Add more extensive regress coverage for BN_mod_exp2_mont()

author: tb <> 2023-03-26 19:01:15 +0000
committer: tb <> 2023-03-26 19:01:15 +0000
commit: 9bbac719e1981de0311993bc24b2ba5eae5ebecd (patch)
tree: 0b8d19165e7ae7d3f918448007426b50f837d5db /src
parent: 4cc794820ea2378bfb73df0627c0bbb0cf94aa3d (diff)
download: openbsd-9bbac719e1981de0311993bc24b2ba5eae5ebecd.tar.gz
openbsd-9bbac719e1981de0311993bc24b2ba5eae5ebecd.tar.bz2
openbsd-9bbac719e1981de0311993bc24b2ba5eae5ebecd.zip
1 files changed, 191 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/bn/bn_mod_exp.c b/src/regress/lib/libcrypto/bn/bn_mod_exp.c
index 002649fd60..2fafb04a58 100644
--- a/src/regress/lib/libcrypto/bn/bn_mod_exp.c
+++ b/src/regress/lib/libcrypto/bn/bn_mod_exp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bn_mod_exp.c,v 1.19 2023/03/26 18:57:04 tb Exp $ */
+/*      $OpenBSD: bn_mod_exp.c,v 1.20 2023/03/26 19:01:15 tb Exp $ */
 /*
 * Copyright (c) 2022,2023 Theo Buehler <tb@openbsd.org>
@@ -25,6 +25,7 @@
 #include "bn_local.h"
 #define N_MOD_EXP_TESTS         400
+#define N_MOD_EXP2_TESTS        100
 #define INIT_MOD_EXP_FN(f) { .name = #f, .mod_exp_fn = (f), }
 #define INIT_MOD_EXP_MONT_FN(f) { .name = #f, .mod_exp_mont_fn = (f), }
@@ -279,6 +280,67 @@ generate_test_triple(int reduce, BIGNUM *a, BIGNUM *p, BIGNUM *m, BN_CTX *ctx)
        return ret;
 }
+static int
+generate_test_quintuple(int reduce, BIGNUM *a1, BIGNUM *p1,
+    BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx)
+{
+        BIGNUM *mmodified;
+        BN_ULONG multiple;
+        int avg = 2 * BN_BITS, deviate = BN_BITS / 2;
+        int ret = 0;
+        if (!generate_bn(a1, avg, deviate, 0))
+                return 0;
+        if (!generate_bn(p1, avg, deviate, 0))
+                return 0;
+        if (!generate_bn(a2, avg, deviate, 0))
+                return 0;
+        if (!generate_bn(p2, avg, deviate, 0))
+                return 0;
+        if (!generate_bn(m, avg, deviate, 1))
+                return 0;
+        if (reduce) {
+                if (!BN_mod(a1, a1, m, ctx))
+                        return 0;
+                return BN_mod(a2, a2, m, ctx);
+        }
+        /*
+         * Add a random multiple of m to a to test unreduced exponentiation.
+         */
+        BN_CTX_start(ctx);
+        if ((mmodified = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if (BN_copy(mmodified, m) == NULL)
+                goto err;
+        multiple = arc4random_uniform(16) + 2;
+        if (!BN_mul_word(mmodified, multiple))
+                goto err;
+        if (!BN_add(a1, a1, mmodified))
+                goto err;
+        if (!BN_add(a2, a2, mmodified))
+                goto err;
+        ret = 1;
+ err:
+        BN_CTX_end(ctx);
+        return ret;
+}
 static void
 dump_exp_results(const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
    const BIGNUM *want, const BIGNUM *got, const char *name)
@@ -398,6 +460,133 @@ run_bn_mod_exp_tests(void)
        return failed;
 }
+static void
+dump_exp2_results(const BIGNUM *a1, const BIGNUM *p1, const BIGNUM *a2,
+    const BIGNUM *p2, const BIGNUM *m, const BIGNUM *want, const BIGNUM *got)
+{
+        printf("BN_mod_exp_simple() and BN_mod_exp2_mont() disagree");
+        printf("\nwant: ");
+        BN_print_fp(stdout, want);
+        printf("\ngot:  ");
+        BN_print_fp(stdout, got);
+        printf("\na1: ");
+        BN_print_fp(stdout, a1);
+        printf("\np1: ");
+        BN_print_fp(stdout, p1);
+        printf("\na2: ");
+        BN_print_fp(stdout, a2);
