tests/suites/test_suite_bignum.function

/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
#include "mbedtls/entropy.h"

#if MBEDTLS_MPI_MAX_BITS > 792
#define MPI_MAX_BITS_LARGER_THAN_792
#endif

/* Check the validity of the sign bit in an MPI object. Reject representations
 * that are not supported by the rest of the library and indicate a bug when
 * constructing the value. */
static int sign_is_valid(const mbedtls_mpi *X)
{
    /* Only +1 and -1 are valid sign bits, not e.g. 0 */
    if (X->s != 1 && X->s != -1) {
        return 0;
    }

    /* The value 0 must be represented with the sign +1. A "negative zero"
     * with s=-1 is an invalid representation. Forbid that. As an exception,
     * we sometimes test the robustness of library functions when given
     * a negative zero input. If a test case has a negative zero as input,
     * we don't mind if the function has a negative zero output. */
    if (!mbedtls_test_case_uses_negative_0 &&
        mbedtls_mpi_bitlen(X) == 0 && X->s != 1) {
        return 0;
    }

    return 1;
}

typedef struct mbedtls_test_mpi_random {
    data_t *data;
    size_t  pos;
    size_t  chunk_len;
} mbedtls_test_mpi_random;

/*
 * This function is called by the Miller-Rabin primality test each time it
 * chooses a random witness. The witnesses (or non-witnesses as provided by the
 * test) are stored in the data member of the state structure. Each number is in
 * the format that mbedtls_mpi_read_string understands and is chunk_len long.
 */
int mbedtls_test_mpi_miller_rabin_determinizer(void *state,
                                               unsigned char *buf,
                                               size_t len)
{
    mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state;

    if (random == NULL || random->data->x == NULL || buf == NULL) {
        return -1;
    }

    if (random->pos + random->chunk_len > random->data->len
        || random->chunk_len > len) {
        return -1;
    }

    memset(buf, 0, len);

    /* The witness is written to the end of the buffer, since the buffer is
     * used as big endian, unsigned binary data in mbedtls_mpi_read_binary.
     * Writing the witness to the start of the buffer would result in the
     * buffer being 'witness 000...000', which would be treated as
     * witness * 2^n for some n. */
    memcpy(buf + len - random->chunk_len, &random->data->x[random->pos],
           random->chunk_len);

    random->pos += random->chunk_len;

    return 0;
}

/* Random generator that is told how many bytes to return. */
static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len)
{
    size_t *bytes_left = state;
    size_t i;
    for (i = 0; i < len; i++) {
        if (*bytes_left == 0) {
            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
        }
        buf[i] = *bytes_left & 0xff;
        --(*bytes_left);
    }
    return 0;
}

/* Test whether bytes represents (in big-endian base 256) a number b that
 * is significantly above a power of 2. That is, b must not have a long run
 * of unset bits after the most significant bit.
 *
 * Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}.
 * This function returns 1 if, when drawing a number between 0 and b,
 * the probability that this number is at least 2^n is not negligible.
 * This probability is (b - 2^n) / b and this function checks that this
 * number is above some threshold A. The threshold value is heuristic and
 * based on the needs of mpi_random_many().
 */
static int is_significantly_above_a_power_of_2(data_t *bytes)
{
    const uint8_t *p = bytes->x;
    size_t len = bytes->len;
    unsigned x;

    /* Skip leading null bytes */
    while (len > 0 && p[0] == 0) {
        ++p;
        --len;
    }
    /* 0 is not significantly above a power of 2 */
    if (len == 0) {
        return 0;
    }
    /* Extract the (up to) 2 most significant bytes */
    if (len == 1) {
        x = p[0];
    } else {
        x = (p[0] << 8) | p[1];
    }

    /* Shift the most significant bit of x to position 8 and mask it out */
    while ((x & 0xfe00) != 0) {
        x >>= 1;
    }
    x &= 0x00ff;

    /* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above
     * a power of 2 iff x is significantly above 0 compared to 2^8.
     * Testing x >= 2^4 amounts to picking A = 1/16 in the function
     * description above. */
    return x >= 0x10;
}

/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_BIGNUM_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void mpi_valid_param()
{
    TEST_VALID_PARAM(mbedtls_mpi_free(NULL));
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void mpi_invalid_param()
{
    mbedtls_mpi X;
    const char *s_in = "00101000101010";
    char s_out[16] = { 0 };
    unsigned char u_out[16] = { 0 };
    unsigned char u_in[16] = { 0 };
    size_t olen;
    mbedtls_mpi_uint mpi_uint;

    TEST_INVALID_PARAM(mbedtls_mpi_init(NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_grow(NULL, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_copy(NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_copy(&X, NULL));

    TEST_INVALID_PARAM(mbedtls_mpi_swap(NULL, &X));
    TEST_INVALID_PARAM(mbedtls_mpi_swap(&X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_safe_cond_assign(NULL, &X, 0));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_safe_cond_assign(&X, NULL, 0));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_safe_cond_swap(NULL, &X, 0));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_safe_cond_swap(&X, NULL, 0));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_lset(NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_get_bit(NULL, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_set_bit(NULL, 42, 0));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_read_string(NULL, 2, s_in));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_read_string(&X, 2, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_write_string(NULL, 2,
                                                    s_out, sizeof(s_out),
                                                    &olen));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_write_string(&X, 2,
                                                    NULL, sizeof(s_out),
                                                    &olen));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_write_string(&X, 2,
                                                    s_out, sizeof(s_out),
                                                    NULL));

