2
0

bntest.c 41 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090
  1. /* crypto/bn/bntest.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  60. *
  61. * Portions of the attached software ("Contribution") are developed by
  62. * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  63. *
  64. * The Contribution is licensed pursuant to the Eric Young open source
  65. * license provided above.
  66. *
  67. * The binary polynomial arithmetic software is originally written by
  68. * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
  69. *
  70. */
  71. /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  72. * deprecated functions for openssl-internal code */
  73. #ifdef OPENSSL_NO_DEPRECATED
  74. #undef OPENSSL_NO_DEPRECATED
  75. #endif
  76. #include <stdio.h>
  77. #include <stdlib.h>
  78. #include <string.h>
  79. #include "e_os.h"
  80. #include <openssl/bio.h>
  81. #include <openssl/bn.h>
  82. #include <openssl/rand.h>
  83. #include <openssl/x509.h>
  84. #include <openssl/err.h>
  85. const int num0 = 100; /* number of tests */
  86. const int num1 = 50; /* additional tests for some functions */
  87. const int num2 = 5; /* number of tests for slow functions */
  88. int test_add(BIO *bp);
  89. int test_sub(BIO *bp);
  90. int test_lshift1(BIO *bp);
  91. int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
  92. int test_rshift1(BIO *bp);
  93. int test_rshift(BIO *bp,BN_CTX *ctx);
  94. int test_div(BIO *bp,BN_CTX *ctx);
  95. int test_div_word(BIO *bp);
  96. int test_div_recp(BIO *bp,BN_CTX *ctx);
  97. int test_mul(BIO *bp);
  98. int test_sqr(BIO *bp,BN_CTX *ctx);
  99. int test_mont(BIO *bp,BN_CTX *ctx);
  100. int test_mod(BIO *bp,BN_CTX *ctx);
  101. int test_mod_mul(BIO *bp,BN_CTX *ctx);
  102. int test_mod_exp(BIO *bp,BN_CTX *ctx);
  103. int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
  104. int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
  105. int test_exp(BIO *bp,BN_CTX *ctx);
  106. int test_gf2m_add(BIO *bp);
  107. int test_gf2m_mod(BIO *bp);
  108. int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
  109. int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
  110. int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
  111. int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
  112. int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
  113. int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
  114. int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
  115. int test_kron(BIO *bp,BN_CTX *ctx);
  116. int test_sqrt(BIO *bp,BN_CTX *ctx);
  117. int rand_neg(void);
  118. static int results=0;
  119. static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
  120. "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
  121. static const char rnd_seed[] = "string to make the random number generator think it has entropy";
  122. static void message(BIO *out, char *m)
  123. {
  124. fprintf(stderr, "test %s\n", m);
  125. BIO_puts(out, "print \"test ");
  126. BIO_puts(out, m);
  127. BIO_puts(out, "\\n\"\n");
  128. }
  129. int main(int argc, char *argv[])
  130. {
  131. BN_CTX *ctx;
  132. BIO *out;
  133. char *outfile=NULL;
  134. results = 0;
  135. RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
  136. argc--;
  137. argv++;
  138. while (argc >= 1)
  139. {
  140. if (strcmp(*argv,"-results") == 0)
  141. results=1;
  142. else if (strcmp(*argv,"-out") == 0)
  143. {
  144. if (--argc < 1) break;
  145. outfile= *(++argv);
  146. }
  147. argc--;
  148. argv++;
  149. }
  150. ctx=BN_CTX_new();
  151. if (ctx == NULL) EXIT(1);
  152. out=BIO_new(BIO_s_file());
  153. if (out == NULL) EXIT(1);
  154. if (outfile == NULL)
  155. {
  156. BIO_set_fp(out,stdout,BIO_NOCLOSE);
  157. }
  158. else
  159. {
  160. if (!BIO_write_filename(out,outfile))
  161. {
  162. perror(outfile);
  163. EXIT(1);
  164. }
  165. }
  166. if (!results)
  167. BIO_puts(out,"obase=16\nibase=16\n");
  168. message(out,"BN_add");
  169. if (!test_add(out)) goto err;
  170. (void)BIO_flush(out);
  171. message(out,"BN_sub");
  172. if (!test_sub(out)) goto err;
  173. (void)BIO_flush(out);
  174. message(out,"BN_lshift1");
  175. if (!test_lshift1(out)) goto err;
  176. (void)BIO_flush(out);
  177. message(out,"BN_lshift (fixed)");
  178. if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
  179. goto err;
  180. (void)BIO_flush(out);
  181. message(out,"BN_lshift");
  182. if (!test_lshift(out,ctx,NULL)) goto err;
  183. (void)BIO_flush(out);
  184. message(out,"BN_rshift1");
  185. if (!test_rshift1(out)) goto err;
  186. (void)BIO_flush(out);
  187. message(out,"BN_rshift");
  188. if (!test_rshift(out,ctx)) goto err;
  189. (void)BIO_flush(out);
  190. message(out,"BN_sqr");
  191. if (!test_sqr(out,ctx)) goto err;
  192. (void)BIO_flush(out);
  193. message(out,"BN_mul");
  194. if (!test_mul(out)) goto err;
  195. (void)BIO_flush(out);
  196. message(out,"BN_div");
  197. if (!test_div(out,ctx)) goto err;
  198. (void)BIO_flush(out);
  199. message(out,"BN_div_word");
  200. if (!test_div_word(out)) goto err;
  201. (void)BIO_flush(out);
  202. message(out,"BN_div_recp");
  203. if (!test_div_recp(out,ctx)) goto err;
  204. (void)BIO_flush(out);
  205. message(out,"BN_mod");
  206. if (!test_mod(out,ctx)) goto err;
  207. (void)BIO_flush(out);
  208. message(out,"BN_mod_mul");
  209. if (!test_mod_mul(out,ctx)) goto err;
  210. (void)BIO_flush(out);
  211. message(out,"BN_mont");
  212. if (!test_mont(out,ctx)) goto err;
  213. (void)BIO_flush(out);
  214. message(out,"BN_mod_exp");
  215. if (!test_mod_exp(out,ctx)) goto err;
  216. (void)BIO_flush(out);
  217. message(out,"BN_mod_exp_mont_consttime");
  218. if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
  219. if (!test_mod_exp_mont5(out,ctx)) goto err;
