// This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this file, // You can obtain one at http://mozilla.org/MPL/2.0/. #include "gtest/gtest.h" #include #include #include #ifdef __MACH__ #include #include #endif #include "mplogic.h" #include "mpi.h" namespace nss_test { void gettime(struct timespec* tp) { #ifdef __MACH__ clock_serv_t cclock; mach_timespec_t mts; host_get_clock_service(mach_host_self(), SYSTEM_CLOCK, &cclock); clock_get_time(cclock, &mts); mach_port_deallocate(mach_task_self(), cclock); tp->tv_sec = mts.tv_sec; tp->tv_nsec = mts.tv_nsec; #else ASSERT_NE(0, timespec_get(tp, TIME_UTC)); #endif } class MPITest : public ::testing::Test { protected: void TestCmp(const std::string a_string, const std::string b_string, int result) { mp_int a, b; MP_DIGITS(&a) = 0; MP_DIGITS(&b) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&b)); mp_read_radix(&a, a_string.c_str(), 16); mp_read_radix(&b, b_string.c_str(), 16); EXPECT_EQ(result, mp_cmp(&a, &b)); mp_clear(&a); mp_clear(&b); } void TestDiv(const std::string a_string, const std::string b_string, const std::string result) { mp_int a, b, c; MP_DIGITS(&a) = 0; MP_DIGITS(&b) = 0; MP_DIGITS(&c) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&b)); ASSERT_EQ(MP_OKAY, mp_init(&c)); mp_read_radix(&a, a_string.c_str(), 16); mp_read_radix(&b, b_string.c_str(), 16); mp_read_radix(&c, result.c_str(), 16); EXPECT_EQ(MP_OKAY, mp_div(&a, &b, &a, &b)); EXPECT_EQ(0, mp_cmp(&a, &c)); mp_clear(&a); mp_clear(&b); mp_clear(&c); } void dump(const std::string& prefix, const uint8_t* buf, size_t len) { auto flags = std::cerr.flags(); std::cerr << prefix << ": [" << std::dec << len << "] "; for (size_t i = 0; i < len; ++i) { std::cerr << std::hex << std::setw(2) << std::setfill('0') << static_cast(buf[i]); } std::cerr << std::endl << std::resetiosflags(flags); } void TestToFixedOctets(const std::vector& ref, size_t len) { mp_int a; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_read_unsigned_octets(&a, ref.data(), ref.size())); std::unique_ptr buf(new uint8_t[len]); ASSERT_NE(buf, nullptr); ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf.get(), len)); size_t compare; if (len > ref.size()) { for (size_t i = 0; i < len - ref.size(); ++i) { ASSERT_EQ(0U, buf[i]) << "index " << i << " should be zero"; } compare = ref.size(); } else { compare = len; } dump("value", ref.data(), ref.size()); dump("output", buf.get(), len); ASSERT_EQ(0, memcmp(buf.get() + len - compare, ref.data() + ref.size() - compare, compare)) << "comparing " << compare << " octets"; mp_clear(&a); } }; TEST_F(MPITest, MpiCmp01Test) { TestCmp("0", "1", -1); } TEST_F(MPITest, MpiCmp10Test) { TestCmp("1", "0", 1); } TEST_F(MPITest, MpiCmp00Test) { TestCmp("0", "0", 0); } TEST_F(MPITest, MpiCmp11Test) { TestCmp("1", "1", 0); } TEST_F(MPITest, MpiDiv32ErrorTest) { TestDiv("FFFF00FFFFFFFF000000000000", "FFFF00FFFFFFFFFF", "FFFFFFFFFF"); } #ifdef NSS_X64 // This tests assumes 64-bit mp_digits. TEST_F(MPITest, MpiCmpUnalignedTest) { mp_int a, b, c; MP_DIGITS(&a) = 0; MP_DIGITS(&b) = 0; MP_DIGITS(&c) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&b)); ASSERT_EQ(MP_OKAY, mp_init(&c)); mp_read_radix(&a, "ffffffffffffffff3b4e802b4e1478", 16); mp_read_radix(&b, "ffffffffffffffff3b4e802b4e1478", 16); EXPECT_EQ(0, mp_cmp(&a, &b)); // Now change a and b such that they contain the same numbers but are not // aligned. // a = ffffffffffffff|ff3b4e802b4e1478 // b = ffffffffffffffff|3b4e802b4e1478 MP_DIGITS(&b)[0] &= 0x00ffffffffffffff; MP_DIGITS(&b)[1] = 