#if defined(MBEDTLS_FS_IO)
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_read_file(NULL, 2, stdin));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_read_file(&X, 2, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_write_file("", NULL, 2, NULL));
#endif /* MBEDTLS_FS_IO */

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_read_binary(NULL, u_in,
                                                   sizeof(u_in)));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_read_binary(&X, NULL,
                                                   sizeof(u_in)));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_write_binary(NULL, u_out,
                                                    sizeof(u_out)));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_write_binary(&X, NULL,
                                                    sizeof(u_out)));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_shift_l(NULL, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_shift_r(NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_cmp_abs(NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_cmp_abs(&X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_cmp_mpi(NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_cmp_mpi(&X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_cmp_int(NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_abs(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_abs(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_abs(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_abs(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_abs(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_abs(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_mpi(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_mpi(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_mpi(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_mpi(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_mpi(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_mpi(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_int(NULL, &X, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_add_int(&X, NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_int(NULL, &X, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_sub_int(&X, NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mul_mpi(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mul_mpi(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mul_mpi(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mul_int(NULL, &X, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mul_int(&X, NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_div_mpi(&X, &X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_div_mpi(&X, &X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_div_int(&X, &X, NULL, 42));

    TEST_INVALID_PARAM_RET(0, mbedtls_mpi_lsb(NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mod_mpi(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mod_mpi(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mod_mpi(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mod_int(NULL, &X, 42));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_mod_int(&mpi_uint, NULL, 42));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_exp_mod(NULL, &X, &X, &X, NULL));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_exp_mod(&X, NULL, &X, &X, NULL));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_exp_mod(&X, &X, NULL, &X, NULL));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_exp_mod(&X, &X, &X, NULL, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_fill_random(NULL, 42,
                                                   mbedtls_test_rnd_std_rand,
                                                   NULL));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_fill_random(&X, 42, NULL, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_gcd(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_gcd(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_gcd(&X, &X, NULL));

    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_inv_mod(NULL, &X, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_inv_mod(&X, NULL, &X));
    TEST_INVALID_PARAM_RET(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
                           mbedtls_mpi_inv_mod(&X, &X, NULL));

exit:
    return;
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_null()
{
    mbedtls_mpi X, Y, Z;

    mbedtls_mpi_init(&X);
    mbedtls_mpi_init(&Y);
    mbedtls_mpi_init(&Z);

    TEST_ASSERT(mbedtls_mpi_get_bit(&X, 42) == 0);
    TEST_ASSERT(mbedtls_mpi_lsb(&X) == 0);
    TEST_ASSERT(mbedtls_mpi_bitlen(&X) == 0);
    TEST_ASSERT(mbedtls_mpi_size(&X) == 0);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_read_write_string(int radix_X, char *input_X, int radix_A,
                           char *input_A, int output_size, int result_read,
                           int result_write)
{
    mbedtls_mpi X;
    char str[1000];
    size_t len;

    mbedtls_mpi_init(&X);

    memset(str, '!', sizeof(str));

    TEST_ASSERT(mbedtls_mpi_read_string(&X, radix_X, input_X) == result_read);
    if (result_read == 0) {
        TEST_ASSERT(sign_is_valid(&X));
        TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write);
        if (result_write == 0) {
            TEST_ASSERT(strcmp(str, input_A) == 0);
            TEST_ASSERT(str[len] == '!');
        }
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_read_binary(data_t *buf, char *input_A)
{
    mbedtls_mpi X;
    char str[1000];
    size_t len;

    mbedtls_mpi_init(&X);


    TEST_ASSERT(mbedtls_mpi_read_binary(&X, buf->x, buf->len) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0);
    TEST_ASSERT(strcmp((char *) str, input_A) == 0);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_read_binary_le(data_t *buf, char *input_A)
{
    mbedtls_mpi X;
    char str[1000];
    size_t len;

    mbedtls_mpi_init(&X);


    TEST_ASSERT(mbedtls_mpi_read_binary_le(&X, buf->x, buf->len) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_write_string(&X, 16, str, sizeof(str), &len) == 0);
    TEST_ASSERT(strcmp((char *) str, input_A) == 0);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_write_binary(char *input_X, data_t *input_A,
                      int output_size, int result)
{
    mbedtls_mpi X;
    unsigned char buf[1000];
    size_t buflen;

    memset(buf, 0x00, 1000);

    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    buflen = mbedtls_mpi_size(&X);
    if (buflen > (size_t) output_size) {
        buflen = (size_t) output_size;
    }

    TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result);
    if (result == 0) {

        TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
                                        buflen, input_A->len) == 0);
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_write_binary_le(char *input_X, data_t *input_A,
                         int output_size, int result)
{
    mbedtls_mpi X;
    unsigned char buf[1000];
    size_t buflen;

    memset(buf, 0x00, 1000);

