From 9646537e94fe16b0f113a1171c17e5457251ac7c Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Thu, 24 Jul 2025 15:25:00 +0100 Subject: [PATCH 01/10] Improve testing of mbedtls_mpi_gcd() and mbedtls_mpi_inv_mod() Signed-off-by: Felix Conway --- include/mbedtls/bignum.h | 7 +++- tests/suites/test_suite_bignum.function | 49 +++++++++++++++++++----- tests/suites/test_suite_bignum.misc.data | 3 ++ 3 files changed, 47 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1e1c06330f..ed0c4e798e 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -988,10 +988,13 @@ int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, * \brief Compute the modular inverse: X = A^-1 mod N * * \param X The destination MPI. This must point to an initialized MPI. + * The value returned on success will be between [1, N-1]. * \param A The MPI to calculate the modular inverse of. This must point - * to an initialized MPI. + * to an initialized MPI. This value can be negative, in which + * case a positive answer will still be returned in \p X. * \param N The base of the modular inversion. This must point to an - * initialized MPI. + * initialized MPI. If this points to the same MPI as \p X, + * then the value returned in \p X will be incorrect. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index 36f1476d76..c94e7ccf85 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -390,12 +390,23 @@ void mpi_gcd(char *input_X, char *input_Y, mbedtls_mpi A, X, Y, Z; mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); - TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); - TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0); + TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&Y, input_Y), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0); + TEST_EQUAL(mbedtls_mpi_gcd(&Z, &X, &Y), 0); TEST_ASSERT(sign_is_valid(&Z)); - TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); + + mbedtls_mpi *Z_alias_X = &X; + TEST_EQUAL(mbedtls_mpi_gcd(Z_alias_X, &X, &Y), 0); + TEST_ASSERT(sign_is_valid(Z_alias_X)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(Z_alias_X, &A), 0); + + mbedtls_mpi *Z_alias_Y = &Y; + TEST_EQUAL(mbedtls_mpi_gcd(Z_alias_Y, &X, &Y), 0); + TEST_ASSERT(sign_is_valid(Z_alias_Y)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(Z_alias_Y, &A), 0); + exit: mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); @@ -1134,14 +1145,32 @@ void mpi_inv_mod(char *input_X, char *input_Y, int res; mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A); - TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0); - TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0); + TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&Y, input_Y), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0); res = mbedtls_mpi_inv_mod(&Z, &X, &Y); - TEST_ASSERT(res == div_result); + TEST_EQUAL(res, div_result); if (res == 0) { TEST_ASSERT(sign_is_valid(&Z)); - TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); + } + + mbedtls_mpi *Z_alias_X = &X; + res = mbedtls_mpi_inv_mod(Z_alias_X, &X, &Y); + TEST_EQUAL(res, div_result); + if (res == 0) { + TEST_ASSERT(sign_is_valid(Z_alias_X)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(Z_alias_X, &A), 0); + } + + /* When Z is an alias of Y, the answer returned in Z is normally incorrect. */ + mbedtls_mpi *Z_alias_Y = &Y; + res = mbedtls_mpi_inv_mod(Z_alias_Y, &X, &Y); + TEST_EQUAL(res, div_result); + if (res == 0) { + TEST_ASSERT(sign_is_valid(Z_alias_Y)); + /* Testing if Z_alias_Y == &A is not useful as it is true sometimes, but is + often false. */ } exit: diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index 2e3ff1ecc0..d4c730059d 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1504,6 +1504,9 @@ mpi_gcd:"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e Test GCD: 0 < A = B mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af" +Test GCD: A = B < 0 +mpi_gcd:"-9986dabb54d13cd9fe0d9da594a97e8372ab26ed98ff622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-9986dabb54d13cd9fe0d9da594a97e8372ab26ed98ff622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"9986dabb54d13cd9fe0d9da594a97e8372ab26ed98ff622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af" + Base test mbedtls_mpi_inv_mod #1 mpi_inv_mod:"3":"b":"4":0 From 1527b69c7ff77c0610ccb659146218c18448d8a2 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 28 Jul 2025 16:31:44 +0100 Subject: [PATCH 02/10] Clarify parameter documentation Signed-off-by: Felix Conway --- include/mbedtls/bignum.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ed0c4e798e..c67d653d7a 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -993,8 +993,9 @@ int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, * to an initialized MPI. This value can be negative, in which * case a positive answer will still be returned in \p X. * \param N The base of the modular inversion. This must point to an - * initialized MPI. If this points to the same MPI as \p X, - * then the value returned in \p X will be incorrect. + * initialized MPI and be greater than one. If this points to + * the same MPI as \p X, then the value returned in \p X will + * be incorrect. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. From f6d883c9280f32a3fa3ffcd6c7336f653bb3efcf Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Mon, 28 Jul 2025 16:32:14 +0100 Subject: [PATCH 03/10] Improve invmod and gcd handwritten tests Signed-off-by: Felix Conway --- tests/suites/test_suite_bignum.misc.data | 60 ++++++++++++++++++------ 1 file changed, 45 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index d4c730059d..74973ae562 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1435,6 +1435,9 @@ mpi_gcd:"":"":"0" Test GCD: 0 (null), 0 (1 limb) mpi_gcd:"":"00":"0" +Test GCD: 0 (1 limb), 0 (1 limb) +mpi_gcd:"00":"00":"0" + Test GCD: 0 (null), 3 mpi_gcd:"":"03":"3" @@ -1462,49 +1465,49 @@ mpi_gcd:"06":"":"6" Test GCD: 6, 0 (1 limb) mpi_gcd:"06":"00":"6" -Test GCD: gcd=1, 0 < A < B +Test GCD: gcd=1, A is odd, B is odd, 0 < A < B mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1" -Test GCD: gcd=1, 0 < B < A +Test GCD: gcd=1, A is odd, B is odd, 0 < B < A mpi_gcd:"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"1" -Test GCD: gcd=1, A > 0, B < 0 +Test GCD: gcd=1, A is odd, B is odd, A > 0, B < 0 mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1" -Test GCD: gcd=1, A < 0 < B, |A| < |B| +Test GCD: gcd=1, A is odd, B is odd, A < 0 < B, |A| < |B| mpi_gcd:"-109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1" -Test GCD: gcd=1, B < A < 0 +Test GCD: gcd=1, A is odd, B is odd, B < A < 0 mpi_gcd:"-109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1" -Test GCD: gcd=2, 0 < A < B +Test GCD: gcd=2, A is even, B is even, 0 < A < B