  220. (void)BIO_flush(out);
  221. message(out,"BN_exp");
  222. if (!test_exp(out,ctx)) goto err;
  223. (void)BIO_flush(out);
  224. message(out,"BN_kronecker");
  225. if (!test_kron(out,ctx)) goto err;
  226. (void)BIO_flush(out);
  227. message(out,"BN_mod_sqrt");
  228. if (!test_sqrt(out,ctx)) goto err;
  229. (void)BIO_flush(out);
  230. #ifndef OPENSSL_NO_EC2M
  231. message(out,"BN_GF2m_add");
  232. if (!test_gf2m_add(out)) goto err;
  233. (void)BIO_flush(out);
  234. message(out,"BN_GF2m_mod");
  235. if (!test_gf2m_mod(out)) goto err;
  236. (void)BIO_flush(out);
  237. message(out,"BN_GF2m_mod_mul");
  238. if (!test_gf2m_mod_mul(out,ctx)) goto err;
  239. (void)BIO_flush(out);
  240. message(out,"BN_GF2m_mod_sqr");
  241. if (!test_gf2m_mod_sqr(out,ctx)) goto err;
  242. (void)BIO_flush(out);
  243. message(out,"BN_GF2m_mod_inv");
  244. if (!test_gf2m_mod_inv(out,ctx)) goto err;
  245. (void)BIO_flush(out);
  246. message(out,"BN_GF2m_mod_div");
  247. if (!test_gf2m_mod_div(out,ctx)) goto err;
  248. (void)BIO_flush(out);
  249. message(out,"BN_GF2m_mod_exp");
  250. if (!test_gf2m_mod_exp(out,ctx)) goto err;
  251. (void)BIO_flush(out);
  252. message(out,"BN_GF2m_mod_sqrt");
  253. if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
  254. (void)BIO_flush(out);
  255. message(out,"BN_GF2m_mod_solve_quad");
  256. if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
  257. (void)BIO_flush(out);
  258. #endif
  259. BN_CTX_free(ctx);
  260. BIO_free(out);
  261. /**/
  262. EXIT(0);
  263. err:
  264. BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
  265. * the failure, see test_bn in test/Makefile.ssl*/
  266. (void)BIO_flush(out);
  267. ERR_load_crypto_strings();
  268. ERR_print_errors_fp(stderr);
  269. EXIT(1);
  270. return(1);
  271. }
  272. int test_add(BIO *bp)
  273. {
  274. BIGNUM a,b,c;
  275. int i;
  276. BN_init(&a);
  277. BN_init(&b);
  278. BN_init(&c);
  279. BN_bntest_rand(&a,512,0,0);
  280. for (i=0; i<num0; i++)
  281. {
  282. BN_bntest_rand(&b,450+i,0,0);
  283. a.neg=rand_neg();
  284. b.neg=rand_neg();
  285. BN_add(&c,&a,&b);
  286. if (bp != NULL)
  287. {
  288. if (!results)
  289. {
  290. BN_print(bp,&a);
  291. BIO_puts(bp," + ");
  292. BN_print(bp,&b);
  293. BIO_puts(bp," - ");
  294. }
  295. BN_print(bp,&c);
  296. BIO_puts(bp,"\n");
  297. }
  298. a.neg=!a.neg;
  299. b.neg=!b.neg;
  300. BN_add(&c,&c,&b);
  301. BN_add(&c,&c,&a);
  302. if(!BN_is_zero(&c))
  303. {
  304. fprintf(stderr,"Add test failed!\n");
  305. return 0;
  306. }
  307. }
  308. BN_free(&a);
  309. BN_free(&b);
  310. BN_free(&c);
  311. return(1);
  312. }
  313. int test_sub(BIO *bp)
  314. {
  315. BIGNUM a,b,c;
  316. int i;
  317. BN_init(&a);
  318. BN_init(&b);
  319. BN_init(&c);
  320. for (i=0; i<num0+num1; i++)
  321. {
  322. if (i < num1)
  323. {
  324. BN_bntest_rand(&a,512,0,0);
  325. BN_copy(&b,&a);
  326. if (BN_set_bit(&a,i)==0) return(0);
  327. BN_add_word(&b,i);
  328. }
  329. else
  330. {
  331. BN_bntest_rand(&b,400+i-num1,0,0);
  332. a.neg=rand_neg();
  333. b.neg=rand_neg();
  334. }
  335. BN_sub(&c,&a,&b);
  336. if (bp != NULL)
  337. {
  338. if (!results)
  339. {
  340. BN_print(bp,&a);
  341. BIO_puts(bp," - ");
  342. BN_print(bp,&b);
  343. BIO_puts(bp," - ");
  344. }
  345. BN_print(bp,&c);
  346. BIO_puts(bp,"\n");
  347. }
  348. BN_add(&c,&c,&b);
  349. BN_sub(&c,&c,&a);
  350. if(!BN_is_zero(&c))
  351. {
  352. fprintf(stderr,"Subtract test failed!\n");
  353. return 0;
  354. }
  355. }
  356. BN_free(&a);
  357. BN_free(&b);
  358. BN_free(&c);
  359. return(1);
  360. }
  361. int test_div(BIO *bp, BN_CTX *ctx)
  362. {
  363. BIGNUM a,b,c,d,e;
  364. int i;
  365. BN_init(&a);
  366. BN_init(&b);
  367. BN_init(&c);
  368. BN_init(&d);
  369. BN_init(&e);
  370. for (i=0; i<num0+num1; i++)
  371. {
  372. if (i < num1)
  373. {
  374. BN_bntest_rand(&a,400,0,0);
  375. BN_copy(&b,&a);
  376. BN_lshift(&a,&a,i);
  377. BN_add_word(&a,i);
  378. }
  379. else
  380. BN_bntest_rand(&b,50+3*(i-num1),0,0);
  381. a.neg=rand_neg();
  382. b.neg=rand_neg();
  383. BN_div(&d,&c,&a,&b,ctx);
  384. if (bp != NULL)
  385. {
  386. if (!results)
  387. {
  388. BN_print(bp,&a);
  389. BIO_puts(bp," / ");
  390. BN_print(bp,&b);
  391. BIO_puts(bp," - ");
  392. }
  393. BN_print(bp,&d);
  394. BIO_puts(bp,"\n");
  395. if (!results)
  396. {
  397. BN_print(bp,&a);
  398. BIO_puts(bp," % ");
  399. BN_print(bp,&b);
  400. BIO_puts(bp," - ");
  401. }
  402. BN_print(bp,&c);
  403. BIO_puts(bp,"\n");
  404. }
  405. BN_mul(&e,&d,&b,ctx);
  406. BN_add(&d,&e,&c);
  407. BN_sub(&d,&d,&a);
  408. if(!BN_is_zero(&d))
  409. {
  410. fprintf(stderr,"Division test failed!\n");
  411. return 0;
  412. }
  413. }
  414. BN_free(&a);
  415. BN_free(&b);
  416. BN_free(&c);
  417. BN_free(&d);
  418. BN_free(&e);
  419. return(1);
  420. }
  421. static void print_word(BIO *bp,BN_ULONG w)
  422. {
  423. #ifdef SIXTY_FOUR_BIT
  424. if (sizeof(w) > sizeof(unsigned long))
  425. {
  426. unsigned long h=(unsigned long)(w>>32),
  427. l=(unsigned long)(w);
  428. if (h) BIO_printf(bp,"%lX%08lX",h,l);
  429. else BIO_printf(bp,"%lX",l);
  430. return;
  431. }
  432. #endif
  433. BIO_printf(bp,BN_HEX_FMT1,w);
  434. }
  435. int test_div_word(BIO *bp)
  436. {
  437. BIGNUM a,b;
  438. BN_ULONG r,s;
  439. int i;
  440. BN_init(&a);
  441. BN_init(&b);
  442. for (i=0; i<num0; i++)
  443. {
  444. do {
  445. BN_bntest_rand(&a,512,-1,0);
  446. BN_bntest_rand(&b,BN_BITS2,-1,0);
  447. s = b.d[0];
  448. } while (!s);
  449. BN_copy(&b, &a);
  450. r = BN_div_word(&b, s);
  451. if (bp != NULL)
  452. {
  453. if (!results)
  454. {
  455. BN_print(bp,&a);
  456. BIO_puts(bp," / ");
  457. print_word(bp,s);
  458. BIO_puts(bp," - ");
  459. }
  460. BN_print(bp,&b);