    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    buflen = mbedtls_mpi_size(&X);
    if (buflen > (size_t) output_size) {
        buflen = (size_t) output_size;
    }

    TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result);
    if (result == 0) {

        TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
                                        buflen, input_A->len) == 0);
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mpi_read_file(char *input_file, data_t *input_A, int result)
{
    mbedtls_mpi X;
    unsigned char buf[1000];
    size_t buflen;
    FILE *file;
    int ret;

    memset(buf, 0x00, 1000);

    mbedtls_mpi_init(&X);

    file = fopen(input_file, "r");
    TEST_ASSERT(file != NULL);
    ret = mbedtls_mpi_read_file(&X, 16, file);
    fclose(file);
    TEST_ASSERT(ret == result);

    if (result == 0) {
        TEST_ASSERT(sign_is_valid(&X));
        buflen = mbedtls_mpi_size(&X);
        TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == 0);


        TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
                                        buflen, input_A->len) == 0);
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mpi_write_file(char *input_X, char *output_file)
{
    mbedtls_mpi X, Y;
    FILE *file_out, *file_in;
    int ret;

    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    file_out = fopen(output_file, "w");
    TEST_ASSERT(file_out != NULL);
    ret = mbedtls_mpi_write_file(NULL, &X, 16, file_out);
    fclose(file_out);
    TEST_ASSERT(ret == 0);

    file_in = fopen(output_file, "r");
    TEST_ASSERT(file_in != NULL);
    ret = mbedtls_mpi_read_file(&Y, 16, file_in);
    fclose(file_in);
    TEST_ASSERT(ret == 0);

    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_get_bit(char *input_X, int pos, int val)
{
    mbedtls_mpi X;
    mbedtls_mpi_init(&X);
    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_get_bit(&X, pos) == val);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_set_bit(char *input_X, int pos, int val,
                 char *output_Y, int result)
{
    mbedtls_mpi X, Y;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, output_Y) == 0);
    TEST_ASSERT(mbedtls_mpi_set_bit(&X, pos, val) == result);

    if (result == 0) {
        TEST_ASSERT(sign_is_valid(&X));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_lsb(char *input_X, int nr_bits)
{
    mbedtls_mpi X;
    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_lsb(&X) == (size_t) nr_bits);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_bitlen(char *input_X, int nr_bits)
{
    mbedtls_mpi X;
    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_bitlen(&X) == (size_t) nr_bits);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_gcd(char *input_X, char *input_Y,
             char *input_A)
{
    mbedtls_mpi A, X, Y, Z;
    mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_gcd(&Z, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

exit:
    mbedtls_mpi_free(&A); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_cmp_int(int input_X, int input_A, int result_CMP)
{
    mbedtls_mpi X;
    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_mpi_lset(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_int(&X, input_A) == result_CMP);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_cmp_mpi(char *input_X, char *input_Y,
                 int input_A)
{
    mbedtls_mpi X, Y;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y) == input_A);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_lt_mpi_ct(int size_X, char *input_X,
                   int size_Y, char *input_Y,
                   int input_ret, int input_err)
{
    unsigned ret = -1;
    unsigned input_uret = input_ret;
    mbedtls_mpi X, Y;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);

    TEST_ASSERT(mbedtls_mpi_grow(&X, size_X) == 0);
    TEST_ASSERT(mbedtls_mpi_grow(&Y, size_Y) == 0);

    TEST_ASSERT(mbedtls_mpi_lt_mpi_ct(&X, &Y, &ret) == input_err);
    if (input_err == 0) {
        TEST_ASSERT(ret == input_uret);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_cmp_abs(char *input_X, char *input_Y,
                 int input_A)
{
    mbedtls_mpi X, Y;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_abs(&X, &Y) == input_A);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_copy(char *src_hex, char *dst_hex)
{
    mbedtls_mpi src, dst, ref;
    mbedtls_mpi_init(&src);
    mbedtls_mpi_init(&dst);
    mbedtls_mpi_init(&ref);

    TEST_ASSERT(mbedtls_test_read_mpi(&src, src_hex) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&ref, dst_hex) == 0);

    /* mbedtls_mpi_copy() */
    TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
    TEST_ASSERT(mbedtls_mpi_copy(&dst, &src) == 0);
    TEST_ASSERT(sign_is_valid(&dst));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0);

    /* mbedtls_mpi_safe_cond_assign(), assignment done */
    mbedtls_mpi_free(&dst);
    TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
    TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 1) == 0);
    TEST_ASSERT(sign_is_valid(&dst));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &src) == 0);

    /* mbedtls_mpi_safe_cond_assign(), assignment not done */
    mbedtls_mpi_free(&dst);
    TEST_ASSERT(mbedtls_test_read_mpi(&dst, dst_hex) == 0);
    TEST_ASSERT(mbedtls_mpi_safe_cond_assign(&dst, &src, 0) == 0);
    TEST_ASSERT(sign_is_valid(&dst));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&dst, &ref) == 0);

exit:
    mbedtls_mpi_free(&src);
    mbedtls_mpi_free(&dst);
    mbedtls_mpi_free(&ref);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_copy_self(char *input_X)
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init(&A);
    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_copy(&X, &X) == 0);