mpi_gcd:"213fc8ae290cdcadfba95b36d6d0dbe4e4495f6f0d19e9e1976f28a4d2650a797e17dd4c2b282ccca9a279b3fc1b3b4b2952fdc40461e25f6a869bce7f69f0204e4b402c4566363d485c744ca032073583be630d37b2f261af25f6e59b552e3b15002b5e":"675c6ec9fa0d4019b87974b88bb8f353db69ccfc9a0af98e8273aa6384a321a222eebf8941e8873716326177aecdcf68de2e0c03e62d91431ff1ab96b94ab03e2d068ba203db68c56fb276f8a419971f64ed688f4c7b0d24079823ecf42245b89b4068431bd0bc72":"2" -Test GCD: gcd=2, 0 < B < A +Test GCD: gcd=2, A is even, B is even, 0 < B < A mpi_gcd:"675c6ec9fa0d4019b87974b88bb8f353db69ccfc9a0af98e8273aa6384a321a222eebf8941e8873716326177aecdcf68de2e0c03e62d91431ff1ab96b94ab03e2d068ba203db68c56fb276f8a419971f64ed688f4c7b0d24079823ecf42245b89b4068431bd0bc72":"213fc8ae290cdcadfba95b36d6d0dbe4e4495f6f0d19e9e1976f28a4d2650a797e17dd4c2b282ccca9a279b3fc1b3b4b2952fdc40461e25f6a869bce7f69f0204e4b402c4566363d485c744ca032073583be630d37b2f261af25f6e59b552e3b15002b5e":"2" -Test GCD: gcd=3, 0 < A < B +Test GCD: gcd=3, A is odd, B is odd, 0 < A < B mpi_gcd:"31dfad053d934b04f97e08d2423949d7566e0f2693a6ded26326bcf73b978fb63d23cbf240bc4332fe73b68dfa28d8f0bdfc7ca60692d38f1fc9e9b5bf1ee8307570e0426819515bec8aae72f04b0ad0459d9493d38c6b9286b8f25868ffc5589f80410d":"9b0aa62ef713e02694b62f14d1956cfdc91eb37ae7107655c3ad7f9546f4b27334661f4de2dccad2a14b92338634b71d4d451205d94459e4afea816215f0085d4389d17305c91d28278bb274f62662af17641cd6f2b893b60b6435e36e336894e8e09c64a9b91aab":"3" -Test GCD: gcd=3, 0 < B < A +Test GCD: gcd=3, A is odd, B is odd, 0 < B < A mpi_gcd:"9b0aa62ef713e02694b62f14d1956cfdc91eb37ae7107655c3ad7f9546f4b27334661f4de2dccad2a14b92338634b71d4d451205d94459e4afea816215f0085d4389d17305c91d28278bb274f62662af17641cd6f2b893b60b6435e36e336894e8e09c64a9b91aab":"31dfad053d934b04f97e08d2423949d7566e0f2693a6ded26326bcf73b978fb63d23cbf240bc4332fe73b68dfa28d8f0bdfc7ca60692d38f1fc9e9b5bf1ee8307570e0426819515bec8aae72f04b0ad0459d9493d38c6b9286b8f25868ffc5589f80410d":"3" -Test GCD: gcd=4, 0 < A < B +Test GCD: gcd=4, A is even, B is even, 0 < A < B mpi_gcd:"427f915c5219b95bf752b66dada1b7c9c892bede1a33d3c32ede5149a4ca14f2fc2fba98565059995344f367f836769652a5fb8808c3c4bed50d379cfed3e0409c9680588acc6c7a90b8e89940640e6b077cc61a6f65e4c35e4bedcb36aa5c762a0056bc":"ceb8dd93f41a803370f2e9711771e6a7b6d399f93415f31d04e754c70946434445dd7f1283d10e6e2c64c2ef5d9b9ed1bc5c1807cc5b22863fe3572d7295607c5a0d174407b6d18adf64edf148332e3ec9dad11e98f61a480f3047d9e8448b713680d08637a178e4":"4" -Test GCD: gcd=4, 0 < B < A +Test GCD: gcd=4, A is even, B is even, 0 < B < A mpi_gcd:"ceb8dd93f41a803370f2e9711771e6a7b6d399f93415f31d04e754c70946434445dd7f1283d10e6e2c64c2ef5d9b9ed1bc5c1807cc5b22863fe3572d7295607c5a0d174407b6d18adf64edf148332e3ec9dad11e98f61a480f3047d9e8448b713680d08637a178e4":"427f915c5219b95bf752b66dada1b7c9c892bede1a33d3c32ede5149a4ca14f2fc2fba98565059995344f367f836769652a5fb8808c3c4bed50d379cfed3e0409c9680588acc6c7a90b8e89940640e6b077cc61a6f65e4c35e4bedcb36aa5c762a0056bc":"4" -Test GCD: gcd=6, 0 < A < B +Test GCD: gcd=6, A is even, B is even, 0 < A < B mpi_gcd:"63bf5a0a7b269609f2fc11a4847293aeacdc1e4d274dbda4c64d79ee772f1f6c7a4797e481788665fce76d1bf451b1e17bf8f94c0d25a71e3f93d36b7e3dd060eae1c084d032a2b7d9155ce5e09615a08b3b2927a718d7250d71e4b0d1ff8ab13f00821a":"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e9bc5b995a5429724670c696e3a9a8a240bb288b3c95fd502c42be010ba8713a2e60b923a504f1764e9ec4cc55e2ec839ade571276c16c86bc6dc66d129d1c138c953723556":"6" -Test GCD: gcd=6, 0 < B < A +Test GCD: gcd=6, A is even, B