0xffffffffffffffff; EXPECT_EQ(-1, mp_cmp(&a, &b)); ASSERT_EQ(MP_OKAY, mp_sub(&a, &b, &c)); char c_tmp[40]; ASSERT_EQ(MP_OKAY, mp_toradix(&c, c_tmp, 16)); ASSERT_TRUE(strncmp(c_tmp, "feffffffffffffff100000000000000", 31)); mp_clear(&a); mp_clear(&b); mp_clear(&c); } #endif // The two follow tests ensure very similar mp_set_* functions are ok. TEST_F(MPITest, MpiSetUlong) { mp_int a, b, c; MP_DIGITS(&a) = 0; MP_DIGITS(&b) = 0; MP_DIGITS(&c) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&b)); ASSERT_EQ(MP_OKAY, mp_init(&c)); EXPECT_EQ(MP_OKAY, mp_set_ulong(&a, 1)); EXPECT_EQ(MP_OKAY, mp_set_ulong(&b, 0)); EXPECT_EQ(MP_OKAY, mp_set_ulong(&c, -1)); mp_clear(&a); mp_clear(&b); mp_clear(&c); } TEST_F(MPITest, MpiSetInt) { mp_int a, b, c; MP_DIGITS(&a) = 0; MP_DIGITS(&b) = 0; MP_DIGITS(&c) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&b)); ASSERT_EQ(MP_OKAY, mp_init(&c)); EXPECT_EQ(MP_OKAY, mp_set_int(&a, 1)); EXPECT_EQ(MP_OKAY, mp_set_int(&b, 0)); EXPECT_EQ(MP_OKAY, mp_set_int(&c, -1)); mp_clear(&a); mp_clear(&b); mp_clear(&c); } TEST_F(MPITest, MpiFixlenOctetsZero) { std::vector zero = {0}; TestToFixedOctets(zero, 1); TestToFixedOctets(zero, 2); TestToFixedOctets(zero, sizeof(mp_digit)); TestToFixedOctets(zero, sizeof(mp_digit) + 1); } TEST_F(MPITest, MpiRadixSizeNeg) { char* str; mp_int a; mp_err rv; const char* negative_edge = "-5400000000000000003000000002200020090919017007777777777870000090" "00000000007500443416610000000000000000000000000000000000000000000" "00000000000000000000000000000000000000000000000000000000075049054" "18610000800555594485440016000031555550000000000000000220030200909" "19017007777777700000000000000000000000000000000000000000000000000" "00000000000500000000000000000000000000004668129841661000071000000" "00000000000000000000000000000000000000000000000007504434166100000" "00000000000000000000000000000000000000000000000000000000000000000" "00000000075049054186100008005555944854400184572169555500000000000" "0000022003020090919017007777777700000000000000000000"; rv = mp_init(&a); ASSERT_EQ(MP_OKAY, rv); rv = mp_read_variable_radix(&a, negative_edge, 10); ASSERT_EQ(MP_OKAY, rv); const int radixSize = mp_radix_size(&a, 10); ASSERT_LE(0, radixSize); str = (char*)malloc(radixSize); ASSERT_NE(nullptr, str); rv = mp_toradix(&a, str, 10); ASSERT_EQ(MP_OKAY, rv); ASSERT_EQ(0, strcmp(negative_edge, str)); free(str); mp_clear(&a); } TEST_F(MPITest, MpiFixlenOctetsVarlen) { std::vector packed; for (size_t i = 0; i < sizeof(mp_digit) * 2; ++i) { packed.push_back(0xa4); // Any non-zero value will do. TestToFixedOctets(packed, packed.size()); TestToFixedOctets(packed, packed.size() + 1); TestToFixedOctets(packed, packed.size() + sizeof(mp_digit)); } } TEST_F(MPITest, MpiFixlenOctetsTooSmall) { uint8_t buf[sizeof(mp_digit) * 3]; std::vector ref; for (size_t i = 0; i < sizeof(mp_digit) * 2; i++) { ref.push_back(3); // Any non-zero value will do. dump("ref", ref.data(), ref.size()); mp_int a; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_read_unsigned_octets(&a, ref.data(), ref.size())); #ifdef DEBUG // ARGCHK maps to assert() in a debug build. EXPECT_DEATH(mp_to_fixlen_octets(&a, buf, ref.size() - 1), ""); #else EXPECT_EQ(MP_BADARG, mp_to_fixlen_octets(&a, buf, ref.size() - 1)); #endif ASSERT_EQ(MP_OKAY, mp_to_fixlen_octets(&a, buf, ref.size())); ASSERT_EQ(0, memcmp(buf, ref.data(), ref.size())); mp_clear(&a); } } TEST_F(MPITest, MpiSqrMulClamp) { mp_int a, r, expect; MP_DIGITS(&a) = 0; MP_DIGITS(&r) = 0; MP_DIGITS(&expect) = 0; // Comba32 result is 64 mp_digits. *=2 as this is an ascii representation. std::string expect_str((64 * sizeof(mp_digit)) * 2, '0'); // Set second-highest bit (0x80...