    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_X) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);

exit:
    mbedtls_mpi_free(&A);
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_swap(char *X_hex, char *Y_hex)
{
    mbedtls_mpi X, Y, X0, Y0;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
    mbedtls_mpi_init(&X0); mbedtls_mpi_init(&Y0);

    TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y0, Y_hex) == 0);

    /* mbedtls_mpi_swap() */
    TEST_ASSERT(mbedtls_test_read_mpi(&X,  X_hex) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y,  Y_hex) == 0);
    mbedtls_mpi_swap(&X, &Y);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(sign_is_valid(&Y));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0);

    /* mbedtls_mpi_safe_cond_swap(), swap done */
    mbedtls_mpi_free(&X);
    mbedtls_mpi_free(&Y);
    TEST_ASSERT(mbedtls_test_read_mpi(&X,  X_hex) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y,  Y_hex) == 0);
    TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 1) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(sign_is_valid(&Y));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &Y0) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &X0) == 0);

    /* mbedtls_mpi_safe_cond_swap(), swap not done */
    mbedtls_mpi_free(&X);
    mbedtls_mpi_free(&Y);
    TEST_ASSERT(mbedtls_test_read_mpi(&X,  X_hex) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y,  Y_hex) == 0);
    TEST_ASSERT(mbedtls_mpi_safe_cond_swap(&X, &Y, 0) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(sign_is_valid(&Y));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &Y0) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
    mbedtls_mpi_free(&X0); mbedtls_mpi_free(&Y0);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_swap_self(char *X_hex)
{
    mbedtls_mpi X, X0;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&X0);

    TEST_ASSERT(mbedtls_test_read_mpi(&X,  X_hex) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&X0, X_hex) == 0);

    mbedtls_mpi_swap(&X, &X);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &X0) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&X0);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_shrink(int before, int used, int min, int after)
{
    mbedtls_mpi X;
    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_mpi_grow(&X, before) == 0);
    if (used > 0) {
        size_t used_bit_count = used * 8 * sizeof(mbedtls_mpi_uint);
        TEST_ASSERT(mbedtls_mpi_set_bit(&X, used_bit_count - 1, 1) == 0);
    }
    TEST_EQUAL(X.n, (size_t) before);
    TEST_ASSERT(mbedtls_mpi_shrink(&X, min) == 0);
    TEST_EQUAL(X.n, (size_t) after);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_add_mpi(char *input_X, char *input_Y,
                 char *input_A)
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_add_mpi(&Z, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

    /* result == first operand */
    TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    /* result == second operand */
    TEST_ASSERT(mbedtls_mpi_add_mpi(&Y, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Y));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_add_mpi_inplace(char *input_X, char *input_A)
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &X) == 0);
    TEST_ASSERT(mbedtls_mpi_cmp_int(&X, 0) == 0);
    TEST_ASSERT(sign_is_valid(&X));

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &X) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_mpi_add_mpi(&X, &X, &X) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
}
/* END_CASE */


/* BEGIN_CASE */
void mpi_add_abs(char *input_X, char *input_Y,
                 char *input_A)
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_add_abs(&Z, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

    /* result == first operand */
    TEST_ASSERT(mbedtls_mpi_add_abs(&X, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    /* result == second operand */
    TEST_ASSERT(mbedtls_mpi_add_abs(&Y, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Y));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_add_int(char *input_X, int input_Y,
                 char *input_A)
{
    mbedtls_mpi X, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_add_int(&Z, &X, input_Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_sub_mpi(char *input_X, char *input_Y,
                 char *input_A)
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_sub_mpi(&Z, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

    /* result == first operand */
    TEST_ASSERT(mbedtls_mpi_sub_mpi(&X, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    /* result == second operand */
    TEST_ASSERT(mbedtls_mpi_sub_mpi(&Y, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Y));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_sub_abs(char *input_X, char *input_Y,
                 char *input_A, int sub_result)
{
    mbedtls_mpi X, Y, Z, A;
    int res;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);

    res = mbedtls_mpi_sub_abs(&Z, &X, &Y);
    TEST_ASSERT(res == sub_result);
    TEST_ASSERT(sign_is_valid(&Z));
    if (res == 0) {
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
    }