  461. BIO_puts(bp,"\n");
  462. if (!results)
  463. {
  464. BN_print(bp,&a);
  465. BIO_puts(bp," % ");
  466. print_word(bp,s);
  467. BIO_puts(bp," - ");
  468. }
  469. print_word(bp,r);
  470. BIO_puts(bp,"\n");
  471. }
  472. BN_mul_word(&b,s);
  473. BN_add_word(&b,r);
  474. BN_sub(&b,&a,&b);
  475. if(!BN_is_zero(&b))
  476. {
  477. fprintf(stderr,"Division (word) test failed!\n");
  478. return 0;
  479. }
  480. }
  481. BN_free(&a);
  482. BN_free(&b);
  483. return(1);
  484. }
  485. int test_div_recp(BIO *bp, BN_CTX *ctx)
  486. {
  487. BIGNUM a,b,c,d,e;
  488. BN_RECP_CTX recp;
  489. int i;
  490. BN_RECP_CTX_init(&recp);
  491. BN_init(&a);
  492. BN_init(&b);
  493. BN_init(&c);
  494. BN_init(&d);
  495. BN_init(&e);
  496. for (i=0; i<num0+num1; i++)
  497. {
  498. if (i < num1)
  499. {
  500. BN_bntest_rand(&a,400,0,0);
  501. BN_copy(&b,&a);
  502. BN_lshift(&a,&a,i);
  503. BN_add_word(&a,i);
  504. }
  505. else
  506. BN_bntest_rand(&b,50+3*(i-num1),0,0);
  507. a.neg=rand_neg();
  508. b.neg=rand_neg();
  509. BN_RECP_CTX_set(&recp,&b,ctx);
  510. BN_div_recp(&d,&c,&a,&recp,ctx);
  511. if (bp != NULL)
  512. {
  513. if (!results)
  514. {
  515. BN_print(bp,&a);
  516. BIO_puts(bp," / ");
  517. BN_print(bp,&b);
  518. BIO_puts(bp," - ");
  519. }
  520. BN_print(bp,&d);
  521. BIO_puts(bp,"\n");
  522. if (!results)
  523. {
  524. BN_print(bp,&a);
  525. BIO_puts(bp," % ");
  526. BN_print(bp,&b);
  527. BIO_puts(bp," - ");
  528. }
  529. BN_print(bp,&c);
  530. BIO_puts(bp,"\n");
  531. }
  532. BN_mul(&e,&d,&b,ctx);
  533. BN_add(&d,&e,&c);
  534. BN_sub(&d,&d,&a);
  535. if(!BN_is_zero(&d))
  536. {
  537. fprintf(stderr,"Reciprocal division test failed!\n");
  538. fprintf(stderr,"a=");
  539. BN_print_fp(stderr,&a);
  540. fprintf(stderr,"\nb=");
  541. BN_print_fp(stderr,&b);
  542. fprintf(stderr,"\n");
  543. return 0;
  544. }
  545. }
  546. BN_free(&a);
  547. BN_free(&b);
  548. BN_free(&c);
  549. BN_free(&d);
  550. BN_free(&e);
  551. BN_RECP_CTX_free(&recp);
  552. return(1);
  553. }
  554. int test_mul(BIO *bp)
  555. {
  556. BIGNUM a,b,c,d,e;
  557. int i;
  558. BN_CTX *ctx;
  559. ctx = BN_CTX_new();
  560. if (ctx == NULL) EXIT(1);
  561. BN_init(&a);
  562. BN_init(&b);
  563. BN_init(&c);
  564. BN_init(&d);
  565. BN_init(&e);
  566. for (i=0; i<num0+num1; i++)
  567. {
  568. if (i <= num1)
  569. {
  570. BN_bntest_rand(&a,100,0,0);
  571. BN_bntest_rand(&b,100,0,0);
  572. }
  573. else
  574. BN_bntest_rand(&b,i-num1,0,0);
  575. a.neg=rand_neg();
  576. b.neg=rand_neg();
  577. BN_mul(&c,&a,&b,ctx);
  578. if (bp != NULL)
  579. {
  580. if (!results)
  581. {
  582. BN_print(bp,&a);
  583. BIO_puts(bp," * ");
  584. BN_print(bp,&b);
  585. BIO_puts(bp," - ");
  586. }
  587. BN_print(bp,&c);
  588. BIO_puts(bp,"\n");
  589. }
  590. BN_div(&d,&e,&c,&a,ctx);
  591. BN_sub(&d,&d,&b);
  592. if(!BN_is_zero(&d) || !BN_is_zero(&e))
  593. {
  594. fprintf(stderr,"Multiplication test failed!\n");
  595. return 0;
  596. }
  597. }
  598. BN_free(&a);
  599. BN_free(&b);
  600. BN_free(&c);
  601. BN_free(&d);
  602. BN_free(&e);
  603. BN_CTX_free(ctx);
  604. return(1);
  605. }
  606. int test_sqr(BIO *bp, BN_CTX *ctx)
  607. {
  608. BIGNUM a,c,d,e;
  609. int i;
  610. BN_init(&a);
  611. BN_init(&c);
  612. BN_init(&d);
  613. BN_init(&e);
  614. for (i=0; i<num0; i++)
  615. {
  616. BN_bntest_rand(&a,40+i*10,0,0);
  617. a.neg=rand_neg();
  618. BN_sqr(&c,&a,ctx);
  619. if (bp != NULL)
  620. {
  621. if (!results)
  622. {
  623. BN_print(bp,&a);
  624. BIO_puts(bp," * ");
  625. BN_print(bp,&a);
  626. BIO_puts(bp," - ");
  627. }
  628. BN_print(bp,&c);
  629. BIO_puts(bp,"\n");
  630. }
  631. BN_div(&d,&e,&c,&a,ctx);
  632. BN_sub(&d,&d,&a);
  633. if(!BN_is_zero(&d) || !BN_is_zero(&e))
  634. {
  635. fprintf(stderr,"Square test failed!\n");
  636. return 0;
  637. }
  638. }
  639. BN_free(&a);
  640. BN_free(&c);
  641. BN_free(&d);
  642. BN_free(&e);
  643. return(1);
  644. }
  645. int test_mont(BIO *bp, BN_CTX *ctx)
  646. {
  647. BIGNUM a,b,c,d,A,B;
  648. BIGNUM n;
  649. int i;
  650. BN_MONT_CTX *mont;
  651. BN_init(&a);
  652. BN_init(&b);
  653. BN_init(&c);
  654. BN_init(&d);
  655. BN_init(&A);
  656. BN_init(&B);
  657. BN_init(&n);
  658. mont=BN_MONT_CTX_new();
  659. if (mont == NULL)
  660. return 0;
  661. BN_bntest_rand(&a,100,0,0); /**/
  662. BN_bntest_rand(&b,100,0,0); /**/
  663. for (i=0; i<num2; i++)
  664. {
  665. int bits = (200*(i+1))/num2;
  666. if (bits == 0)
  667. continue;
  668. BN_bntest_rand(&n,bits,0,1);
  669. BN_MONT_CTX_set(mont,&n,ctx);
  670. BN_nnmod(&a,&a,&n,ctx);
  671. BN_nnmod(&b,&b,&n,ctx);
  672. BN_to_montgomery(&A,&a,mont,ctx);
  673. BN_to_montgomery(&B,&b,mont,ctx);
  674. BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
  675. BN_from_montgomery(&A,&c,mont,ctx);/**/
  676. if (bp != NULL)
  677. {
  678. if (!results)
  679. {
  680. #ifdef undef
  681. fprintf(stderr,"%d * %d %% %d\n",
  682. BN_num_bits(&a),
  683. BN_num_bits(&b),
  684. BN_num_bits(mont->N));
  685. #endif
  686. BN_print(bp,&a);
  687. BIO_puts(bp," * ");
  688. BN_print(bp,&b);
  689. BIO_puts(bp," % ");
  690. BN_print(bp,&(mont->N));
  691. BIO_puts(bp," - ");
  692. }
  693. BN_print(bp,&A);
  694. BIO_puts(bp,"\n");
  695. }
  696. BN_mod_mul(&d,&a,&b,&n,ctx);
  697. BN_sub(&d,&d,&A);
  698. if(!BN_is_zero(&d))
  699. {
  700. fprintf(stderr,"Montgomery multiplication test failed!\n");
  701. return 0;
  702. }
  703. }
  704. BN_MONT_CTX_free(mont);
  705. BN_free(&a);
  706. BN_free(&b);
  707. BN_free(&c);
  708. BN_free(&d);
  709. BN_free(&A);
  710. BN_free(&B);
  711. BN_free(&n);
  712. return(1);
  713. }
  714. int test_mod(BIO *bp, BN_CTX *ctx)
  715. {
  716. BIGNUM *a,*b,*c,*d,*e;