is even, 0 < B < A mpi_gcd:"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e9bc5b995a5429724670c696e3a9a8a240bb288b3c95fd502c42be010ba8713a2e60b923a504f1764e9ec4cc55e2ec839ade571276c16c86bc6dc66d129d1c138c953723556":"63bf5a0a7b269609f2fc11a4847293aeacdc1e4d274dbda4c64d79ee772f1f6c7a4797e481788665fce76d1bf451b1e17bf8f94c0d25a71e3f93d36b7e3dd060eae1c084d032a2b7d9155ce5e09615a08b3b2927a718d7250d71e4b0d1ff8ab13f00821a":"6" -Test GCD: 0 < A = B +Test GCD: A is odd, B is odd, 0 < A = B mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af" -Test GCD: A = B < 0 +Test GCD: A is odd, B is odd, A = B < 0 mpi_gcd:"-9986dabb54d13cd9fe0d9da594a97e8372ab26ed98ff622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-9986dabb54d13cd9fe0d9da594a97e8372ab26ed98ff622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"9986dabb54d13cd9fe0d9da594a97e8372ab26ed98ff622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af" Base test mbedtls_mpi_inv_mod #1 @@ -1516,6 +1519,18 @@ mpi_inv_mod:"3":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_inv_mod: mod 0 (1 limb) mpi_inv_mod:"3":"0":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_inv_mod: 0 (null) mod positive +mpi_inv_mod:"":"25":"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +Test mbedtls_mpi_inv_mod: 0 (1 limb) mod positive +mpi_inv_mod:"00":"25":"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +Test mbedtls_mpi_inv_mod: 0 (null) mod 0 (null) +mpi_inv_mod:"":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 0 (1 limb) mod 0 (1 limb) +mpi_inv_mod:"00":"00":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Test mbedtls_mpi_inv_mod: mod negative mpi_inv_mod:"3":"-b":"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA @@ -1525,6 +1540,21 @@ mpi_inv_mod:"2":"4":"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE Test mbedtls_mpi_inv_mod: mod 1 mpi_inv_mod:"3":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_inv_mod: negative mod 1 +mpi_inv_mod:"-732487665ae082f75c44":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 1 mod 1 +mpi_inv_mod:"1":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: larger positive mod 1 +mpi_inv_mod:"aaf97513ce987d99d9d934e":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 0 (null) mod 1 +mpi_inv_mod:"":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 0 (1 limb) mod 1 +mpi_inv_mod:"00":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Test mbedtls_mpi_inv_mod: 0 (null) ^-1 mpi_inv_mod:"":"11":"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE From 8951916ac7108dea208888a4f75a82be3054e992 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 29 Jul 2025 11:03:08 +0100 Subject: [PATCH 04/10] Fix pointer aliasing in bignum tests Signed-off-by: Felix Conway --- include/mbedtls/bignum.h | 4 +-- tests/suites/test_suite_bignum.function | 36 ++++++++++++------------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c67d653d7a..b06aec9ce8 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -993,9 +993,7 @@ int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, * to an initialized MPI. This value can be negative, in which * case a positive answer will still be returned in \p X. * \param N The base of the modular inversion. This must point to an - * initialized MPI and be greater than one. If this points to - * the same MPI as \p X, then the value returned in \p X will - * be incorrect. + * initialized MPI and be greater than one. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index c94e7ccf85..e2b9517683 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -397,15 +397,16 @@ void mpi_gcd(char *input_X, char *input_Y, TEST_ASSERT(sign_is_valid(&Z)); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); - mbedtls_mpi *Z_alias_X = &X; - TEST_EQUAL(mbedtls_mpi_gcd(Z_alias_X, &X, &Y), 0); - TEST_ASSERT(sign_is_valid(Z_alias_X)); - TEST_EQUAL(mbedtls_mpi_cmp_mpi(Z_alias_X, &A), 0); + /* Test pointer aliasing where &Z == &X and &Z == &Y. */ + TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_X), 0); + TEST_EQUAL(mbedtls_mpi_gcd(&Z, /* X */ &Z, &Y), 0); + TEST_ASSERT(sign_is_valid(&Z)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); - mbedtls_mpi *Z_alias_Y = &Y; - TEST_EQUAL(mbedtls_mpi_gcd(Z_alias_Y, &X, &Y), 0); - TEST_ASSERT(sign_is_valid(Z_alias_Y)); - TEST_EQUAL(mbedtls_mpi_cmp_mpi(Z_alias_Y, &A), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_Y), 0); + TEST_EQUAL(mbedtls_mpi_gcd(&Z, &X, /* Y */ &Z), 0); + TEST_ASSERT(sign_is_valid(&Z)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); exit: @@ -1155,22 +1156,21 @@ void mpi_inv_mod(char *input_X, char *input_Y, TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); } - mbedtls_mpi *Z_alias_X = &X; - res = mbedtls_mpi_inv_mod(Z_alias_X, &X, &Y); + /* Test pointer aliasing where &Z == &X and &Z == &Y. */ + TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_X), 0); + res = mbedtls_mpi_inv_mod(&Z, /* X */ &Z, &Y); TEST_EQUAL(res, div_result); if (res == 0) { - TEST_ASSERT(sign_is_valid(Z_alias_X)); - TEST_EQUAL(mbedtls_mpi_cmp_mpi(Z_alias_X, &A), 0); + TEST_ASSERT(sign_is_valid(&Z)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); } - /* When Z is an alias of Y, the answer returned in Z is normally incorrect. */ - mbedtls_mpi *Z_alias_Y = &Y; - res = mbedtls_mpi_inv_mod(Z_alias_Y, &X, &Y); + TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_Y), 0); + res = mbedtls_mpi_inv_mod(&Z, &X, /* Y */ &Z); TEST_EQUAL(res, div_result); if (res == 0) { - TEST_ASSERT(sign_is_valid(Z_alias_Y)); - /* Testing if Z_alias_Y == &A is not useful as it is true sometimes, but is - often false. */ + TEST_ASSERT(sign_is_valid(&Z)); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); } exit: From 4c7c5c3f17ffde0bd6e77fe963af64db4803fcd5 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 29 Jul 2025 12:10:03 +0100 Subject: [PATCH 05/10] Add more manual inv_mod tests Signed-off-by: Felix Conway --- tests/suites/test_suite_bignum.misc.data | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index 74973ae562..efecd43cf2 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1531,9 +1531,27 @@ mpi_inv_mod:"":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA Test mbedtls_mpi_inv_mod: 0 (1 limb) mod 0 (1 limb) mpi_inv_mod:"00":"00":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_inv_mod: 0 (null) mod 0 (1 limb) +mpi_inv_mod:"":"00":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 0 (1 limb) mod 0 (null) +mpi_inv_mod:"00":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Test mbedtls_mpi_inv_mod: mod negative mpi_inv_mod:"3":"-b":"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA +Test mbedtls_mpi_inv_mod: negative mod negative +mpi_inv_mod:"-3543a":"-f":"5":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 1 mod negative +mpi_inv_mod:"1":"-f":"1":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 