    /* result == first operand */
    TEST_ASSERT(mbedtls_mpi_sub_abs(&X, &X, &Y) == sub_result);
    TEST_ASSERT(sign_is_valid(&X));
    if (sub_result == 0) {
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
    }
    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    /* result == second operand */
    TEST_ASSERT(mbedtls_mpi_sub_abs(&Y, &X, &Y) == sub_result);
    TEST_ASSERT(sign_is_valid(&Y));
    if (sub_result == 0) {
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Y, &A) == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_sub_int(char *input_X, int input_Y,
                 char *input_A)
{
    mbedtls_mpi X, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_sub_int(&Z, &X, input_Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mul_mpi(char *input_X, char *input_Y,
                 char *input_A)
{
    mbedtls_mpi X, Y, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_mul_mpi(&Z, &X, &Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mul_int(char *input_X, int input_Y,
                 char *input_A, char *result_comparison)
{
    mbedtls_mpi X, Z, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_mul_int(&Z, &X, input_Y) == 0);
    TEST_ASSERT(sign_is_valid(&Z));
    if (strcmp(result_comparison, "==") == 0) {
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
    } else if (strcmp(result_comparison, "!=") == 0) {
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) != 0);
    } else {
        TEST_ASSERT("unknown operator" == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_div_mpi(char *input_X, char *input_Y,
                 char *input_A, char *input_B,
                 int div_result)
{
    mbedtls_mpi X, Y, Q, R, A, B;
    int res;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R);
    mbedtls_mpi_init(&A); mbedtls_mpi_init(&B);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0);
    res = mbedtls_mpi_div_mpi(&Q, &R, &X, &Y);
    TEST_ASSERT(res == div_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&Q));
        TEST_ASSERT(sign_is_valid(&R));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0);
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R);
    mbedtls_mpi_free(&A); mbedtls_mpi_free(&B);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_div_int(char *input_X, int input_Y,
                 char *input_A, char *input_B,
                 int div_result)
{
    mbedtls_mpi X, Q, R, A, B;
    int res;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&R); mbedtls_mpi_init(&A);
    mbedtls_mpi_init(&B);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&B, input_B) == 0);
    res = mbedtls_mpi_div_int(&Q, &R, &X, input_Y);
    TEST_ASSERT(res == div_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&Q));
        TEST_ASSERT(sign_is_valid(&R));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Q, &A) == 0);
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&R, &B) == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&R); mbedtls_mpi_free(&A);
    mbedtls_mpi_free(&B);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mod_mpi(char *input_X, char *input_Y,
                 char *input_A, int div_result)
{
    mbedtls_mpi X, Y, A;
    int res;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    res = mbedtls_mpi_mod_mpi(&X, &X, &Y);
    TEST_ASSERT(res == div_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&X));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_mod_int(char *input_X, mbedtls_mpi_sint y,
                 mbedtls_mpi_sint a, int mod_result)
{
    mbedtls_mpi X;
    int res;
    mbedtls_mpi_uint r;

    mbedtls_mpi_init(&X);

    TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);

    res = mbedtls_mpi_mod_int(&r, &X, y);
    TEST_EQUAL(res, mod_result);
    if (res == 0) {
        TEST_EQUAL(r, a);
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_exp_mod(char *input_A, char *input_E,
                 char *input_N, char *input_X,
                 int exp_result)
{
    mbedtls_mpi A, E, N, RR, Z, X;
    int res;
    mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
    mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);

    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, NULL);
    TEST_ASSERT(res == exp_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&Z));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
    }

    /* Now test again with the speed-up parameter supplied as an output. */
    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
    TEST_ASSERT(res == exp_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&Z));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
    }

    /* Now test again with the speed-up parameter supplied in calculated form. */
    res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR);
    TEST_ASSERT(res == exp_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&Z));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &X) == 0);
    }

exit:
    mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
    mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes,
                      char *input_RR, int exp_result)
{
    mbedtls_mpi A, E, N, RR, Z;
    mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
    mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z);

    /* Set A to 2^(A_bytes - 1) + 1 */
    TEST_ASSERT(mbedtls_mpi_lset(&A, 1) == 0);
    TEST_ASSERT(mbedtls_mpi_shift_l(&A, (A_bytes * 8) - 1) == 0);
    TEST_ASSERT(mbedtls_mpi_set_bit(&A, 0, 1) == 0);

    /* Set E to 2^(E_bytes - 1) + 1 */
    TEST_ASSERT(mbedtls_mpi_lset(&E, 1) == 0);
    TEST_ASSERT(mbedtls_mpi_shift_l(&E, (E_bytes * 8) - 1) == 0);
    TEST_ASSERT(mbedtls_mpi_set_bit(&E, 0, 1) == 0);

    /* Set N to 2^(N_bytes - 1) + 1 */
    TEST_ASSERT(mbedtls_mpi_lset(&N, 1) == 0);
    TEST_ASSERT(mbedtls_mpi_shift_l(&N, (N_bytes * 8) - 1) == 0);
    TEST_ASSERT(mbedtls_mpi_set_bit(&N, 0, 1) == 0);

    if (strlen(input_RR)) {
        TEST_ASSERT(mbedtls_test_read_mpi(&RR, input_RR) == 0);
    }

    TEST_ASSERT(mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR) == exp_result);

exit:
    mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N);
    mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_inv_mod(char *input_X, char *input_Y,
                 char *input_A, int div_result)
{
    mbedtls_mpi X, Y, Z, A;
    int res;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&Y, input_Y) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    res = mbedtls_mpi_inv_mod(&Z, &X, &Y);
    TEST_ASSERT(res == div_result);
    if (res == 0) {
        TEST_ASSERT(sign_is_valid(&Z));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&Z, &A) == 0);
    }