  717. int i;
  718. a=BN_new();
  719. b=BN_new();
  720. c=BN_new();
  721. d=BN_new();
  722. e=BN_new();
  723. BN_bntest_rand(a,1024,0,0); /**/
  724. for (i=0; i<num0; i++)
  725. {
  726. BN_bntest_rand(b,450+i*10,0,0); /**/
  727. a->neg=rand_neg();
  728. b->neg=rand_neg();
  729. BN_mod(c,a,b,ctx);/**/
  730. if (bp != NULL)
  731. {
  732. if (!results)
  733. {
  734. BN_print(bp,a);
  735. BIO_puts(bp," % ");
  736. BN_print(bp,b);
  737. BIO_puts(bp," - ");
  738. }
  739. BN_print(bp,c);
  740. BIO_puts(bp,"\n");
  741. }
  742. BN_div(d,e,a,b,ctx);
  743. BN_sub(e,e,c);
  744. if(!BN_is_zero(e))
  745. {
  746. fprintf(stderr,"Modulo test failed!\n");
  747. return 0;
  748. }
  749. }
  750. BN_free(a);
  751. BN_free(b);
  752. BN_free(c);
  753. BN_free(d);
  754. BN_free(e);
  755. return(1);
  756. }
  757. int test_mod_mul(BIO *bp, BN_CTX *ctx)
  758. {
  759. BIGNUM *a,*b,*c,*d,*e;
  760. int i,j;
  761. a=BN_new();
  762. b=BN_new();
  763. c=BN_new();
  764. d=BN_new();
  765. e=BN_new();
  766. for (j=0; j<3; j++) {
  767. BN_bntest_rand(c,1024,0,0); /**/
  768. for (i=0; i<num0; i++)
  769. {
  770. BN_bntest_rand(a,475+i*10,0,0); /**/
  771. BN_bntest_rand(b,425+i*11,0,0); /**/
  772. a->neg=rand_neg();
  773. b->neg=rand_neg();
  774. if (!BN_mod_mul(e,a,b,c,ctx))
  775. {
  776. unsigned long l;
  777. while ((l=ERR_get_error()))
  778. fprintf(stderr,"ERROR:%s\n",
  779. ERR_error_string(l,NULL));
  780. EXIT(1);
  781. }
  782. if (bp != NULL)
  783. {
  784. if (!results)
  785. {
  786. BN_print(bp,a);
  787. BIO_puts(bp," * ");
  788. BN_print(bp,b);
  789. BIO_puts(bp," % ");
  790. BN_print(bp,c);
  791. if ((a->neg ^ b->neg) && !BN_is_zero(e))
  792. {
  793. /* If (a*b) % c is negative, c must be added
  794. * in order to obtain the normalized remainder
  795. * (new with OpenSSL 0.9.7, previous versions of
  796. * BN_mod_mul could generate negative results)
  797. */
  798. BIO_puts(bp," + ");
  799. BN_print(bp,c);
  800. }
  801. BIO_puts(bp," - ");
  802. }
  803. BN_print(bp,e);
  804. BIO_puts(bp,"\n");
  805. }
  806. BN_mul(d,a,b,ctx);
  807. BN_sub(d,d,e);
  808. BN_div(a,b,d,c,ctx);
  809. if(!BN_is_zero(b))
  810. {
  811. fprintf(stderr,"Modulo multiply test failed!\n");
  812. ERR_print_errors_fp(stderr);
  813. return 0;
  814. }
  815. }
  816. }
  817. BN_free(a);
  818. BN_free(b);
  819. BN_free(c);
  820. BN_free(d);
  821. BN_free(e);
  822. return(1);
  823. }
  824. int test_mod_exp(BIO *bp, BN_CTX *ctx)
  825. {
  826. BIGNUM *a,*b,*c,*d,*e;
  827. int i;
  828. a=BN_new();
  829. b=BN_new();
  830. c=BN_new();
  831. d=BN_new();
  832. e=BN_new();
  833. BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
  834. for (i=0; i<num2; i++)
  835. {
  836. BN_bntest_rand(a,20+i*5,0,0); /**/
  837. BN_bntest_rand(b,2+i,0,0); /**/
  838. if (!BN_mod_exp(d,a,b,c,ctx))
  839. return(0);
  840. if (bp != NULL)
  841. {
  842. if (!results)
  843. {
  844. BN_print(bp,a);
  845. BIO_puts(bp," ^ ");
  846. BN_print(bp,b);
  847. BIO_puts(bp," % ");
  848. BN_print(bp,c);
  849. BIO_puts(bp," - ");
  850. }
  851. BN_print(bp,d);
  852. BIO_puts(bp,"\n");
  853. }
  854. BN_exp(e,a,b,ctx);
  855. BN_sub(e,e,d);
  856. BN_div(a,b,e,c,ctx);
  857. if(!BN_is_zero(b))
  858. {
  859. fprintf(stderr,"Modulo exponentiation test failed!\n");
  860. return 0;
  861. }
  862. }
  863. BN_free(a);
  864. BN_free(b);
  865. BN_free(c);
  866. BN_free(d);
  867. BN_free(e);
  868. return(1);
  869. }
  870. int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
  871. {
  872. BIGNUM *a,*b,*c,*d,*e;
  873. int i;
  874. a=BN_new();
  875. b=BN_new();
  876. c=BN_new();
  877. d=BN_new();
  878. e=BN_new();
  879. BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
  880. for (i=0; i<num2; i++)
  881. {
  882. BN_bntest_rand(a,20+i*5,0,0); /**/
  883. BN_bntest_rand(b,2+i,0,0); /**/
  884. if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
  885. return(00);
  886. if (bp != NULL)
  887. {
  888. if (!results)
  889. {
  890. BN_print(bp,a);
  891. BIO_puts(bp," ^ ");
  892. BN_print(bp,b);
  893. BIO_puts(bp," % ");
  894. BN_print(bp,c);
  895. BIO_puts(bp," - ");
  896. }
  897. BN_print(bp,d);
  898. BIO_puts(bp,"\n");
  899. }
  900. BN_exp(e,a,b,ctx);
  901. BN_sub(e,e,d);
  902. BN_div(a,b,e,c,ctx);
  903. if(!BN_is_zero(b))
  904. {
  905. fprintf(stderr,"Modulo exponentiation test failed!\n");
  906. return 0;
  907. }
  908. }
  909. BN_free(a);
  910. BN_free(b);
  911. BN_free(c);
  912. BN_free(d);
  913. BN_free(e);
  914. return(1);
  915. }
  916. /* Test constant-time modular exponentiation with 1024-bit inputs,
  917. * which on x86_64 cause a different code branch to be taken.
  918. */
  919. int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
  920. {
  921. BIGNUM *a,*p,*m,*d,*e;
  922. int i;
  923. BN_MONT_CTX *mont;
  924. a=BN_new();
  925. p=BN_new();
  926. m=BN_new();
  927. d=BN_new();
  928. e=BN_new();
  929. mont = BN_MONT_CTX_new();
  930. BN_bntest_rand(m,1024,0,1); /* must be odd for montgomery */
  931. /* Zero exponent */
  932. BN_bntest_rand(a,1024,0,0);
  933. BN_zero(p);
  934. if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
  935. return 0;
  936. if(!BN_is_one(d))
  937. {
  938. fprintf(stderr, "Modular exponentiation test failed!\n");
  939. return 0;
  940. }
  941. /* Zero input */
  942. BN_bntest_rand(p,1024,0,0);
  943. BN_zero(a);
  944. if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
  945. return 0;
  946. if(!BN_is_zero(d))
  947. {
  948. fprintf(stderr, "Modular exponentiation test failed!\n");
  949. return 0;
  950. }
  951. /* Craft an input whose Montgomery representation is 1,
  952. * i.e., shorter than the modulus m, in order to test
  953. * the const time precomputation scattering/gathering.