+        printf("\np2: ");
+        BN_print_fp(stdout, p2);
+        printf("\nm: ");
+        BN_print_fp(stdout, m);
+        printf("\n\n");
+}
+static int
+bn_mod_exp2_simple(BIGNUM *out, const BIGNUM *a1, const BIGNUM *p1,
+    const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, BN_CTX *ctx)
+{
+        BIGNUM *fact1, *fact2;
+        int ret = 0;
+        BN_CTX_start(ctx);
+        if ((fact1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((fact2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if (!BN_mod_exp_simple(fact1, a1, p1, m, ctx))
+                goto err;
+        if (!BN_mod_exp_simple(fact2, a2, p2, m, ctx))
+                goto err;
+        if (!BN_mod_mul(out, fact1, fact2, m, ctx))
+                goto err;
+        ret = 1;
+ err:
+        BN_CTX_end(ctx);
+        return ret;
+}
+static int
+bn_mod_exp2_test(int reduce, BIGNUM *want, BIGNUM *got, BIGNUM *a1, BIGNUM *p1,
+    BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx)
+{
+        size_t i;
+        int failed = 0;
+        if (!generate_test_quintuple(reduce, a1, p1, a2, p2, m, ctx))
+                errx(1, "generate_test_quintuple");
+        for (i = 0; i < 16; i++) {
+                BN_set_negative(a1, i & 1);
+                BN_set_negative(p1, (i >> 1) & 1);
+                BN_set_negative(a2, (i >> 2) & 1);
+                BN_set_negative(p2, (i >> 3) & 1);
+                if (!bn_mod_exp2_simple(want, a1, p1, a2, p2, m, ctx))
+                        errx(1, "BN_mod_exp_simple");
+                if (!BN_mod_exp2_mont(got, a1, p1, a2, p2, m, ctx, NULL))
+                        errx(1, "BN_mod_exp2_mont");
+                if (BN_cmp(want, got) != 0) {
+                        dump_exp2_results(a1, p1, a2, p2, m, want, got);
+                        failed |= 1;
+                }
+        }
+        return failed;
+}
+static int
+run_bn_mod_exp2_tests(void)
+{
+        BIGNUM *a1, *p1, *a2, *p2, *m, *want, *got;
+        BN_CTX *ctx;
+        int i;
+        int reduce;
+        int failed = 0;
+        if ((ctx = BN_CTX_new()) == NULL)
+                errx(1, "BN_CTX_new");
+        BN_CTX_start(ctx);
+        if ((a1 = BN_CTX_get(ctx)) == NULL)
+                errx(1, "a1 = BN_CTX_get()");
+        if ((p1 = BN_CTX_get(ctx)) == NULL)
+                errx(1, "p1 = BN_CTX_get()");
+        if ((a2 = BN_CTX_get(ctx)) == NULL)
+                errx(1, "a2 = BN_CTX_get()");
+        if ((p2 = BN_CTX_get(ctx)) == NULL)
+                errx(1, "p2 = BN_CTX_get()");
+        if ((m = BN_CTX_get(ctx)) == NULL)
+                errx(1, "m = BN_CTX_get()");
+        if ((want = BN_CTX_get(ctx)) == NULL)
+                errx(1, "want = BN_CTX_get()");
+        if ((got = BN_CTX_get(ctx)) == NULL)
+                errx(1, "want = BN_CTX_get()");
+        reduce = 0;
+        for (i = 0; i < N_MOD_EXP_TESTS; i++)
+                failed |= bn_mod_exp2_test(reduce, want, got, a1, p1, a2, p2, m,
+                    ctx);
+        reduce = 1;
+        for (i = 0; i < N_MOD_EXP_TESTS; i++)
+                failed |= bn_mod_exp2_test(reduce, want, got, a1, p1, a2, p2, m,
+                    ctx);
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return failed;
+}
 int
 main(void)
 {
@@ -405,6 +594,7 @@ main(void)
        failed |= run_bn_mod_exp_zero_tests();
        failed |= run_bn_mod_exp_tests();
+        failed |= run_bn_mod_exp2_tests();
        return failed;
 }
author	tb <>	2023-03-26 19:01:15 +0000
committer	tb <>	2023-03-26 19:01:15 +0000