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_is_prime(char *input_X, int div_result)
{
    mbedtls_mpi X;
    int res;
    mbedtls_mpi_init(&X);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    res = mbedtls_mpi_is_prime_ext(&X, 40, mbedtls_test_rnd_std_rand, NULL);
    TEST_ASSERT(res == div_result);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_is_prime_det(data_t *input_X, data_t *witnesses,
                      int chunk_len, int rounds)
{
    mbedtls_mpi X;
    int res;
    mbedtls_test_mpi_random rand;

    mbedtls_mpi_init(&X);
    rand.data = witnesses;
    rand.pos = 0;
    rand.chunk_len = chunk_len;

    TEST_ASSERT(mbedtls_mpi_read_binary(&X, input_X->x, input_X->len) == 0);
    res = mbedtls_mpi_is_prime_ext(&X, rounds - 1,
                                   mbedtls_test_mpi_miller_rabin_determinizer,
                                   &rand);
    TEST_ASSERT(res == 0);

    rand.data = witnesses;
    rand.pos = 0;
    rand.chunk_len = chunk_len;

    res = mbedtls_mpi_is_prime_ext(&X, rounds,
                                   mbedtls_test_mpi_miller_rabin_determinizer,
                                   &rand);
    TEST_ASSERT(res == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE);

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
void mpi_gen_prime(int bits, int flags, int ref_ret)
{
    mbedtls_mpi X;
    int my_ret;

    mbedtls_mpi_init(&X);

    my_ret = mbedtls_mpi_gen_prime(&X, bits, flags,
                                   mbedtls_test_rnd_std_rand, NULL);
    TEST_ASSERT(my_ret == ref_ret);

    if (ref_ret == 0) {
        size_t actual_bits = mbedtls_mpi_bitlen(&X);

        TEST_ASSERT(actual_bits >= (size_t) bits);
        TEST_ASSERT(actual_bits <= (size_t) bits + 1);
        TEST_ASSERT(sign_is_valid(&X));

        TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40,
                                             mbedtls_test_rnd_std_rand,
                                             NULL) == 0);
        if (flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH) {
            /* X = ( X - 1 ) / 2 */
            TEST_ASSERT(mbedtls_mpi_shift_r(&X, 1) == 0);
            TEST_ASSERT(mbedtls_mpi_is_prime_ext(&X, 40,
                                                 mbedtls_test_rnd_std_rand,
                                                 NULL) == 0);
        }
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_shift_l(char *input_X, int shift_X,
                 char *input_A)
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_shift_l(&X, shift_X) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_shift_r(char *input_X, int shift_X,
                 char *input_A)
{
    mbedtls_mpi X, A;
    mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);

    TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&A, input_A) == 0);
    TEST_ASSERT(mbedtls_mpi_shift_r(&X, shift_X) == 0);
    TEST_ASSERT(sign_is_valid(&X));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&X, &A) == 0);

exit:
    mbedtls_mpi_free(&X); mbedtls_mpi_free(&A);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_fill_random(int wanted_bytes, int rng_bytes,
                     int before, int expected_ret)
{
    mbedtls_mpi X;
    int ret;
    size_t bytes_left = rng_bytes;
    mbedtls_mpi_init(&X);

    if (before != 0) {
        /* Set X to sign(before) * 2^(|before|-1) */
        TEST_ASSERT(mbedtls_mpi_lset(&X, before > 0 ? 1 : -1) == 0);
        if (before < 0) {
            before = -before;
        }
        TEST_ASSERT(mbedtls_mpi_shift_l(&X, before - 1) == 0);
    }

    ret = mbedtls_mpi_fill_random(&X, wanted_bytes,
                                  f_rng_bytes_left, &bytes_left);
    TEST_ASSERT(ret == expected_ret);

    if (expected_ret == 0) {
        /* mbedtls_mpi_fill_random is documented to use bytes from the RNG
         * as a big-endian representation of the number. We know when
         * our RNG function returns null bytes, so we know how many
         * leading zero bytes the number has. */
        size_t leading_zeros = 0;
        if (wanted_bytes > 0 && rng_bytes % 256 == 0) {
            leading_zeros = 1;
        }
        TEST_ASSERT(mbedtls_mpi_size(&X) + leading_zeros ==
                    (size_t) wanted_bytes);
        TEST_ASSERT((int) bytes_left == rng_bytes - wanted_bytes);
        TEST_ASSERT(sign_is_valid(&X));
    }

exit:
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_random_many(int min, data_t *bound_bytes, int iterations)
{
    /* Generate numbers in the range 1..bound-1. Do it iterations times.
     * This function assumes that the value of bound is at least 2 and
     * that iterations is large enough that a one-in-2^iterations chance
     * effectively never occurs.
     */

    mbedtls_mpi upper_bound;
    size_t n_bits;
    mbedtls_mpi result;
    size_t b;
    /* If upper_bound is small, stats[b] is the number of times the value b
     * has been generated. Otherwise stats[b] is the number of times a
     * value with bit b set has been generated. */
    size_t *stats = NULL;
    size_t stats_len;
    int full_stats;
    size_t i;

    mbedtls_mpi_init(&upper_bound);
    mbedtls_mpi_init(&result);

    TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound,
                                          bound_bytes->x, bound_bytes->len));
    n_bits = mbedtls_mpi_bitlen(&upper_bound);
    /* Consider a bound "small" if it's less than 2^5. This value is chosen
     * to be small enough that the probability of missing one value is
     * negligible given the number of iterations. It must be less than
     * 256 because some of the code below assumes that "small" values
     * fit in a byte. */
    if (n_bits <= 5) {
        full_stats = 1;
        stats_len = bound_bytes->x[bound_bytes->len - 1];
    } else {
        full_stats = 0;
        stats_len = n_bits;
    }
    TEST_CALLOC(stats, stats_len);

    for (i = 0; i < (size_t) iterations; i++) {
        mbedtls_test_set_step(i);
        TEST_EQUAL(0, mbedtls_mpi_random(&result, min, &upper_bound,
                                         mbedtls_test_rnd_std_rand, NULL));

        TEST_ASSERT(sign_is_valid(&result));
        TEST_ASSERT(mbedtls_mpi_cmp_mpi(&result, &upper_bound) < 0);
        TEST_ASSERT(mbedtls_mpi_cmp_int(&result, min) >= 0);
        if (full_stats) {
            uint8_t value;
            TEST_EQUAL(0, mbedtls_mpi_write_binary(&result, &value, 1));
            TEST_ASSERT(value < stats_len);
            ++stats[value];
        } else {
            for (b = 0; b < n_bits; b++) {
                stats[b] += mbedtls_mpi_get_bit(&result, b);
            }
        }
    }

    if (full_stats) {
        for (b = min; b < stats_len; b++) {
            mbedtls_test_set_step(1000000 + b);
            /* Assert that each value has been reached at least once.
             * This is almost guaranteed if the iteration count is large
             * enough. This is a very crude way of checking the distribution.
             */
            TEST_ASSERT(stats[b] > 0);
        }
    } else {
        int statistically_safe_all_the_way =
            is_significantly_above_a_power_of_2(bound_bytes);
        for (b = 0; b < n_bits; b++) {
            mbedtls_test_set_step(1000000 + b);
            /* Assert that each bit has been set in at least one result and
             * clear in at least one result. Provided that iterations is not
             * too small, it would be extremely unlikely for this not to be
             * the case if the results are uniformly distributed.
             *
             * As an exception, the top bit may legitimately never be set
             * if bound is a power of 2 or only slightly above.
             */
            if (statistically_safe_all_the_way || b != n_bits - 1) {
                TEST_ASSERT(stats[b] > 0);
            }
            TEST_ASSERT(stats[b] < (size_t) iterations);
        }
    }

exit:
    mbedtls_mpi_free(&upper_bound);
    mbedtls_mpi_free(&result);
    mbedtls_free(stats);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_random_sizes(int min, data_t *bound_bytes, int nlimbs, int before)
{
    mbedtls_mpi upper_bound;
    mbedtls_mpi result;

    mbedtls_mpi_init(&upper_bound);
    mbedtls_mpi_init(&result);

    if (before != 0) {
        /* Set result to sign(before) * 2^(|before|-1) */
        TEST_ASSERT(mbedtls_mpi_lset(&result, before > 0 ? 1 : -1) == 0);
        if (before < 0) {
            before = -before;
        }
        TEST_ASSERT(mbedtls_mpi_shift_l(&result, before - 1) == 0);
    }

    TEST_EQUAL(0, mbedtls_mpi_grow(&result, nlimbs));
    TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound,
                                          bound_bytes->x, bound_bytes->len));
    TEST_EQUAL(0, mbedtls_mpi_random(&result, min, &upper_bound,
                                     mbedtls_test_rnd_std_rand, NULL));
    TEST_ASSERT(sign_is_valid(&result));
    TEST_ASSERT(mbedtls_mpi_cmp_mpi(&result, &upper_bound) < 0);
    TEST_ASSERT(mbedtls_mpi_cmp_int(&result, min) >= 0);

exit:
    mbedtls_mpi_free(&upper_bound);
    mbedtls_mpi_free(&result);
}
/* END_CASE */

/* BEGIN_CASE */
void mpi_random_fail(int min, data_t *bound_bytes, int expected_ret)
{
    mbedtls_mpi upper_bound;
    mbedtls_mpi result;
    int actual_ret;

    mbedtls_mpi_init(&upper_bound);
    mbedtls_mpi_init(&result);

    TEST_EQUAL(0, mbedtls_mpi_read_binary(&upper_bound,
                                          bound_bytes->x, bound_bytes->len));
    actual_ret = mbedtls_mpi_random(&result, min, &upper_bound,
                                    mbedtls_test_rnd_std_rand, NULL);
    TEST_EQUAL(expected_ret, actual_ret);

exit:
    mbedtls_mpi_free(&upper_bound);
    mbedtls_mpi_free(&result);
}
/* END_CASE */