  954. */
  955. BN_one(a);
  956. BN_MONT_CTX_set(mont,m,ctx);
  957. if(!BN_from_montgomery(e,a,mont,ctx))
  958. return 0;
  959. if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
  960. return 0;
  961. if(!BN_mod_exp_simple(a,e,p,m,ctx))
  962. return 0;
  963. if(BN_cmp(a,d) != 0)
  964. {
  965. fprintf(stderr,"Modular exponentiation test failed!\n");
  966. return 0;
  967. }
  968. /* Finally, some regular test vectors. */
  969. BN_bntest_rand(e,1024,0,0);
  970. if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
  971. return 0;
  972. if(!BN_mod_exp_simple(a,e,p,m,ctx))
  973. return 0;
  974. if(BN_cmp(a,d) != 0)
  975. {
  976. fprintf(stderr,"Modular exponentiation test failed!\n");
  977. return 0;
  978. }
  979. BN_free(a);
  980. BN_free(p);
  981. BN_free(m);
  982. BN_free(d);
  983. BN_free(e);
  984. return(1);
  985. }
  986. int test_exp(BIO *bp, BN_CTX *ctx)
  987. {
  988. BIGNUM *a,*b,*d,*e,*one;
  989. int i;
  990. a=BN_new();
  991. b=BN_new();
  992. d=BN_new();
  993. e=BN_new();
  994. one=BN_new();
  995. BN_one(one);
  996. for (i=0; i<num2; i++)
  997. {
  998. BN_bntest_rand(a,20+i*5,0,0); /**/
  999. BN_bntest_rand(b,2+i,0,0); /**/
  1000. if (BN_exp(d,a,b,ctx) <= 0)
  1001. return(0);
  1002. if (bp != NULL)
  1003. {
  1004. if (!results)
  1005. {
  1006. BN_print(bp,a);
  1007. BIO_puts(bp," ^ ");
  1008. BN_print(bp,b);
  1009. BIO_puts(bp," - ");
  1010. }
  1011. BN_print(bp,d);
  1012. BIO_puts(bp,"\n");
  1013. }
  1014. BN_one(e);
  1015. for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
  1016. BN_mul(e,e,a,ctx);
  1017. BN_sub(e,e,d);
  1018. if(!BN_is_zero(e))
  1019. {
  1020. fprintf(stderr,"Exponentiation test failed!\n");
  1021. return 0;
  1022. }
  1023. }
  1024. BN_free(a);
  1025. BN_free(b);
  1026. BN_free(d);
  1027. BN_free(e);
  1028. BN_free(one);
  1029. return(1);
  1030. }
  1031. #ifndef OPENSSL_NO_EC2M
  1032. int test_gf2m_add(BIO *bp)
  1033. {
  1034. BIGNUM a,b,c;
  1035. int i, ret = 0;
  1036. BN_init(&a);
  1037. BN_init(&b);
  1038. BN_init(&c);
  1039. for (i=0; i<num0; i++)
  1040. {
  1041. BN_rand(&a,512,0,0);
  1042. BN_copy(&b, BN_value_one());
  1043. a.neg=rand_neg();
  1044. b.neg=rand_neg();
  1045. BN_GF2m_add(&c,&a,&b);
  1046. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1047. if (bp != NULL)
  1048. {
  1049. if (!results)
  1050. {
  1051. BN_print(bp,&a);
  1052. BIO_puts(bp," ^ ");
  1053. BN_print(bp,&b);
  1054. BIO_puts(bp," = ");
  1055. }
  1056. BN_print(bp,&c);
  1057. BIO_puts(bp,"\n");
  1058. }
  1059. #endif
  1060. /* Test that two added values have the correct parity. */
  1061. if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
  1062. {
  1063. fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
  1064. goto err;
  1065. }
  1066. BN_GF2m_add(&c,&c,&c);
  1067. /* Test that c + c = 0. */
  1068. if(!BN_is_zero(&c))
  1069. {
  1070. fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
  1071. goto err;
  1072. }
  1073. }
  1074. ret = 1;
  1075. err:
  1076. BN_free(&a);
  1077. BN_free(&b);
  1078. BN_free(&c);
  1079. return ret;
  1080. }
  1081. int test_gf2m_mod(BIO *bp)
  1082. {
  1083. BIGNUM *a,*b[2],*c,*d,*e;
  1084. int i, j, ret = 0;
  1085. int p0[] = {163,7,6,3,0,-1};
  1086. int p1[] = {193,15,0,-1};
  1087. a=BN_new();
  1088. b[0]=BN_new();
  1089. b[1]=BN_new();
  1090. c=BN_new();
  1091. d=BN_new();
  1092. e=BN_new();
  1093. BN_GF2m_arr2poly(p0, b[0]);
  1094. BN_GF2m_arr2poly(p1, b[1]);
  1095. for (i=0; i<num0; i++)
  1096. {
  1097. BN_bntest_rand(a, 1024, 0, 0);
  1098. for (j=0; j < 2; j++)
  1099. {
  1100. BN_GF2m_mod(c, a, b[j]);
  1101. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1102. if (bp != NULL)
  1103. {
  1104. if (!results)
  1105. {
  1106. BN_print(bp,a);
  1107. BIO_puts(bp," % ");
  1108. BN_print(bp,b[j]);
  1109. BIO_puts(bp," - ");
  1110. BN_print(bp,c);
  1111. BIO_puts(bp,"\n");
  1112. }
  1113. }
  1114. #endif
  1115. BN_GF2m_add(d, a, c);
  1116. BN_GF2m_mod(e, d, b[j]);
  1117. /* Test that a + (a mod p) mod p == 0. */
  1118. if(!BN_is_zero(e))
  1119. {
  1120. fprintf(stderr,"GF(2^m) modulo test failed!\n");
  1121. goto err;
  1122. }
  1123. }
  1124. }
  1125. ret = 1;
  1126. err:
  1127. BN_free(a);
  1128. BN_free(b[0]);
  1129. BN_free(b[1]);
  1130. BN_free(c);
  1131. BN_free(d);
  1132. BN_free(e);
  1133. return ret;
  1134. }
  1135. int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
  1136. {
  1137. BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
  1138. int i, j, ret = 0;
  1139. int p0[] = {163,7,6,3,0,-1};
  1140. int p1[] = {193,15,0,-1};
  1141. a=BN_new();
  1142. b[0]=BN_new();
  1143. b[1]=BN_new();
  1144. c=BN_new();
  1145. d=BN_new();
  1146. e=BN_new();
  1147. f=BN_new();
  1148. g=BN_new();
  1149. h=BN_new();
  1150. BN_GF2m_arr2poly(p0, b[0]);
  1151. BN_GF2m_arr2poly(p1, b[1]);
  1152. for (i=0; i<num0; i++)
  1153. {
  1154. BN_bntest_rand(a, 1024, 0, 0);
  1155. BN_bntest_rand(c, 1024, 0, 0);
  1156. BN_bntest_rand(d, 1024, 0, 0);
  1157. for (j=0; j < 2; j++)
  1158. {
  1159. BN_GF2m_mod_mul(e, a, c, b[j], ctx);
  1160. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1161. if (bp != NULL)
  1162. {
  1163. if (!results)
  1164. {
  1165. BN_print(bp,a);
  1166. BIO_puts(bp," * ");
  1167. BN_print(bp,c);
  1168. BIO_puts(bp," % ");
  1169. BN_print(bp,b[j]);
  1170. BIO_puts(bp," - ");
  1171. BN_print(bp,e);
  1172. BIO_puts(bp,"\n");
  1173. }
  1174. }
  1175. #endif
  1176. BN_GF2m_add(f, a, d);
  1177. BN_GF2m_mod_mul(g, f, c, b[j], ctx);
  1178. BN_GF2m_mod_mul(h, d, c, b[j], ctx);
  1179. BN_GF2m_add(f, e, g);
  1180. BN_GF2m_add(f, f, h);
  1181. /* Test that (a+d)*c = a*c + d*c. */
  1182. if(!BN_is_zero(f))
  1183. {
  1184. fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
  1185. goto err;
  1186. }
  1187. }
  1188. }
  1189. ret = 1;
  1190. err:
  1191. BN_free(a);
  1192. BN_free(b[0]);
  1193. BN_free(b[1]);
  1194. BN_free(c);
  1195. BN_free(d);
  1196. BN_free(e);
  1197. BN_free(f);
