/*
* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
*/
static int test_exp_mod_zero()
{
BIGNUM *a = NULL, *p = NULL, *m = NULL;
BIGNUM *r = NULL;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
int ret = 1, failed = 0;
m = BN_new();
if (!m)
goto err;
BN_one(m);
a = BN_new();
if (!a)
goto err;
BN_one(a);
p = BN_new();
if (!p)
goto err;
BN_zero(p);
r = BN_new();
if (!r)
goto err;
if (!BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
goto err;
if (!BN_mod_exp(r, a, p, m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp", r, a))
failed = 1;
if (!BN_mod_exp_recp(r, a, p, m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_recp", r, a))
failed = 1;
if (!BN_mod_exp_simple(r, a, p, m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_simple", r, a))
failed = 1;
if (!BN_mod_exp_mont(r, a, p, m, ctx, NULL))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_mont", r, a))
failed = 1;
if (!BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)) {
goto err;
}
if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))
failed = 1;
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
*/
if (!BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL))
goto err;
if (!BN_is_zero(r)) {
fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
fprintf(stderr, "r = ");
BN_print_fp(stderr, r);
fprintf(stderr, "\n");
return 0;
}
ret = failed;
err:
BN_free(r);
BN_free(a);
BN_free(p);
BN_free(m);
BN_CTX_free(ctx);
return ret;
}
int main(int argc, char *argv[])
{
BN_CTX *ctx;
BIO *out = NULL;
int i, ret;
unsigned char c;
BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we
* don't even check its return
* value (which we should) */
ERR_load_BN_strings();
ctx = BN_CTX_new();
if (ctx == NULL)
EXIT(1);
r_mont = BN_new();
r_mont_const = BN_new();
r_recp = BN_new();
r_simple = BN_new();
a = BN_new();
b = BN_new();
m = BN_new();
if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
goto err;
out = BIO_new(BIO_s_file());
if (out == NULL)
EXIT(1);
BIO_set_fp(out, stdout, BIO_NOCLOSE);
for (i = 0; i < 200; i++) {
RAND_bytes(&c, 1);
c = (c % BN_BITS) - BN_BITS2;
BN_rand(a, NUM_BITS + c, 0, 0);
RAND_bytes(&c, 1);
c = (c % BN_BITS) - BN_BITS2;
BN_rand(b, NUM_BITS + c, 0, 0);
RAND_bytes(&c, 1);
c = (c % BN_BITS) - BN_BITS2;
BN_rand(m, NUM_BITS + c, 0, 1);
BN_mod(a, a, m, ctx);
BN_mod(b, b, m, ctx);
ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
if (ret <= 0) {
printf("BN_mod_exp_mont() problems\n");
ERR_print_errors(out);
EXIT(1);
}
ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
if (ret <= 0) {
printf("BN_mod_exp_recp() problems\n");
ERR_print_errors(out);
EXIT(1);
}
ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
if (ret <= 0) {
printf("BN_mod_exp_simple() problems\n");
ERR_print_errors(out);
EXIT(1);
}
ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
if (ret <= 0) {
printf("BN_mod_exp_mont_consttime() problems\n");
ERR_print_errors(out);
EXIT(1);
}
if (BN_cmp(r_simple, r_mont) == 0
&& BN_cmp(r_simple, r_recp) == 0
&& BN_cmp(r_simple, r_mont_const) == 0) {
printf(".");
fflush(stdout);
} else {
if (BN_cmp(r_simple, r_mont) != 0)
printf("\nsimple and mont results differ\n");
if (BN_cmp(r_simple, r_mont_const) != 0)
printf("\nsimple and mont const time results differ\n");
if (BN_cmp(r_simple, r_recp) != 0)
printf("\nsimple and recp results differ\n");
printf("a (%3d) = ", BN_num_bits(a));
BN_print(out, a);
printf("\nb (%3d) = ", BN_num_bits(b));
BN_print(out, b);
printf("\nm (%3d) = ", BN_num_bits(m));
BN_print(out, m);
printf("\nsimple =");
BN_print(out, r_simple);
printf("\nrecp =");
BN_print(out, r_recp);
printf("\nmont =");
BN_print(out, r_mont);
printf("\nmont_ct =");
BN_print(out, r_mont_const);
printf("\n");
EXIT(1);
}
}
BN_free(r_mont);
BN_free(r_mont_const);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