0 (null) mod negative +mpi_inv_mod:"":"-f":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +Test mbedtls_mpi_inv_mod: 0 (1 limb) mod negative +mpi_inv_mod:"00":"-f":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA + Test mbedtls_mpi_inv_mod: 2^-1 mod 4 mpi_inv_mod:"2":"4":"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE From fca43c79fbed637faa0f498b31a7a151d7463bfd Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 29 Jul 2025 15:34:28 +0100 Subject: [PATCH 06/10] Rework misleading comment Signed-off-by: Felix Conway --- tests/suites/test_suite_bignum.function | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index e2b9517683..f710bb5939 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -397,18 +397,18 @@ void mpi_gcd(char *input_X, char *input_Y, TEST_ASSERT(sign_is_valid(&Z)); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); - /* Test pointer aliasing where &Z == &X and &Z == &Y. */ + /* Test pointer aliasing where &Z == &X. */ TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_X), 0); TEST_EQUAL(mbedtls_mpi_gcd(&Z, /* X */ &Z, &Y), 0); TEST_ASSERT(sign_is_valid(&Z)); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); + /* Test pointer aliasing where &Z == &Y. */ TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_Y), 0); TEST_EQUAL(mbedtls_mpi_gcd(&Z, &X, /* Y */ &Z), 0); TEST_ASSERT(sign_is_valid(&Z)); TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); - exit: mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); } @@ -1156,7 +1156,7 @@ void mpi_inv_mod(char *input_X, char *input_Y, TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); } - /* Test pointer aliasing where &Z == &X and &Z == &Y. */ + /* Test pointer aliasing where &Z == &X. */ TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_X), 0); res = mbedtls_mpi_inv_mod(&Z, /* X */ &Z, &Y); TEST_EQUAL(res, div_result); @@ -1165,6 +1165,7 @@ void mpi_inv_mod(char *input_X, char *input_Y, TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &A), 0); } + /* Test pointer aliasing where &Z == &Y. */ TEST_EQUAL(mbedtls_test_read_mpi(&Z, input_Y), 0); res = mbedtls_mpi_inv_mod(&Z, &X, /* Y */ &Z); TEST_EQUAL(res, div_result); From bb50b5ab0e043462f087945cb9a6eba4cd6f4e25 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 29 Jul 2025 15:36:19 +0100 Subject: [PATCH 07/10] Remove manual GCD tests that are now generated Signed-off-by: Felix Conway --- tests/suites/test_suite_bignum.misc.data | 45 ------------------------ 1 file changed, 45 deletions(-) diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index efecd43cf2..ad3129803d 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1420,51 +1420,6 @@ Test mbedtls_mpi_exp_mod (N.n=3, RR.n=1 on 64 bit) depends_on:MBEDTLS_HAVE_INT64 mpi_exp_mod_min_RR:"10":"2":"100000000000000010000000000000001":"100":0 -Base test GCD #1 -mpi_gcd:"2b5":"261":"15" - -Base test GCD #2 -mpi_gcd:"6e4":"364":"1c" - -Base test GCD #3 -mpi_gcd:"2dcdb10b":"2050d306":"1" - -Test GCD: 0 (null), 0 (null) -mpi_gcd:"":"":"0" - -Test GCD: 0 (null), 0 (1 limb) -mpi_gcd:"":"00":"0" - -Test GCD: 0 (1 limb), 0 (1 limb) -mpi_gcd:"00":"00":"0" - -Test GCD: 0 (null), 3 -mpi_gcd:"":"03":"3" - -Test GCD: 0 (null), 6 -mpi_gcd:"":"06":"6" - -Test GCD: 0 (1 limb), 0 (null) -mpi_gcd:"00":"":"0" - -Test GCD: 0 (1 limb), 3 -mpi_gcd:"00":"03":"3" - -Test GCD: 0 (1 limb), 6 -mpi_gcd:"00":"06":"6" - -Test