^2 == 0x4000...) expect_str.replace(0, 1, "4", 1); // Test 32, 16, 8, and 4-1 mp_digit values. 32-4 (powers of two) use the comba // assembly implementation, if enabled and supported. 3-1 use non-comba. int n_digits = 32; while (n_digits > 0) { ASSERT_EQ(MP_OKAY, mp_init(&r)); ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&expect)); ASSERT_EQ(MP_OKAY, mp_read_radix(&expect, expect_str.c_str(), 16)); ASSERT_EQ(MP_OKAY, mp_set_int(&a, 1)); ASSERT_EQ(MP_OKAY, mpl_lsh(&a, &a, (n_digits * sizeof(mp_digit) * 8) - 1)); ASSERT_EQ(MP_OKAY, mp_sqr(&a, &r)); EXPECT_EQ(MP_USED(&expect), MP_USED(&r)); EXPECT_EQ(0, mp_cmp(&r, &expect)); mp_clear(&r); // Take the mul path... ASSERT_EQ(MP_OKAY, mp_init(&r)); ASSERT_EQ(MP_OKAY, mp_mul(&a, &a, &r)); EXPECT_EQ(MP_USED(&expect), MP_USED(&r)); EXPECT_EQ(0, mp_cmp(&r, &expect)); mp_clear(&a); mp_clear(&r); mp_clear(&expect); // Once we're down to 4, check non-powers of two. int sub = n_digits > 4 ? n_digits / 2 : 1; n_digits -= sub; // "Shift right" the string (to avoid mutating |expect_str| with MPI). expect_str.resize(expect_str.size() - 2 * 2 * sizeof(mp_digit) * sub); } } TEST_F(MPITest, MpiInvModLoop) { mp_int a; mp_int m; mp_int c_actual; mp_int c_expect; MP_DIGITS(&a) = 0; MP_DIGITS(&m) = 0; MP_DIGITS(&c_actual) = 0; MP_DIGITS(&c_expect) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&m)); ASSERT_EQ(MP_OKAY, mp_init(&c_actual)); ASSERT_EQ(MP_OKAY, mp_init(&c_expect)); mp_read_radix(&a, "3e10b9f4859fb9e8150cc0d94e83ef428d655702a0b6fb1e684f4755eb6be6" "5ac6048cdfc533f73a9bad76125801051f", 16); mp_read_radix(&m, "ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372d" "df581a0db248b0a77aecec196accc52973", 16); mp_read_radix(&c_expect, "12302214814361c15ab6c0f2131150af186099f8c22f6c9d6e77ad496b551c" "7c8039e61098bfe2af66474420659435c6", 16); int rv = mp_invmod(&a, &m, &c_actual); ASSERT_EQ(MP_OKAY, rv); rv = mp_cmp(&c_actual, &c_expect); EXPECT_EQ(0, rv); mp_clear(&a); mp_clear(&m); mp_clear(&c_actual); mp_clear(&c_expect); } // This test is slow. Disable it by default so we can run these tests on CI. class DISABLED_MPITest : public ::testing::Test {}; TEST_F(DISABLED_MPITest, MpiCmpConstTest) { mp_int a, b, c; MP_DIGITS(&a) = 0; MP_DIGITS(&b) = 0; MP_DIGITS(&c) = 0; ASSERT_EQ(MP_OKAY, mp_init(&a)); ASSERT_EQ(MP_OKAY, mp_init(&b)); ASSERT_EQ(MP_OKAY, mp_init(&c)); mp_read_radix( &a, const_cast( "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"), 16); mp_read_radix( &b, const_cast( "FF0FFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"), 16); mp_read_radix( &c, const_cast( "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550"), 16); #ifdef CT_VERIF mp_taint(&b); mp_taint(&c); #endif uint32_t runs = 5000000; uint32_t time_b = 0, time_c = 0; for (uint32_t i = 0; i < runs; ++i) { struct timespec start, end; gettime(&start); int r = mp_cmp(&a, &b); gettime(&end); unsigned long long used = end.tv_sec * 1000000000L + end.tv_nsec; used -= static_cast(start.tv_sec * 1000000000L + start.tv_nsec); time_b += used; ASSERT_EQ(1, r); } printf("time b: %u\n", time_b / runs); for (uint32_t i = 0; i < runs; ++i) { struct timespec start, end; gettime(&start); int r = mp_cmp(&a, &c); gettime(&end); unsigned long long used = end.tv_sec * 1000000000L + end.tv_nsec; used -= static_cast(start.tv_sec * 1000000000L + start.tv_nsec); time_c += used; ASSERT_EQ(1, r); } printf("time c: %u\n", time_c / runs); mp_clear(&a); mp_clear(&b); mp_clear(&c); } } // namespace nss_test