BN_free(b);
BN_free(m);
BN_CTX_free(ctx);
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks(out);
BIO_free(out);
printf("\n");
if (test_exp_mod_zero() != 0)
goto err;
printf("done\n");
EXIT(0);
err:
ERR_load_crypto_strings();
ERR_print_errors(out);
#ifdef OPENSSL_SYS_NETWARE
printf("ERROR\n");
#endif
EXIT(1);
return (1);
}
int test_kron(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*r,*t;
int i;
int legendre, kronecker;
int ret = 0;
a = BN_new();
b = BN_new();
r = BN_new();
t = BN_new();
if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
/* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
* In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
* is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
* So we generate a random prime b and compare these values
* for a number of random a's. (That is, we run the Solovay-Strassen
* primality test to confirm that b is prime, except that we
* don't want to test whether b is prime but whether BN_kronecker
* works.) */
if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err;
b->neg = rand_neg();
putc('\n', stderr);
for (i = 0; i < num0; i++)
{
if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
a->neg = rand_neg();
/* t := (|b|-1)/2 (note that b is odd) */
if (!BN_copy(t, b)) goto err;
t->neg = 0;
if (!BN_sub_word(t, 1)) goto err;
if (!BN_rshift1(t, t)) goto err;
/* r := a^t mod b */
b->neg=0;
if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
b->neg=1;
if (BN_is_word(r, 1))
legendre = 1;
else if (BN_is_zero(r))
legendre = 0;
else
{
if (!BN_add_word(r, 1)) goto err;
if (0 != BN_ucmp(r, b))
{
fprintf(stderr, "Legendre symbol computation failed\n");
goto err;
}
legendre = -1;
}
kronecker = BN_kronecker(a, b, ctx);
if (kronecker < -1) goto err;
/* we actually need BN_kronecker(a, |b|) */
if (a->neg && b->neg)
kronecker = -kronecker;
if (legendre != kronecker)
{
fprintf(stderr, "legendre != kronecker; a = ");
BN_print_fp(stderr, a);
fprintf(stderr, ", b = ");
BN_print_fp(stderr, b);
fprintf(stderr, "\n");
goto err;
}
putc('.', stderr);
fflush(stderr);
}
putc('\n', stderr);
fflush(stderr);
ret = 1;
err:
if (a != NULL) BN_free(a);
if (b != NULL) BN_free(b);
if (r != NULL) BN_free(r);
if (t != NULL) BN_free(t);
return ret;
}
/*
* test_mod_exp_zero tests that x**0 mod 1 == 0. It returns zero on success.
*/
static int test_mod_exp_zero(void)
{
BIGNUM *a = NULL, *p = NULL, *m = NULL;
BIGNUM *r = NULL;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
int ret = 1, failed = 0;
if (!TEST_ptr(m = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(r = BN_new()))
goto err;
BN_one(m);
BN_one(a);
BN_zero(p);
if (!TEST_true(BN_rand(a, 1024, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)))
goto err;
if (!TEST_true(BN_mod_exp(r, a, p, m, ctx)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_recp(r, a, p, m, ctx)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_recp", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_simple(r, a, p, m, ctx)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_simple", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_mont(r, a, p, m, ctx, NULL)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a)))
failed = 1;
if (!TEST_true(BN_mod_exp_mont_consttime(r, a, p, m, ctx, NULL)))
goto err;
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
*/
if (!TEST_true(BN_mod_exp_mont_word(r, one_word, p, m, ctx, NULL)))
goto err;
if (!TEST_BN_eq_zero(r)) {
TEST_error("BN_mod_exp_mont_word failed: "
"1 ** 0 mod 1 = r (should be 0)");
BN_print_var(r);
goto err;
}
ret = !failed;
err:
BN_free(r);
BN_free(a);
BN_free(p);
BN_free(m);
BN_CTX_free(ctx);
return ret;
}
static int test_mod_exp(int round)
{
BN_CTX *ctx;
unsigned char c;
int ret = 0;
BIGNUM *r_mont = NULL;