GCD: 3, 0 (null) -mpi_gcd:"03":"":"3" - -Test GCD: 3, 0 (1 limb) -mpi_gcd:"03":"00":"3" - -Test GCD: 6, 0 (null) -mpi_gcd:"06":"":"6" - -Test GCD: 6, 0 (1 limb) -mpi_gcd:"06":"00":"6" - Test GCD: gcd=1, A is odd, B is odd, 0 < A < B mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1" From c51168039bd0e7c502666ad95bbc3001ef7b725c Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Tue, 29 Jul 2025 15:50:05 +0100 Subject: [PATCH 08/10] Clarify mpi_gdc() documentation when B is 0 Signed-off-by: Felix Conway --- include/mbedtls/bignum.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index b06aec9ce8..297c0a6ba4 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -974,6 +974,8 @@ int mbedtls_mpi_random(mbedtls_mpi *X, * \brief Compute the greatest common divisor: G = gcd(A, B) * * \param G The destination MPI. This must point to an initialized MPI. + * This will be positive unless \p B is 0, in which case \p A + * will be returned, where \p A could be negative. * \param A The first operand. This must point to an initialized MPI. * \param B The second operand. This must point to an initialized MPI. * From e28bb8cbe6b52fd306bb26090d4f2f98c6fb80f3 Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 30 Jul 2025 09:15:24 +0100 Subject: [PATCH 09/10] Revert "Remove manual GCD tests that are now generated" This reverts commit bb50b5ab0e043462f087945cb9a6eba4cd6f4e25. Signed-off-by: Felix Conway --- tests/suites/test_suite_bignum.misc.data | 45 ++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index ad3129803d..efecd43cf2 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1420,6 +1420,51 @@ Test mbedtls_mpi_exp_mod (N.n=3, RR.n=1 on 64 bit) depends_on:MBEDTLS_HAVE_INT64 mpi_exp_mod_min_RR:"10":"2":"100000000000000010000000000000001":"100":0 +Base test GCD #1 +mpi_gcd:"2b5":"261":"15" + +Base test GCD #2 +mpi_gcd:"6e4":"364":"1c" + +Base test GCD #3 +mpi_gcd:"2dcdb10b":"2050d306":"1" + +Test GCD: 0 (null), 0 (null) +mpi_gcd:"":"":"0" + +Test GCD: 0 (null), 0 (1 limb) +mpi_gcd:"":"00":"0" + +Test GCD: 0 (1 limb), 0 (1 limb) +mpi_gcd:"00":"00":"0" + +Test GCD: 0 (null), 3 +mpi_gcd:"":"03":"3" + +Test GCD: 0 (null), 6 +mpi_gcd:"":"06":"6" + +Test GCD: 0 (1 limb), 0 (null) +mpi_gcd:"00":"":"0" + +Test GCD: 0 (1 limb), 3 +mpi_gcd:"00":"03":"3" + +Test GCD: 0 (1 limb), 6 +mpi_gcd:"00":"06":"6" + +Test GCD: 3, 0 (null) +mpi_gcd:"03":"":"3" + +Test GCD: 3, 0 (1 limb) +mpi_gcd:"03":"00":"3" + +Test GCD: 6, 0 (null) +mpi_gcd:"06":"":"6" + +Test GCD: 6, 0 (1 limb) +mpi_gcd:"06":"00":"6" + Test GCD: gcd=1, A is odd, B is odd, 0 < A < B mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1" From 7758aa340aca1909199ce545057c0b065e89b2cc Mon Sep 17 00:00:00 2001 From: Felix Conway Date: Wed, 30 Jul 2025 09:20:16 +0100 Subject: [PATCH 10/10] Add GCD tests that return negative when b=0 Signed-off-by: Felix Conway --- tests/suites/test_suite_bignum.misc.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index efecd43cf2..c6701b2567 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -1465,6 +1465,12 @@ mpi_gcd:"06":"":"6" Test GCD: 6, 0 (1 limb) mpi_gcd:"06":"00":"6" +Test GCD: negative, 0 (null) +mpi_gcd:"-50000":"":"-50000" + +Test GCD: negative, 0 (1 limb) +mpi_gcd:"-a782374b2ee927df28802745833a":"00":"-a782374b2ee927df28802745833a" + Test GCD: gcd=1, A is odd, B is odd, 0 < A < B mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"