  1198. BN_free(g);
  1199. BN_free(h);
  1200. return ret;
  1201. }
  1202. int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
  1203. {
  1204. BIGNUM *a,*b[2],*c,*d;
  1205. int i, j, ret = 0;
  1206. int p0[] = {163,7,6,3,0,-1};
  1207. int p1[] = {193,15,0,-1};
  1208. a=BN_new();
  1209. b[0]=BN_new();
  1210. b[1]=BN_new();
  1211. c=BN_new();
  1212. d=BN_new();
  1213. BN_GF2m_arr2poly(p0, b[0]);
  1214. BN_GF2m_arr2poly(p1, b[1]);
  1215. for (i=0; i<num0; i++)
  1216. {
  1217. BN_bntest_rand(a, 1024, 0, 0);
  1218. for (j=0; j < 2; j++)
  1219. {
  1220. BN_GF2m_mod_sqr(c, a, b[j], ctx);
  1221. BN_copy(d, a);
  1222. BN_GF2m_mod_mul(d, a, d, b[j], ctx);
  1223. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1224. if (bp != NULL)
  1225. {
  1226. if (!results)
  1227. {
  1228. BN_print(bp,a);
  1229. BIO_puts(bp," ^ 2 % ");
  1230. BN_print(bp,b[j]);
  1231. BIO_puts(bp, " = ");
  1232. BN_print(bp,c);
  1233. BIO_puts(bp,"; a * a = ");
  1234. BN_print(bp,d);
  1235. BIO_puts(bp,"\n");
  1236. }
  1237. }
  1238. #endif
  1239. BN_GF2m_add(d, c, d);
  1240. /* Test that a*a = a^2. */
  1241. if(!BN_is_zero(d))
  1242. {
  1243. fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
  1244. goto err;
  1245. }
  1246. }
  1247. }
  1248. ret = 1;
  1249. err:
  1250. BN_free(a);
  1251. BN_free(b[0]);
  1252. BN_free(b[1]);
  1253. BN_free(c);
  1254. BN_free(d);
  1255. return ret;
  1256. }
  1257. int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
  1258. {
  1259. BIGNUM *a,*b[2],*c,*d;
  1260. int i, j, ret = 0;
  1261. int p0[] = {163,7,6,3,0,-1};
  1262. int p1[] = {193,15,0,-1};
  1263. a=BN_new();
  1264. b[0]=BN_new();
  1265. b[1]=BN_new();
  1266. c=BN_new();
  1267. d=BN_new();
  1268. BN_GF2m_arr2poly(p0, b[0]);
  1269. BN_GF2m_arr2poly(p1, b[1]);
  1270. for (i=0; i<num0; i++)
  1271. {
  1272. BN_bntest_rand(a, 512, 0, 0);
  1273. for (j=0; j < 2; j++)
  1274. {
  1275. BN_GF2m_mod_inv(c, a, b[j], ctx);
  1276. BN_GF2m_mod_mul(d, a, c, b[j], ctx);
  1277. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1278. if (bp != NULL)
  1279. {
  1280. if (!results)
  1281. {
  1282. BN_print(bp,a);
  1283. BIO_puts(bp, " * ");
  1284. BN_print(bp,c);
  1285. BIO_puts(bp," - 1 % ");
  1286. BN_print(bp,b[j]);
  1287. BIO_puts(bp,"\n");
  1288. }
  1289. }
  1290. #endif
  1291. /* Test that ((1/a)*a) = 1. */
  1292. if(!BN_is_one(d))
  1293. {
  1294. fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
  1295. goto err;
  1296. }
  1297. }
  1298. }
  1299. ret = 1;
  1300. err:
  1301. BN_free(a);
  1302. BN_free(b[0]);
  1303. BN_free(b[1]);
  1304. BN_free(c);
  1305. BN_free(d);
  1306. return ret;
  1307. }
  1308. int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
  1309. {
  1310. BIGNUM *a,*b[2],*c,*d,*e,*f;
  1311. int i, j, ret = 0;
  1312. int p0[] = {163,7,6,3,0,-1};
  1313. int p1[] = {193,15,0,-1};
  1314. a=BN_new();
  1315. b[0]=BN_new();
  1316. b[1]=BN_new();
  1317. c=BN_new();
  1318. d=BN_new();
  1319. e=BN_new();
  1320. f=BN_new();
  1321. BN_GF2m_arr2poly(p0, b[0]);
  1322. BN_GF2m_arr2poly(p1, b[1]);
  1323. for (i=0; i<num0; i++)
  1324. {
  1325. BN_bntest_rand(a, 512, 0, 0);
  1326. BN_bntest_rand(c, 512, 0, 0);
  1327. for (j=0; j < 2; j++)
  1328. {
  1329. BN_GF2m_mod_div(d, a, c, b[j], ctx);
  1330. BN_GF2m_mod_mul(e, d, c, b[j], ctx);
  1331. BN_GF2m_mod_div(f, a, e, b[j], ctx);
  1332. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1333. if (bp != NULL)
  1334. {
  1335. if (!results)
  1336. {
  1337. BN_print(bp,a);
  1338. BIO_puts(bp, " = ");
  1339. BN_print(bp,c);
  1340. BIO_puts(bp," * ");
  1341. BN_print(bp,d);
  1342. BIO_puts(bp, " % ");
  1343. BN_print(bp,b[j]);
  1344. BIO_puts(bp,"\n");
  1345. }
  1346. }
  1347. #endif
  1348. /* Test that ((a/c)*c)/a = 1. */
  1349. if(!BN_is_one(f))
  1350. {
  1351. fprintf(stderr,"GF(2^m) modular division test failed!\n");
  1352. goto err;
  1353. }
  1354. }
  1355. }
  1356. ret = 1;
  1357. err:
  1358. BN_free(a);
  1359. BN_free(b[0]);
  1360. BN_free(b[1]);
  1361. BN_free(c);
  1362. BN_free(d);
  1363. BN_free(e);
  1364. BN_free(f);
  1365. return ret;
  1366. }
  1367. int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
  1368. {
  1369. BIGNUM *a,*b[2],*c,*d,*e,*f;
  1370. int i, j, ret = 0;
  1371. int p0[] = {163,7,6,3,0,-1};
  1372. int p1[] = {193,15,0,-1};
  1373. a=BN_new();
  1374. b[0]=BN_new();
  1375. b[1]=BN_new();
  1376. c=BN_new();
  1377. d=BN_new();
  1378. e=BN_new();
  1379. f=BN_new();
  1380. BN_GF2m_arr2poly(p0, b[0]);
  1381. BN_GF2m_arr2poly(p1, b[1]);
  1382. for (i=0; i<num0; i++)
  1383. {
  1384. BN_bntest_rand(a, 512, 0, 0);
  1385. BN_bntest_rand(c, 512, 0, 0);
  1386. BN_bntest_rand(d, 512, 0, 0);
  1387. for (j=0; j < 2; j++)
  1388. {
  1389. BN_GF2m_mod_exp(e, a, c, b[j], ctx);
  1390. BN_GF2m_mod_exp(f, a, d, b[j], ctx);
  1391. BN_GF2m_mod_mul(e, e, f, b[j], ctx);
  1392. BN_add(f, c, d);
  1393. BN_GF2m_mod_exp(f, a, f, b[j], ctx);
  1394. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1395. if (bp != NULL)
  1396. {
  1397. if (!results)
  1398. {
  1399. BN_print(bp,a);
  1400. BIO_puts(bp, " ^ (");
  1401. BN_print(bp,c);
  1402. BIO_puts(bp," + ");
  1403. BN_print(bp,d);
  1404. BIO_puts(bp, ") = ");
  1405. BN_print(bp,e);
  1406. BIO_puts(bp, "; - ");
  1407. BN_print(bp,f);
  1408. BIO_puts(bp, " % ");
  1409. BN_print(bp,b[j]);
  1410. BIO_puts(bp,"\n");
  1411. }
  1412. }
  1413. #endif
  1414. BN_GF2m_add(f, e, f);
  1415. /* Test that a^(c+d)=a^c*a^d. */
  1416. if(!BN_is_zero(f))
  1417. {
  1418. fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
  1419. goto err;
  1420. }
  1421. }
  1422. }
  1423. ret = 1;
  1424. err:
  1425. BN_free(a);
  1426. BN_free(b[0]);
  1427. BN_free(b[1]);
  1428. BN_free(c);
  1429. BN_free(d);
  1430. BN_free(e);
  1431. BN_free(f);
  1432. return ret;
  1433. }
  1434. int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
  1435. {
  1436. BIGNUM *a,*b[2],*c,*d,*e,*f;
  1437. int i, j, ret = 0;
  1438. int p0[] = {163,7,6,3,0,-1};