BIGNUM *r_mont_const = NULL;
BIGNUM *r_recp = NULL;
BIGNUM *r_simple = NULL;
BIGNUM *a = NULL;
BIGNUM *b = NULL;
BIGNUM *m = NULL;
if (!TEST_ptr(ctx = BN_CTX_new()))
goto err;
if (!TEST_ptr(r_mont = BN_new())
|| !TEST_ptr(r_mont_const = BN_new())
|| !TEST_ptr(r_recp = BN_new())
|| !TEST_ptr(r_simple = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
|| !TEST_ptr(m = BN_new()))
goto err;
RAND_bytes(&c, 1);
c = (c % BN_BITS) - BN_BITS2;
BN_rand(a, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY);
RAND_bytes(&c, 1);
c = (c % BN_BITS) - BN_BITS2;
BN_rand(b, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY);
RAND_bytes(&c, 1);
c = (c % BN_BITS) - BN_BITS2;
BN_rand(m, NUM_BITS + c, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD);
if (!TEST_true(BN_mod(a, a, m, ctx))
|| !TEST_true(BN_mod(b, b, m, ctx))
|| !TEST_true(BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL))
|| !TEST_true(BN_mod_exp_recp(r_recp, a, b, m, ctx))
|| !TEST_true(BN_mod_exp_simple(r_simple, a, b, m, ctx))
|| !TEST_true(BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL)))
goto err;
if (!TEST_BN_eq(r_simple, r_mont)
|| !TEST_BN_eq(r_simple, r_recp)
|| !TEST_BN_eq(r_simple, r_mont_const)) {
if (BN_cmp(r_simple, r_mont) != 0)
TEST_info("simple and mont results differ");
if (BN_cmp(r_simple, r_mont_const) != 0)
TEST_info("simple and mont const time results differ");
if (BN_cmp(r_simple, r_recp) != 0)
TEST_info("simple and recp results differ");
BN_print_var(a);
BN_print_var(b);
BN_print_var(m);
BN_print_var(r_simple);
BN_print_var(r_recp);
BN_print_var(r_mont);
BN_print_var(r_mont_const);
goto err;
}
ret = 1;
err:
BN_free(r_mont);
BN_free(r_mont_const);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
BN_free(b);
BN_free(m);
BN_CTX_free(ctx);
return ret;
}
int exp_main(int argc, char *argv[])
#endif
{
BN_CTX *ctx;
BIO *out=NULL;
int i,ret;
unsigned char c;
BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
// FILE* temp;
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
* even check its return value
* (which we should) */
if(errno==ENOMEM)
{
return 1;
}
ERR_load_BN_strings();
if(errno==ENOMEM)
{
return 1;
}
ctx=BN_CTX_new();
if (ctx == NULL)
{
if(errno==ENOMEM)
{
return 1;
}
return 1;
}
r_mont=BN_new();
if(r_mont==NULL&&errno==ENOMEM)
{
return 1;
}
r_mont_const=BN_new();
if(r_mont_const==NULL&&errno==ENOMEM)
{
return 1;
}
r_recp=BN_new();
if(r_recp==NULL&&errno==ENOMEM)
{
return 1;
}
r_simple=BN_new();
if(r_simple==NULL&&errno==ENOMEM)
{
return 1;
}
a=BN_new();
if(a==NULL&&errno==ENOMEM)
{
return 1;
}
b=BN_new();
if(b==NULL&&errno==ENOMEM)
{
return 1;
}
m=BN_new();
if(m==NULL&&errno==ENOMEM)
{
return 1;
}
if ( (r_mont == NULL) || (r_recp == NULL) ||
(a == NULL) || (b == NULL))
goto err;
out=BIO_new(BIO_s_file());
if(out==NULL&&errno==ENOMEM)
{
return 1;
}
if (out == NULL)
return 1;
BIO_set_fp(out,stdout,BIO_NOCLOSE);
if(errno==ENOMEM)
{
return 1;
}
// temp = fopen("sanjeev.txt", "w");
for (i=0; i<200; i++)
{
// fputc(i,temp);
RAND_bytes(&c,1);
if(errno==ENOMEM)
{
return 1;
}
c=(c%BN_BITS)-BN_BITS2;
BN_rand(a,NUM_BITS+c,0,0);
if(errno==ENOMEM)
{
return 1;
}
RAND_bytes(&c,1);
if(errno==ENOMEM)
{
return 1;
}
c=(c%BN_BITS)-BN_BITS2;
BN_rand(b,NUM_BITS+c,0,0);
if(errno==ENOMEM)
{
return 1;
}
RAND_bytes(&c,1);
if(errno==ENOMEM)
{
return 1;
}
c=(c%BN_BITS)-BN_BITS2;
BN_rand(m,NUM_BITS+c,0,1);
if(errno==ENOMEM)
{
return 1;
}
BN_mod(a,a,m,ctx);
if(errno==ENOMEM)
{
return 1;
}
BN_mod(b,b,m,ctx);
if(errno==ENOMEM)
{
return 1;
}
ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
if (ret <= 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"BN_mod_exp_mont() problems\n");
ERR_print_errors(out);
if(errno==ENOMEM)
{
return 1;
}
return 1;
}
ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
