
1202
BN_GF2m_mod_mul(e, a, c, b[j], ctx);
1203
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1219
BN_GF2m_add(f, a, d);
1220
BN_GF2m_mod_mul(g, f, c, b[j], ctx);
1221
BN_GF2m_mod_mul(h, d, c, b[j], ctx);
1222
BN_GF2m_add(f, e, g);
1223
BN_GF2m_add(f, f, h);
1224
/* Test that (a+d)*c = a*c + d*c. */
1227
fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
1246
int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
1248
BIGNUM *a,*b[2],*c,*d;
1250
int p0[] = {163,7,6,3,0,-1};
1251
int p1[] = {193,15,0,-1};
1259
BN_GF2m_arr2poly(p0, b[0]);
1260
BN_GF2m_arr2poly(p1, b[1]);
1262
for (i=0; i<num0; i++)
1264
BN_bntest_rand(a, 1024, 0, 0);
1265
for (j=0; j < 2; j++)
1267
BN_GF2m_mod_sqr(c, a, b[j], ctx);
1269
BN_GF2m_mod_mul(d, a, d, b[j], ctx);
1270
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1276
BIO_puts(bp," ^ 2 % ");
1278
BIO_puts(bp, " = ");
1280
BIO_puts(bp,"; a * a = ");
1286
BN_GF2m_add(d, c, d);
1287
/* Test that a*a = a^2. */
1290
fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
1305
int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
1307
BIGNUM *a,*b[2],*c,*d;
1309
int p0[] = {163,7,6,3,0,-1};
1310
int p1[] = {193,15,0,-1};
1318
BN_GF2m_arr2poly(p0, b[0]);
1319
BN_GF2m_arr2poly(p1, b[1]);
1321
for (i=0; i<num0; i++)
1323
BN_bntest_rand(a, 512, 0, 0);
1324
for (j=0; j < 2; j++)
1326
BN_GF2m_mod_inv(c, a, b[j], ctx);
1327
BN_GF2m_mod_mul(d, a, c, b[j], ctx);
1328
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1334
BIO_puts(bp, " * ");
1336
BIO_puts(bp," - 1 % ");
1342
/* Test that ((1/a)*a) = 1. */
1345
fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
1360
int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
1362
BIGNUM *a,*b[2],*c,*d,*e,*f;
1364
int p0[] = {163,7,6,3,0,-1};
1365
int p1[] = {193,15,0,-1};
1375
BN_GF2m_arr2poly(p0, b[0]);
1376
BN_GF2m_arr2poly(p1, b[1]);
1378
for (i=0; i<num0; i++)
1380
BN_bntest_rand(a, 512, 0, 0);
1381
BN_bntest_rand(c, 512, 0, 0);
1382
for (j=0; j < 2; j++)
1384
BN_GF2m_mod_div(d, a, c, b[j], ctx);
1385
BN_GF2m_mod_mul(e, d, c, b[j], ctx);
1386
BN_GF2m_mod_div(f, a, e, b[j], ctx);
1387
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1393
BIO_puts(bp, " = ");
1397
BIO_puts(bp, " % ");
1403
/* Test that ((a/c)*c)/a = 1. */
1406
fprintf(stderr,"GF(2^m) modular division test failed!\n");
1423
int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
1425
BIGNUM *a,*b[2],*c,*d,*e,*f;
1427
int p0[] = {163,7,6,3,0,-1};
1428
int p1[] = {193,15,0,-1};
1438
BN_GF2m_arr2poly(p0, b[0]);
1439
BN_GF2m_arr2poly(p1, b[1]);
1441
for (i=0; i<num0; i++)
1443
BN_bntest_rand(a, 512, 0, 0);
1444
BN_bntest_rand(c, 512, 0, 0);
1445
BN_bntest_rand(d, 512, 0, 0);
1446
for (j=0; j < 2; j++)
1448
BN_GF2m_mod_exp(e, a, c, b[j], ctx);
1449
BN_GF2m_mod_exp(f, a, d, b[j], ctx);
1450
BN_GF2m_mod_mul(e, e, f, b[j], ctx);
1452
BN_GF2m_mod_exp(f, a, f, b[j], ctx);
1453
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1459
BIO_puts(bp, " ^ (");
1463
BIO_puts(bp, ") = ");
1465
BIO_puts(bp, "; - ");
1467
BIO_puts(bp, " % ");
1473
BN_GF2m_add(f, e, f);
1474
/* Test that a^(c+d)=a^c*a^d. */
1477
fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
1494
int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
1496
BIGNUM *a,*b[2],*c,*d,*e,*f;
1498
int p0[] = {163,7,6,3,0,-1};
1499
int p1[] = {193,15,0,-1};
1509
BN_GF2m_arr2poly(p0, b[0]);
1510
BN_GF2m_arr2poly(p1, b[1]);
1512
for (i=0; i<num0; i++)
1514
BN_bntest_rand(a, 512, 0, 0);
1515
for (j=0; j < 2; j++)
1517
BN_GF2m_mod(c, a, b[j]);
1518
BN_GF2m_mod_sqrt(d, a, b[j], ctx);
1519
BN_GF2m_mod_sqr(e, d, b[j], ctx);
1520
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1526
BIO_puts(bp, " ^ 2 - ");
1532
BN_GF2m_add(f, c, e);
1533
/* Test that d^2 = a, where d = sqrt(a). */
1536
fprintf(stderr,"GF(2^m) modular square root test failed!\n");
1553
int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
1555
BIGNUM *a,*b[2],*c,*d,*e;
1556
int i, j, s = 0, t, ret = 0;
1557
int p0[] = {163,7,6,3,0,-1};
1558
int p1[] = {193,15,0,-1};
1567
BN_GF2m_arr2poly(p0, b[0]);
1568
BN_GF2m_arr2poly(p1, b[1]);
1570
for (i=0; i<num0; i++)
1572
BN_bntest_rand(a, 512, 0, 0);
1573
for (j=0; j < 2; j++)
1575
t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
1579
BN_GF2m_mod_sqr(d, c, b[j], ctx);
1580
BN_GF2m_add(d, c, d);
1581
BN_GF2m_mod(e, a, b[j]);
1582
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1588
BIO_puts(bp, " is root of z^2 + z = ");
1590
BIO_puts(bp, " % ");
1596
BN_GF2m_add(e, e, d);
1597
/* Test that solution of quadratic c satisfies c^2 + c = a. */
1600
fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
1607
#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
1612
BIO_puts(bp, "There are no roots of z^2 + z = ");
1614
BIO_puts(bp, " % ");
1625
fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
1626
fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
1640
static int genprime_cb(int p, int n, BN_GENCB *arg)
1653
int test_kron(BIO *bp, BN_CTX *ctx)
1658
int legendre, kronecker;
1665
if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
1667
BN_GENCB_set(&cb, genprime_cb, NULL);
1669
/* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
1670
* In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
1671
* is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
1672
* So we generate a random prime b and compare these values
1673
* for a number of random a's. (That is, we run the Solovay-Strassen
1674
* primality test to confirm that b is prime, except that we
1675
* don't want to test whether b is prime but whether BN_kronecker
1678
if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
1679
b->neg = rand_neg();
1682
for (i = 0; i < num0; i++)
1684
if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
1685
a->neg = rand_neg();
1687
/* t := (|b|-1)/2 (note that b is odd) */
1688
if (!BN_copy(t, b)) goto err;
1690
if (!BN_sub_word(t, 1)) goto err;
1691
if (!BN_rshift1(t, t)) goto err;
1692
/* r := a^t mod b */
1695
if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
1698
if (BN_is_word(r, 1))
1700
else if (BN_is_zero(r))
1704
if (!BN_add_word(r, 1)) goto err;
1705
if (0 != BN_ucmp(r, b))
1707
fprintf(stderr, "Legendre symbol computation failed\n");
1713
kronecker = BN_kronecker(a, b, ctx);
1714