  1439. int p1[] = {193,15,0,-1};
  1440. a=BN_new();
  1441. b[0]=BN_new();
  1442. b[1]=BN_new();
  1443. c=BN_new();
  1444. d=BN_new();
  1445. e=BN_new();
  1446. f=BN_new();
  1447. BN_GF2m_arr2poly(p0, b[0]);
  1448. BN_GF2m_arr2poly(p1, b[1]);
  1449. for (i=0; i<num0; i++)
  1450. {
  1451. BN_bntest_rand(a, 512, 0, 0);
  1452. for (j=0; j < 2; j++)
  1453. {
  1454. BN_GF2m_mod(c, a, b[j]);
  1455. BN_GF2m_mod_sqrt(d, a, b[j], ctx);
  1456. BN_GF2m_mod_sqr(e, d, b[j], ctx);
  1457. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1458. if (bp != NULL)
  1459. {
  1460. if (!results)
  1461. {
  1462. BN_print(bp,d);
  1463. BIO_puts(bp, " ^ 2 - ");
  1464. BN_print(bp,a);
  1465. BIO_puts(bp,"\n");
  1466. }
  1467. }
  1468. #endif
  1469. BN_GF2m_add(f, c, e);
  1470. /* Test that d^2 = a, where d = sqrt(a). */
  1471. if(!BN_is_zero(f))
  1472. {
  1473. fprintf(stderr,"GF(2^m) modular square root test failed!\n");
  1474. goto err;
  1475. }
  1476. }
  1477. }
  1478. ret = 1;
  1479. err:
  1480. BN_free(a);
  1481. BN_free(b[0]);
  1482. BN_free(b[1]);
  1483. BN_free(c);
  1484. BN_free(d);
  1485. BN_free(e);
  1486. BN_free(f);
  1487. return ret;
  1488. }
  1489. int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
  1490. {
  1491. BIGNUM *a,*b[2],*c,*d,*e;
  1492. int i, j, s = 0, t, ret = 0;
  1493. int p0[] = {163,7,6,3,0,-1};
  1494. int p1[] = {193,15,0,-1};
  1495. a=BN_new();
  1496. b[0]=BN_new();
  1497. b[1]=BN_new();
  1498. c=BN_new();
  1499. d=BN_new();
  1500. e=BN_new();
  1501. BN_GF2m_arr2poly(p0, b[0]);
  1502. BN_GF2m_arr2poly(p1, b[1]);
  1503. for (i=0; i<num0; i++)
  1504. {
  1505. BN_bntest_rand(a, 512, 0, 0);
  1506. for (j=0; j < 2; j++)
  1507. {
  1508. t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
  1509. if (t)
  1510. {
  1511. s++;
  1512. BN_GF2m_mod_sqr(d, c, b[j], ctx);
  1513. BN_GF2m_add(d, c, d);
  1514. BN_GF2m_mod(e, a, b[j]);
  1515. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1516. if (bp != NULL)
  1517. {
  1518. if (!results)
  1519. {
  1520. BN_print(bp,c);
  1521. BIO_puts(bp, " is root of z^2 + z = ");
  1522. BN_print(bp,a);
  1523. BIO_puts(bp, " % ");
  1524. BN_print(bp,b[j]);
  1525. BIO_puts(bp, "\n");
  1526. }
  1527. }
  1528. #endif
  1529. BN_GF2m_add(e, e, d);
  1530. /* Test that solution of quadratic c satisfies c^2 + c = a. */
  1531. if(!BN_is_zero(e))
  1532. {
  1533. fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
  1534. goto err;
  1535. }
  1536. }
  1537. else
  1538. {
  1539. #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
  1540. if (bp != NULL)
  1541. {
  1542. if (!results)
  1543. {
  1544. BIO_puts(bp, "There are no roots of z^2 + z = ");
  1545. BN_print(bp,a);
  1546. BIO_puts(bp, " % ");
  1547. BN_print(bp,b[j]);
  1548. BIO_puts(bp, "\n");
  1549. }
  1550. }
  1551. #endif
  1552. }
  1553. }
  1554. }
  1555. if (s == 0)
  1556. {
  1557. fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
  1558. fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
  1559. goto err;
  1560. }
  1561. ret = 1;
  1562. err:
  1563. BN_free(a);
  1564. BN_free(b[0]);
  1565. BN_free(b[1]);
  1566. BN_free(c);
  1567. BN_free(d);
  1568. BN_free(e);
  1569. return ret;
  1570. }
  1571. #endif
  1572. static int genprime_cb(int p, int n, BN_GENCB *arg)
  1573. {
  1574. char c='*';
  1575. if (p == 0) c='.';
  1576. if (p == 1) c='+';
  1577. if (p == 2) c='*';
  1578. if (p == 3) c='\n';
  1579. putc(c, stderr);
  1580. fflush(stderr);
  1581. return 1;
  1582. }
  1583. int test_kron(BIO *bp, BN_CTX *ctx)
  1584. {
  1585. BN_GENCB cb;
  1586. BIGNUM *a,*b,*r,*t;
  1587. int i;
  1588. int legendre, kronecker;
  1589. int ret = 0;
  1590. a = BN_new();
  1591. b = BN_new();
  1592. r = BN_new();
  1593. t = BN_new();
  1594. if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
  1595. BN_GENCB_set(&cb, genprime_cb, NULL);
  1596. /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
  1597. * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
  1598. * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
  1599. * So we generate a random prime b and compare these values
  1600. * for a number of random a's. (That is, we run the Solovay-Strassen
  1601. * primality test to confirm that b is prime, except that we
  1602. * don't want to test whether b is prime but whether BN_kronecker
  1603. * works.) */
  1604. if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
  1605. b->neg = rand_neg();
  1606. putc('\n', stderr);
  1607. for (i = 0; i < num0; i++)
  1608. {
  1609. if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
  1610. a->neg = rand_neg();
  1611. /* t := (|b|-1)/2 (note that b is odd) */
  1612. if (!BN_copy(t, b)) goto err;
  1613. t->neg = 0;
  1614. if (!BN_sub_word(t, 1)) goto err;
  1615. if (!BN_rshift1(t, t)) goto err;
  1616. /* r := a^t mod b */
  1617. b->neg=0;
  1618. if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
  1619. b->neg=1;
  1620. if (BN_is_word(r, 1))
  1621. legendre = 1;
  1622. else if (BN_is_zero(r))
  1623. legendre = 0;
  1624. else
  1625. {
  1626. if (!BN_add_word(r, 1)) goto err;
  1627. if (0 != BN_ucmp(r, b))
  1628. {
  1629. fprintf(stderr, "Legendre symbol computation failed\n");
  1630. goto err;
  1631. }
  1632. legendre = -1;
  1633. }
  1634. kronecker = BN_kronecker(a, b, ctx);
  1635. if (kronecker < -1) goto err;
  1636. /* we actually need BN_kronecker(a, |b|) */
  1637. if (a->neg && b->neg)
  1638. kronecker = -kronecker;
  1639. if (legendre != kronecker)
  1640. {
  1641. fprintf(stderr, "legendre != kronecker; a = ");
  1642. BN_print_fp(stderr, a);
  1643. fprintf(stderr, ", b = ");
  1644. BN_print_fp(stderr, b);
  1645. fprintf(stderr, "\n");
  1646. goto err;
  1647. }
  1648. putc('.', stderr);
  1649. fflush(stderr);
  1650. }
  1651. putc('\n', stderr);
  1652. fflush(stderr);
  1653. ret = 1;
  1654. err:
  1655. if (a != NULL) BN_free(a);
  1656. if (b != NULL) BN_free(b);
  1657. if (r != NULL) BN_free(r);
  1658. if (t != NULL) BN_free(t);