if (ret <= 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"BN_mod_exp_recp() problems\n");
ERR_print_errors(out);
if(errno==ENOMEM)
{
return 1;
}
return 1;
}
ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
if (ret <= 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"BN_mod_exp_simple() problems\n");
ERR_print_errors(out);
if(errno==ENOMEM)
{
return 1;
}
return 1;
}
ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
if (ret <= 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"BN_mod_exp_mont_consttime() problems\n");
ERR_print_errors(out);
if(errno==ENOMEM)
{
return 1;
}
return 1;
}
if (BN_cmp(r_simple, r_mont) == 0
&& BN_cmp(r_simple,r_recp) == 0
&& BN_cmp(r_simple,r_mont_const) == 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,".");
fflush(stdout);
}
else
{
if (BN_cmp(r_simple,r_mont) != 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nsimple and mont results differ\n");
}
if (BN_cmp(r_simple,r_mont) != 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nsimple and mont const time results differ\n");
}
if (BN_cmp(r_simple,r_recp) != 0)
{
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nsimple and recp results differ\n");
}
fprintf(stdout,"a (%3d) = ",BN_num_bits(a));
BN_print(out,a);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nb (%3d) = ",BN_num_bits(b));
BN_print(out,b);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nm (%3d) = ",BN_num_bits(m));
BN_print(out,m);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nsimple =");
BN_print(out,r_simple);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nrecp =");
BN_print(out,r_recp);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nmont =");
BN_print(out,r_mont);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\nmont_ct =");
BN_print(out,r_mont_const);
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout,"\n");
return 1;
}
}
BN_free(r_mont);
BN_free(r_mont_const);
BN_free(r_recp);
BN_free(r_simple);
BN_free(a);
BN_free(b);
BN_free(m);
BN_CTX_free(ctx);
ERR_remove_state(0);
if(errno==ENOMEM)
{
return 1;
}
CRYPTO_mem_leaks(out);
if(errno==ENOMEM)
{
return 1;
}
BIO_free(out);
if(errno==ENOMEM)
{
return 1;
}
CRYPTO_cleanup_all_ex_data();
if(errno==ENOMEM)
{
return 1;
}
fprintf(stdout," done\n");
fprintf(stdout," Test case passed\n");
return 0;
err:
ERR_load_crypto_strings();
if(errno==ENOMEM)
{
return 1;
}
ERR_print_errors(out);
if(errno==ENOMEM)
{
return 1;
}
#ifdef OPENSSL_SYS_NETWARE
fprintf(stdout,"ERROR\n");
#endif
return(1);
}
/*
* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
*/
static int test_exp_mod_zero(void)
{
BIGNUM a, p, m;
BIGNUM r;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
int ret = 1, failed = 0;
BN_init(&m);
BN_one(&m);
BN_init(&a);
BN_one(&a);
BN_init(&p);
BN_zero(&p);
BN_init(&r);
if (!BN_rand(&a, 1024, 0, 0))
goto err;
if (!BN_mod_exp(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
failed = 1;
if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_recp", &r, &a))
failed = 1;
if (!BN_mod_exp_simple(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_simple", &r, &a))
failed = 1;
if (!BN_mod_exp_mont(&r, &a, &p, &m, ctx, NULL))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
failed = 1;
if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
goto err;
}
if (!a_is_zero_mod_one("BN_mod_exp_mont_consttime", &r, &a))
failed = 1;
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
*/
if (!BN_mod_exp_mont_word(&r, one_word, &p, &m, ctx, NULL))
goto err;
if (!BN_is_zero(&r)) {
fprintf(stderr, "BN_mod_exp_mont_word failed:\n");
fprintf(stderr, "1 ** 0 mod 1 = r (should be 0)\n");
fprintf(stderr, "r = ");
BN_print_fp(stderr, &r);
fprintf(stderr, "\n");
return 0;
}
ret = failed;
err:
BN_free(&r);
BN_free(&a);
BN_free(&p);
BN_free(&m);
BN_CTX_free(ctx);
return ret;
}