summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2022-12-03 09:37:02 +0000
committertb <>2022-12-03 09:37:02 +0000
commit8706f55a252aac6369dbb89a79b358ffb5d42ea2 (patch)
tree70fbe8df8cabed49adc7fa5a648f755b2318b4c6 /src
parentc6d7a34e7fd867cf5c30482829d102f5f6af617c (diff)
downloadopenbsd-8706f55a252aac6369dbb89a79b358ffb5d42ea2.tar.gz
openbsd-8706f55a252aac6369dbb89a79b358ffb5d42ea2.tar.bz2
openbsd-8706f55a252aac6369dbb89a79b358ffb5d42ea2.zip
Refactor and fix bn_mod_exp test
The amount of copy-paste in this test led to a few bugs and it was hard to spot them since things were done in random order. Use a different approach: compute the result of a^b (mod m) according to BN_mod_exp_simple(), then compare the results of all the other *_mod_exp* functions to that. Reuse the test structure from bn_mod_exp_zero.c to loop over the list of functions. This way we test more functions and don't forget to check some crucial bits.
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libcrypto/bn/bn_mod_exp.c166
1 files changed, 86 insertions, 80 deletions
diff --git a/src/regress/lib/libcrypto/bn/bn_mod_exp.c b/src/regress/lib/libcrypto/bn/bn_mod_exp.c
index 4b98dea0d7..c7963d2a29 100644
--- a/src/regress/lib/libcrypto/bn/bn_mod_exp.c
+++ b/src/regress/lib/libcrypto/bn/bn_mod_exp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_mod_exp.c,v 1.7 2022/12/03 08:21:38 tb Exp $ */ 1/* $OpenBSD: bn_mod_exp.c,v 1.8 2022/12/03 09:37:02 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -67,14 +67,88 @@
67 67
68#define NUM_BITS (BN_BITS*2) 68#define NUM_BITS (BN_BITS*2)
69 69
70#define INIT_MOD_EXP_FN(f) { .name = #f, .mod_exp_fn = (f), }
71#define INIT_MOD_EXP_MONT_FN(f) { .name = #f, .mod_exp_mont_fn = (f), }
72
73static const struct mod_exp_test {
74 const char *name;
75 int (*mod_exp_fn)(BIGNUM *,const BIGNUM *, const BIGNUM *,
76 const BIGNUM *, BN_CTX *);
77 int (*mod_exp_mont_fn)(BIGNUM *,const BIGNUM *, const BIGNUM *,
78 const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
79} mod_exp_fn[] = {
80 INIT_MOD_EXP_FN(BN_mod_exp),
81 INIT_MOD_EXP_FN(BN_mod_exp_ct),
82 INIT_MOD_EXP_FN(BN_mod_exp_nonct),
83 INIT_MOD_EXP_FN(BN_mod_exp_recp),
84 INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont),
85 INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_ct),
86 INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_consttime),
87 INIT_MOD_EXP_MONT_FN(BN_mod_exp_mont_nonct),
88};
89
90#define N_MOD_EXP_FN (sizeof(mod_exp_fn) / sizeof(mod_exp_fn[0]))
91
92static int
93test_mod_exp(const BIGNUM *result_simple, const BIGNUM *a, const BIGNUM *b,
94 const BIGNUM *m, BN_CTX *ctx, const struct mod_exp_test *test)
95{
96 BIGNUM *result;
97 int ret = 0;
98
99 BN_CTX_start(ctx);
100
101 if ((result = BN_CTX_get(ctx)) == NULL)
102 goto err;
103
104 if (test->mod_exp_fn != NULL) {
105 if (!test->mod_exp_fn(result, a, b, m, ctx)) {
106 fprintf(stderr, "%s problems\n", test->name);
107 ERR_print_errors_fp(stderr);
108 goto err;
109 }
110 } else {
111 if (!test->mod_exp_mont_fn(result, a, b, m, ctx, NULL)) {
112 fprintf(stderr, "%s problems\n", test->name);
113 ERR_print_errors_fp(stderr);
114 goto err;
115 }
116 }
117
118 if (BN_cmp(result_simple, result) != 0) {
119 printf("\nResults from BN_mod_exp_simple and %s differ\n",
120 test->name);
121
122 printf("a (%3d) = ", BN_num_bits(a));
123 BN_print_fp(stdout, a);
124 printf("\nb (%3d) = ", BN_num_bits(b));
125 BN_print_fp(stdout, b);
126 printf("\nm (%3d) = ", BN_num_bits(m));
127 BN_print_fp(stdout, m);
128 printf("\nsimple = ");
129 BN_print_fp(stdout, result_simple);
130 printf("\nresult = ");
131 BN_print_fp(stdout, result);
132 printf("\n");
133
134 goto err;
135 }
136
137 ret = 1;
138
139 err:
140 BN_CTX_end(ctx);
141
142 return ret;
143}
144
70int 145int
71main(int argc, char *argv[]) 146main(int argc, char *argv[])
72{ 147{