commit	9bbac719e1981de0311993bc24b2ba5eae5ebecd (patch)
tree	0b8d19165e7ae7d3f918448007426b50f837d5db /src
parent	4cc794820ea2378bfb73df0627c0bbb0cf94aa3d (diff)
download	openbsd-9bbac719e1981de0311993bc24b2ba5eae5ebecd.tar.gz openbsd-9bbac719e1981de0311993bc24b2ba5eae5ebecd.tar.bz2 openbsd-9bbac719e1981de0311993bc24b2ba5eae5ebecd.zip

diff --git a/src/regress/lib/libcrypto/bn/bn_mod_exp.c b/src/regress/lib/libcrypto/bn/bn_mod_exp.c index 002649fd60..2fafb04a58 100644 --- a/src/regress/lib/libcrypto/bn/bn_mod_exp.c +++ b/src/regress/lib/libcrypto/bn/bn_mod_exp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_mod_exp.c,v 1.19 2023/03/26 18:57:04 tb Exp $ */	1	/* $OpenBSD: bn_mod_exp.c,v 1.20 2023/03/26 19:01:15 tb Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2022,2023 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2022,2023 Theo Buehler <tb@openbsd.org>
@@ -25,6 +25,7 @@
25	#include "bn_local.h"	25	#include "bn_local.h"
26		26
27	#define N_MOD_EXP_TESTS 400	27	#define N_MOD_EXP_TESTS 400
		28	#define N_MOD_EXP2_TESTS 100
28		29
29	#define INIT_MOD_EXP_FN(f) { .name = #f, .mod_exp_fn = (f), }	30	#define INIT_MOD_EXP_FN(f) { .name = #f, .mod_exp_fn = (f), }
30	#define INIT_MOD_EXP_MONT_FN(f) { .name = #f, .mod_exp_mont_fn = (f), }	31	#define INIT_MOD_EXP_MONT_FN(f) { .name = #f, .mod_exp_mont_fn = (f), }
@@ -279,6 +280,67 @@ generate_test_triple(int reduce, BIGNUM a, BIGNUM p, BIGNUM m, BN_CTX ctx)
279	return ret;	280	return ret;
280	}	281	}
281		282
		283	static int
		284	generate_test_quintuple(int reduce, BIGNUM a1, BIGNUM p1,
		285	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx)
		286	{
		287	BIGNUM *mmodified;
		288	BN_ULONG multiple;
		289	int avg = 2 * BN_BITS, deviate = BN_BITS / 2;
		290	int ret = 0;
		291
		292	if (!generate_bn(a1, avg, deviate, 0))
		293	return 0;
		294
		295	if (!generate_bn(p1, avg, deviate, 0))
		296	return 0;
		297
		298	if (!generate_bn(a2, avg, deviate, 0))
		299	return 0;
		300
		301	if (!generate_bn(p2, avg, deviate, 0))
		302	return 0;
		303
		304	if (!generate_bn(m, avg, deviate, 1))
		305	return 0;
		306
		307	if (reduce) {
		308	if (!BN_mod(a1, a1, m, ctx))
		309	return 0;
		310
		311	return BN_mod(a2, a2, m, ctx);
		312	}
		313
		314	/*
		315	* Add a random multiple of m to a to test unreduced exponentiation.
		316	*/
		317
		318	BN_CTX_start(ctx);
		319
		320	if ((mmodified = BN_CTX_get(ctx)) == NULL)
		321	goto err;
		322
		323	if (BN_copy(mmodified, m) == NULL)
		324	goto err;
		325
		326	multiple = arc4random_uniform(16) + 2;
		327
		328	if (!BN_mul_word(mmodified, multiple))
		329	goto err;
		330
		331	if (!BN_add(a1, a1, mmodified))
		332	goto err;
		333
		334	if (!BN_add(a2, a2, mmodified))
		335	goto err;
		336
		337	ret = 1;
		338	err:
		339	BN_CTX_end(ctx);
		340
		341	return ret;
		342	}
		343
282	static void	344	static void
283	dump_exp_results(const BIGNUM a, const BIGNUM p, const BIGNUM *m,	345	dump_exp_results(const BIGNUM a, const BIGNUM p, const BIGNUM *m,
284	const BIGNUM want, const BIGNUM got, const char *name)	346	const BIGNUM want, const BIGNUM got, const char *name)
@@ -398,6 +460,133 @@ run_bn_mod_exp_tests(void)
398	return failed;	460	return failed;
399	}	461	}
400		462
		463	static void
		464	dump_exp2_results(const BIGNUM a1, const BIGNUM p1, const BIGNUM *a2,
		465	const BIGNUM p2, const BIGNUM m, const BIGNUM want, const BIGNUM got)
		466	{
		467	printf("BN_mod_exp_simple() and BN_mod_exp2_mont() disagree");
		468
		469	printf("\nwant: ");
		470	BN_print_fp(stdout, want);