/* BEGIN_CASE */
void most_negative_mpi_sint()
{
    /* Ad hoc tests for n = -p = -2^(biL-1) as a mbedtls_mpi_sint. We
     * guarantee that mbedtls_mpi_sint is a two's complement type, so this
     * is a valid value. However, negating it (`-n`) has undefined behavior
     * (although in practice `-n` evaluates to the value n).
     *
     * This function has ad hoc tests for this value. It's separated from other
     * functions because the test framework makes it hard to pass this value
     * into test cases.
     *
     * In the comments here:
     * - biL = number of bits in limbs
     * - p = 2^(biL-1) (smallest positive value not in mbedtls_mpi_sint range)
     * - n = -2^(biL-1) (largest negative value in mbedtls_mpi_sint range)
     */

    mbedtls_mpi A, R, X;
    mbedtls_mpi_init(&A);
    mbedtls_mpi_init(&R);
    mbedtls_mpi_init(&X);

    const size_t biL = 8 * sizeof(mbedtls_mpi_sint);
    mbedtls_mpi_uint most_positive_plus_1 = (mbedtls_mpi_uint) 1 << (biL - 1);
    const mbedtls_mpi_sint most_positive = most_positive_plus_1 - 1;
    const mbedtls_mpi_sint most_negative = -most_positive - 1;
    TEST_EQUAL((mbedtls_mpi_uint) most_negative,
               (mbedtls_mpi_uint) 1 << (biL - 1));
    TEST_EQUAL((mbedtls_mpi_uint) most_negative << 1, 0);

    /* Test mbedtls_mpi_lset() */
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
    TEST_EQUAL(A.s, -1);
    TEST_EQUAL(A.n, 1);
    TEST_EQUAL(A.p[0], most_positive_plus_1);

    /* Test mbedtls_mpi_cmp_int(): -p == -p */
    TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 0);

    /* Test mbedtls_mpi_cmp_int(): -(p+1) < -p */
    A.p[0] = most_positive_plus_1 + 1;
    TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), -1);

    /* Test mbedtls_mpi_cmp_int(): -(p-1) > -p */
    A.p[0] = most_positive_plus_1 - 1;
    TEST_EQUAL(mbedtls_mpi_cmp_int(&A, most_negative), 1);

    /* Test mbedtls_mpi_add_int(): (p-1) + (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
    TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0);

    /* Test mbedtls_mpi_add_int(): (0) + (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0);
    TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, most_negative), 0);

    /* Test mbedtls_mpi_add_int(): (-p) + (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_add_int(&X, &A, most_negative), 0);
    TEST_EQUAL(X.s, -1);
    TEST_EQUAL(X.n, 2);
    TEST_EQUAL(X.p[0], 0);
    TEST_EQUAL(X.p[1], 1);

    /* Test mbedtls_mpi_sub_int(): (p) - (-p) */
    mbedtls_mpi_free(&X);
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
    TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
    TEST_EQUAL(X.s, 1);
    TEST_EQUAL(X.n, 1);
    TEST_EQUAL(X.p[0], ~(mbedtls_mpi_uint) 0);

    /* Test mbedtls_mpi_sub_int(): (0) - (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, 0), 0);
    TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
    TEST_EQUAL(X.s, 1);
    TEST_EQUAL(X.n, 1);
    TEST_EQUAL(X.p[0], most_positive_plus_1);

    /* Test mbedtls_mpi_sub_int(): (-p) - (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_sub_int(&X, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);

    /* Test mbedtls_mpi_div_int(): (-p+1) / (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, -most_positive), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0);

    /* Test mbedtls_mpi_div_int(): (-p) / (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);

    /* Test mbedtls_mpi_div_int(): (-2*p) / (-p) */
    TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 2), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);

    /* Test mbedtls_mpi_div_int(): (-2*p+1) / (-p) */
    TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 1), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, -most_positive), 0);

    /* Test mbedtls_mpi_div_int(): (p-1) / (-p) */
    TEST_EQUAL(mbedtls_mpi_lset(&A, most_positive), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, 0), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, most_positive), 0);

    /* Test mbedtls_mpi_div_int(): (p) / (-p) */
    TEST_EQUAL(mbedtls_mpi_add_int(&A, &A, 1), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -1), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);

    /* Test mbedtls_mpi_div_int(): (2*p) / (-p) */
    TEST_EQUAL(mbedtls_mpi_shift_l(&A, 1), 0);
    TEST_EQUAL(mbedtls_mpi_div_int(&X, &R, &A, most_negative), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&X, -2), 0);
    TEST_EQUAL(mbedtls_mpi_cmp_int(&R, 0), 0);

    /* Test mbedtls_mpi_mod_int(): never valid */
    TEST_EQUAL(mbedtls_mpi_mod_int(X.p, &A, most_negative),
               MBEDTLS_ERR_MPI_NEGATIVE_VALUE);

    /* Test mbedtls_mpi_random(): never valid */
    TEST_EQUAL(mbedtls_mpi_random(&X, most_negative, &A,
                                  mbedtls_test_rnd_std_rand, NULL),
               MBEDTLS_ERR_MPI_BAD_INPUT_DATA);

exit:
    mbedtls_mpi_free(&A);
    mbedtls_mpi_free(&R);
    mbedtls_mpi_free(&X);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mpi_selftest()
{
    TEST_ASSERT(mbedtls_mpi_self_test(1) == 0);
}
/* END_CASE */