if (kronecker < -1) goto err;
1715
/* we actually need BN_kronecker(a, |b|) */
1716
if (a->neg && b->neg)
1717
kronecker = -kronecker;
1719
if (legendre != kronecker)
1721
fprintf(stderr, "legendre != kronecker; a = ");
1722
BN_print_fp(stderr, a);
1723
fprintf(stderr, ", b = ");
1724
BN_print_fp(stderr, b);
1725
fprintf(stderr, "\n");
1737
if (a != NULL) BN_free(a);
1738
if (b != NULL) BN_free(b);
1739
if (r != NULL) BN_free(r);
1740
if (t != NULL) BN_free(t);
1744
int test_sqrt(BIO *bp, BN_CTX *ctx)
1754
if (a == NULL || p == NULL || r == NULL) goto err;
1756
BN_GENCB_set(&cb, genprime_cb, NULL);
1758
for (i = 0; i < 16; i++)
1762
unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
1764
if (!BN_set_word(p, primes[i])) goto err;
1768
if (!BN_set_word(a, 32)) goto err;
1769
if (!BN_set_word(r, 2*i + 1)) goto err;
1771
if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
1774
p->neg = rand_neg();
1776
for (j = 0; j < num2; j++)
1778
/* construct 'a' such that it is a square modulo p,
1779
* but in general not a proper square and not reduced modulo p */
1780
if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
1781
if (!BN_nnmod(r, r, p, ctx)) goto err;
1782
if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1783
if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
1784
if (!BN_nnmod(a, a, p, ctx)) goto err;
1785
if (!BN_mod_sqr(a, a, p, ctx)) goto err;
1786
if (!BN_mul(a, a, r, ctx)) goto err;
1788
if (!BN_sub(a, a, p)) goto err;
1790
if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
1791
if (!BN_mod_sqr(r, r, p, ctx)) goto err;
1793
if (!BN_nnmod(a, a, p, ctx)) goto err;
1795
if (BN_cmp(a, r) != 0)
1797
fprintf(stderr, "BN_mod_sqrt failed: a = ");
1798
BN_print_fp(stderr, a);
1799
fprintf(stderr, ", r = ");
1800
BN_print_fp(stderr, r);
1801
fprintf(stderr, ", p = ");
1802
BN_print_fp(stderr, p);
1803
fprintf(stderr, "\n");
1816
if (a != NULL) BN_free(a);
1817
if (p != NULL) BN_free(p);
1818
if (r != NULL) BN_free(r);
1822
int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
1837
BN_bntest_rand(a,200,0,0); /**/
1840
for (i=0; i<num0; i++)
1860
fprintf(stderr,"Left shift test failed!\n");
1861
fprintf(stderr,"a=");
1862
BN_print_fp(stderr,a);
1863
fprintf(stderr,"\nb=");
1864
BN_print_fp(stderr,b);
1865
fprintf(stderr,"\nc=");
1866
BN_print_fp(stderr,c);
1867
fprintf(stderr,"\nd=");
1868
BN_print_fp(stderr,d);
1869
fprintf(stderr,"\n");
1880
int test_lshift1(BIO *bp)
1889
BN_bntest_rand(a,200,0,0); /**/
1891
for (i=0; i<num0; i++)
1899
BIO_puts(bp," * 2");
1909
fprintf(stderr,"Left shift one test failed!\n");
1921
int test_rshift(BIO *bp,BN_CTX *ctx)
1923
BIGNUM *a,*b,*c,*d,*e;
1933
BN_bntest_rand(a,200,0,0); /**/
1935
for (i=0; i<num0; i++)
1951
BN_div(d,e,a,c,ctx);
1955
fprintf(stderr,"Right shift test failed!\n");
1967
int test_rshift1(BIO *bp)
1976
BN_bntest_rand(a,200,0,0); /**/
1978
for (i=0; i<num0; i++)
1986
BIO_puts(bp," / 2");
1994
if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
1996
fprintf(stderr,"Right shift one test failed!\n");
2009
static unsigned int neg=0;
2010
static int sign[8]={0,0,0,1,1,0,1,1};
2012
return(sign[(neg++)%8]);