		471	printf("\ngot: ");
		472	BN_print_fp(stdout, got);
		473
		474	printf("\na1: ");
		475	BN_print_fp(stdout, a1);
		476	printf("\np1: ");
		477	BN_print_fp(stdout, p1);
		478	printf("\na2: ");
		479	BN_print_fp(stdout, a2);
		480	printf("\np2: ");
		481	BN_print_fp(stdout, p2);
		482	printf("\nm: ");
		483	BN_print_fp(stdout, m);
		484	printf("\n\n");
		485	}
		486
		487	static int
		488	bn_mod_exp2_simple(BIGNUM out, const BIGNUM a1, const BIGNUM *p1,
		489	const BIGNUM a2, const BIGNUM p2, const BIGNUM m, BN_CTX ctx)
		490	{
		491	BIGNUM fact1, fact2;
		492	int ret = 0;
		493
		494	BN_CTX_start(ctx);
		495
		496	if ((fact1 = BN_CTX_get(ctx)) == NULL)
		497	goto err;
		498	if ((fact2 = BN_CTX_get(ctx)) == NULL)
		499	goto err;
		500
		501	if (!BN_mod_exp_simple(fact1, a1, p1, m, ctx))
		502	goto err;
		503	if (!BN_mod_exp_simple(fact2, a2, p2, m, ctx))
		504	goto err;
		505	if (!BN_mod_mul(out, fact1, fact2, m, ctx))
		506	goto err;
		507
		508	ret = 1;
		509	err:
		510	BN_CTX_end(ctx);
		511
		512	return ret;
		513	}
		514
		515	static int
		516	bn_mod_exp2_test(int reduce, BIGNUM want, BIGNUM got, BIGNUM a1, BIGNUM p1,
		517	BIGNUM a2, BIGNUM p2, BIGNUM m, BN_CTX ctx)
		518	{
		519	size_t i;
		520	int failed = 0;
		521
		522	if (!generate_test_quintuple(reduce, a1, p1, a2, p2, m, ctx))
		523	errx(1, "generate_test_quintuple");
		524
		525	for (i = 0; i < 16; i++) {
		526	BN_set_negative(a1, i & 1);
		527	BN_set_negative(p1, (i >> 1) & 1);
		528	BN_set_negative(a2, (i >> 2) & 1);
		529	BN_set_negative(p2, (i >> 3) & 1);
		530
		531	if (!bn_mod_exp2_simple(want, a1, p1, a2, p2, m, ctx))
		532	errx(1, "BN_mod_exp_simple");
		533
		534	if (!BN_mod_exp2_mont(got, a1, p1, a2, p2, m, ctx, NULL))
		535	errx(1, "BN_mod_exp2_mont");
		536
		537	if (BN_cmp(want, got) != 0) {
		538	dump_exp2_results(a1, p1, a2, p2, m, want, got);
		539	failed \|= 1;
		540	}
		541	}
		542
		543	return failed;
		544	}
		545	static int
		546	run_bn_mod_exp2_tests(void)
		547	{
		548	BIGNUM a1, p1, a2, p2, m, want, *got;
		549	BN_CTX *ctx;
		550	int i;
		551	int reduce;
		552	int failed = 0;
		553
		554	if ((ctx = BN_CTX_new()) == NULL)
		555	errx(1, "BN_CTX_new");
		556
		557	BN_CTX_start(ctx);
		558
		559	if ((a1 = BN_CTX_get(ctx)) == NULL)
		560	errx(1, "a1 = BN_CTX_get()");
		561	if ((p1 = BN_CTX_get(ctx)) == NULL)
		562	errx(1, "p1 = BN_CTX_get()");
		563	if ((a2 = BN_CTX_get(ctx)) == NULL)
		564	errx(1, "a2 = BN_CTX_get()");
		565	if ((p2 = BN_CTX_get(ctx)) == NULL)
		566	errx(1, "p2 = BN_CTX_get()");
		567	if ((m = BN_CTX_get(ctx)) == NULL)
		568	errx(1, "m = BN_CTX_get()");
		569	if ((want = BN_CTX_get(ctx)) == NULL)
		570	errx(1, "want = BN_CTX_get()");
		571	if ((got = BN_CTX_get(ctx)) == NULL)
		572	errx(1, "want = BN_CTX_get()");
		573
		574	reduce = 0;
		575	for (i = 0; i < N_MOD_EXP_TESTS; i++)
		576	failed \|= bn_mod_exp2_test(reduce, want, got, a1, p1, a2, p2, m,
		577	ctx);
		578
		579	reduce = 1;
		580	for (i = 0; i < N_MOD_EXP_TESTS; i++)
		581	failed \|= bn_mod_exp2_test(reduce, want, got, a1, p1, a2, p2, m,
		582	ctx);
		583
		584	BN_CTX_end(ctx);
		585	BN_CTX_free(ctx);
		586
		587	return failed;
		588	}
		589
401	int	590	int
402	main(void)	591	main(void)
403	{	592	{
@@ -405,6 +594,7 @@ main(void)
405		594
406	failed \|= run_bn_mod_exp_zero_tests();	595	failed \|= run_bn_mod_exp_zero_tests();
407	failed \|= run_bn_mod_exp_tests();	596	failed \|= run_bn_mod_exp_tests();
		597	failed \|= run_bn_mod_exp2_tests();
408		598
409	return failed;	599	return failed;
410	}	600	}