73 BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple; 148 BIGNUM *result_simple, *a, *b, *m;
74 BIGNUM *r_mont_ct, *r_mont_nonct, *a, *b, *m;
75 BN_CTX *ctx; 149 BN_CTX *ctx;
76 int c; 150 int c, i;
77 int i, ret; 151 size_t j;
78 152
79 ERR_load_BN_strings(); 153 ERR_load_BN_strings();
80 154
@@ -83,24 +157,14 @@ main(int argc, char *argv[])
83 157
84 BN_CTX_start(ctx); 158 BN_CTX_start(ctx);
85 159
86 if ((r_mont = BN_CTX_get(ctx)) == NULL)
87 goto err;
88 if ((r_mont_const = BN_CTX_get(ctx)) == NULL)
89 goto err;
90 if ((r_mont_ct = BN_CTX_get(ctx)) == NULL)
91 goto err;
92 if ((r_mont_nonct = BN_CTX_get(ctx)) == NULL)
93 goto err;
94 if ((r_recp = BN_CTX_get(ctx)) == NULL)
95 goto err;
96 if ((r_simple = BN_CTX_get(ctx)) == NULL)
97 goto err;
98 if ((a = BN_CTX_get(ctx)) == NULL) 160 if ((a = BN_CTX_get(ctx)) == NULL)
99 goto err; 161 goto err;
100 if ((b = BN_CTX_get(ctx)) == NULL) 162 if ((b = BN_CTX_get(ctx)) == NULL)
101 goto err; 163 goto err;
102 if ((m = BN_CTX_get(ctx)) == NULL) 164 if ((m = BN_CTX_get(ctx)) == NULL)
103 goto err; 165 goto err;
166 if ((result_simple = BN_CTX_get(ctx)) == NULL)
167 goto err;
104 168
105 for (i = 0; i < 200; i++) { 169 for (i = 0; i < 200; i++) {
106 c = (arc4random() % BN_BITS) - BN_BITS2; 170 c = (arc4random() % BN_BITS) - BN_BITS2;
@@ -120,74 +184,16 @@ main(int argc, char *argv[])
120 if (!BN_mod(b, b, m, ctx)) 184 if (!BN_mod(b, b, m, ctx))
121 goto err; 185 goto err;
122 186
123 ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL); 187 if ((BN_mod_exp_simple(result_simple, a, b, m, ctx)) <= 0) {
124 if (ret <= 0) {
125 printf("BN_mod_exp_mont() problems\n");
126 goto err;
127 }
128
129 ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
130 if (ret <= 0) {
131 printf("BN_mod_exp_mont_ct() problems\n");
132 goto err;
133 }
134
135 ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
136 if (ret <= 0) {
137 printf("BN_mod_exp_mont_nonct() problems\n");
138 goto err;
139 }
140
141 ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
142 if (ret <= 0) {
143 printf("BN_mod_exp_recp() problems\n");
144 goto err;
145 }
146
147 ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
148 if (ret <= 0) {
149 printf("BN_mod_exp_simple() problems\n"); 188 printf("BN_mod_exp_simple() problems\n");
150 goto err; 189 goto err;
151 } 190 }
152 191
153 ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL); 192 for (j = 0; j < N_MOD_EXP_FN; j++) {
154 if (ret <= 0) { 193 const struct mod_exp_test *test = &mod_exp_fn[j];
155 printf("BN_mod_exp_mont_consttime() problems\n");
156 goto err;
157 }
158 194
159 if (BN_cmp(r_simple, r_mont) != 0 || 195 if (!test_mod_exp(result_simple, a, b, m, ctx, test))
160 BN_cmp(r_simple, r_mont_const) || 196 goto err;
161 BN_cmp(r_simple, r_recp) != 0 ||
162 BN_cmp(r_simple, r_mont_ct) != 0 ||
163 BN_cmp(r_simple, r_mont_nonct) != 0) {
164 if (BN_cmp(r_simple, r_mont) != 0)
165 printf("\nsimple and mont results differ\n");
166 if (BN_cmp(r_simple, r_mont_const) != 0)
167 printf("\nsimple and mont const time results differ\n");
168 if (BN_cmp(r_simple, r_recp) != 0)
169 printf("\nsimple and recp results differ\n");
170 if (BN_cmp(r_simple, r_mont_ct) != 0)
171 printf("\nsimple and mont results differ\n");
172 if (BN_cmp(r_simple, r_mont_nonct) != 0)
173 printf("\nsimple and mont_nonct results differ\n");
174
175 printf("a (%3d) = ", BN_num_bits(a));
176 BN_print_fp(stdout, a);
177 printf("\nb (%3d) = ", BN_num_bits(b));
178 BN_print_fp(stdout, b);
179 printf("\nm (%3d) = ", BN_num_bits(m));
180 BN_print_fp(stdout, m);
181 printf("\nsimple =");
182 BN_print_fp(stdout, r_simple);
183 printf("\nrecp =");
184 BN_print_fp(stdout, r_recp);
185 printf("\nmont =");
186 BN_print_fp(stdout, r_mont);
187 printf("\nmont_ct =");
188 BN_print_fp(stdout, r_mont_const);
189 printf("\n");
190 exit(1);
191 } 197 }
192 } 198 }
193 199
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:39:36 +0000