  1659. return ret;
  1660. }
  1661. int test_sqrt(BIO *bp, BN_CTX *ctx)
  1662. {
  1663. BN_GENCB cb;
  1664. BIGNUM *a,*p,*r;
  1665. int i, j;
  1666. int ret = 0;
  1667. a = BN_new();
  1668. p = BN_new();
  1669. r = BN_new();
  1670. if (a == NULL || p == NULL || r == NULL) goto err;
  1671. BN_GENCB_set(&cb, genprime_cb, NULL);
  1672. for (i = 0; i < 16; i++)
  1673. {
  1674. if (i < 8)
  1675. {
  1676. unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
  1677. if (!BN_set_word(p, primes[i])) goto err;
  1678. }
  1679. else
  1680. {
  1681. if (!BN_set_word(a, 32)) goto err;
  1682. if (!BN_set_word(r, 2*i + 1)) goto err;
  1683. if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
  1684. putc('\n', stderr);
  1685. }
  1686. p->neg = rand_neg();
  1687. for (j = 0; j < num2; j++)
  1688. {
  1689. /* construct 'a' such that it is a square modulo p,
  1690. * but in general not a proper square and not reduced modulo p */
  1691. if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
  1692. if (!BN_nnmod(r, r, p, ctx)) goto err;
  1693. if (!BN_mod_sqr(r, r, p, ctx)) goto err;
  1694. if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
  1695. if (!BN_nnmod(a, a, p, ctx)) goto err;
  1696. if (!BN_mod_sqr(a, a, p, ctx)) goto err;
  1697. if (!BN_mul(a, a, r, ctx)) goto err;
  1698. if (rand_neg())
  1699. if (!BN_sub(a, a, p)) goto err;
  1700. if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
  1701. if (!BN_mod_sqr(r, r, p, ctx)) goto err;
  1702. if (!BN_nnmod(a, a, p, ctx)) goto err;
  1703. if (BN_cmp(a, r) != 0)
  1704. {
  1705. fprintf(stderr, "BN_mod_sqrt failed: a = ");
  1706. BN_print_fp(stderr, a);
  1707. fprintf(stderr, ", r = ");
  1708. BN_print_fp(stderr, r);
  1709. fprintf(stderr, ", p = ");
  1710. BN_print_fp(stderr, p);
  1711. fprintf(stderr, "\n");
  1712. goto err;
  1713. }
  1714. putc('.', stderr);
  1715. fflush(stderr);
  1716. }
  1717. putc('\n', stderr);
  1718. fflush(stderr);
  1719. }
  1720. ret = 1;
  1721. err:
  1722. if (a != NULL) BN_free(a);
  1723. if (p != NULL) BN_free(p);
  1724. if (r != NULL) BN_free(r);
  1725. return ret;
  1726. }
  1727. int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
  1728. {
  1729. BIGNUM *a,*b,*c,*d;
  1730. int i;
  1731. b=BN_new();
  1732. c=BN_new();
  1733. d=BN_new();
  1734. BN_one(c);
  1735. if(a_)
  1736. a=a_;
  1737. else
  1738. {
  1739. a=BN_new();
  1740. BN_bntest_rand(a,200,0,0); /**/
  1741. a->neg=rand_neg();
  1742. }
  1743. for (i=0; i<num0; i++)
  1744. {
  1745. BN_lshift(b,a,i+1);
  1746. BN_add(c,c,c);
  1747. if (bp != NULL)
  1748. {
  1749. if (!results)
  1750. {
  1751. BN_print(bp,a);
  1752. BIO_puts(bp," * ");
  1753. BN_print(bp,c);
  1754. BIO_puts(bp," - ");
  1755. }
  1756. BN_print(bp,b);
  1757. BIO_puts(bp,"\n");
  1758. }
  1759. BN_mul(d,a,c,ctx);
  1760. BN_sub(d,d,b);
  1761. if(!BN_is_zero(d))
  1762. {
  1763. fprintf(stderr,"Left shift test failed!\n");
  1764. fprintf(stderr,"a=");
  1765. BN_print_fp(stderr,a);
  1766. fprintf(stderr,"\nb=");
  1767. BN_print_fp(stderr,b);
  1768. fprintf(stderr,"\nc=");
  1769. BN_print_fp(stderr,c);
  1770. fprintf(stderr,"\nd=");
  1771. BN_print_fp(stderr,d);
  1772. fprintf(stderr,"\n");
  1773. return 0;
  1774. }
  1775. }
  1776. BN_free(a);
  1777. BN_free(b);
  1778. BN_free(c);
  1779. BN_free(d);
  1780. return(1);
  1781. }
  1782. int test_lshift1(BIO *bp)
  1783. {
  1784. BIGNUM *a,*b,*c;
  1785. int i;
  1786. a=BN_new();
  1787. b=BN_new();
  1788. c=BN_new();
  1789. BN_bntest_rand(a,200,0,0); /**/
  1790. a->neg=rand_neg();
  1791. for (i=0; i<num0; i++)
  1792. {
  1793. BN_lshift1(b,a);
  1794. if (bp != NULL)
  1795. {
  1796. if (!results)
  1797. {
  1798. BN_print(bp,a);
  1799. BIO_puts(bp," * 2");
  1800. BIO_puts(bp," - ");
  1801. }
  1802. BN_print(bp,b);
  1803. BIO_puts(bp,"\n");
  1804. }
  1805. BN_add(c,a,a);
  1806. BN_sub(a,b,c);
  1807. if(!BN_is_zero(a))
  1808. {
  1809. fprintf(stderr,"Left shift one test failed!\n");
  1810. return 0;
  1811. }
  1812. BN_copy(a,b);
  1813. }
  1814. BN_free(a);
  1815. BN_free(b);
  1816. BN_free(c);
  1817. return(1);
  1818. }
  1819. int test_rshift(BIO *bp,BN_CTX *ctx)
  1820. {
  1821. BIGNUM *a,*b,*c,*d,*e;
  1822. int i;
  1823. a=BN_new();
  1824. b=BN_new();
  1825. c=BN_new();
  1826. d=BN_new();
  1827. e=BN_new();
  1828. BN_one(c);
  1829. BN_bntest_rand(a,200,0,0); /**/
  1830. a->neg=rand_neg();
  1831. for (i=0; i<num0; i++)
  1832. {
  1833. BN_rshift(b,a,i+1);
  1834. BN_add(c,c,c);
  1835. if (bp != NULL)
  1836. {
  1837. if (!results)
  1838. {
  1839. BN_print(bp,a);
  1840. BIO_puts(bp," / ");
  1841. BN_print(bp,c);
  1842. BIO_puts(bp," - ");
  1843. }
  1844. BN_print(bp,b);
  1845. BIO_puts(bp,"\n");
  1846. }
  1847. BN_div(d,e,a,c,ctx);
  1848. BN_sub(d,d,b);
  1849. if(!BN_is_zero(d))
  1850. {
  1851. fprintf(stderr,"Right shift test failed!\n");
  1852. return 0;
  1853. }
  1854. }
  1855. BN_free(a);
  1856. BN_free(b);
  1857. BN_free(c);
  1858. BN_free(d);
  1859. BN_free(e);
  1860. return(1);
  1861. }
  1862. int test_rshift1(BIO *bp)
  1863. {
  1864. BIGNUM *a,*b,*c;
  1865. int i;
  1866. a=BN_new();
  1867. b=BN_new();
  1868. c=BN_new();
  1869. BN_bntest_rand(a,200,0,0); /**/
  1870. a->neg=rand_neg();
  1871. for (i=0; i<num0; i++)
  1872. {
  1873. BN_rshift1(b,a);
  1874. if (bp != NULL)
  1875. {
  1876. if (!results)
  1877. {
  1878. BN_print(bp,a);
  1879. BIO_puts(bp," / 2");
  1880. BIO_puts(bp," - ");
  1881. }
  1882. BN_print(bp,b);
  1883. BIO_puts(bp,"\n");
  1884. }
  1885. BN_sub(c,a,b);
  1886. BN_sub(c,c,b);
  1887. if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
  1888. {
  1889. fprintf(stderr,"Right shift one test failed!\n");
  1890. return 0;
  1891. }
  1892. BN_copy(a,b);
  1893. }
  1894. BN_free(a);
  1895. BN_free(b);
  1896. BN_free(c);
  1897. return(1);
  1898. }
  1899. int rand_neg(void)
  1900. {
  1901. static unsigned int neg=0;
  1902. static int sign[8]={0,0,0,1,1,0,1,1};
  1903. return(sign[(neg++)%8]);
  1904. }