Convert test_exp to bn_tests.txt.

Amazingly, this function actually has (not crypto-related) callers, despite
being pretty much useless for cryptography.

BUG=31

Change-Id: I440827380995695c7a15bbf2220a05ffb28d9335
Reviewed-on: https://boringssl-review.googlesource.com/8594
Reviewed-by: David Benjamin <davidben@google.com>

3 files changed, 49 insertions, 51 deletions

diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index 6cabbd08..91994000 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -100,7 +100,6 @@ static const int num2 = 5;   // number of tests for slow functions
 
 static int rand_neg();
 
-static bool test_exp(FILE *fp, BN_CTX *ctx);
 static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx);
 static bool TestBN2BinPadded(BN_CTX *ctx);
 static bool TestDec2BN(BN_CTX *ctx);
@@ -171,12 +170,6 @@ int main(int argc, char *argv[]) {
                          "| grep -v 0 */\n");
   puts_fp(bc_file.get(), "obase=16\nibase=16\n");
 
-  message(bc_file.get(), "BN_exp");
-  if (!test_exp(bc_file.get(), ctx.get())) {
-    return 1;
-  }
-  flush_fp(bc_file.get());
-
   message(bc_file.get(), "BN_mod_sqrt");
   if (!test_mod_sqrt(bc_file.get(), ctx.get())) {
     return 1;
@@ -650,6 +643,24 @@ static bool TestModExp(FileTest *t, BN_CTX *ctx) {
   return true;
 }
 
+static bool TestExp(FileTest *t, BN_CTX *ctx) {
+  ScopedBIGNUM a = GetBIGNUM(t, "A");
+  ScopedBIGNUM e = GetBIGNUM(t, "E");
+  ScopedBIGNUM exp = GetBIGNUM(t, "Exp");
+  if (!a || !e || !exp) {
+    return false;
+  }
+
+  ScopedBIGNUM ret(BN_new());
+  if (!ret ||
+      !BN_exp(ret.get(), a.get(), e.get(), ctx) ||
+      !ExpectBIGNUMsEqual(t, "A ^ E", exp.get(), ret.get())) {
+    return false;
+  }
+
+  return true;
+}
+
 struct Test {
   const char *name;
   bool (*func)(FileTest *t, BN_CTX *ctx);
@@ -665,6 +676,7 @@ static const Test kTests[] = {
     {"Quotient", TestQuotient},
     {"ModMul", TestModMul},
     {"ModExp", TestModExp},
+    {"Exp", TestExp},
 };
 
 static bool RunTest(FileTest *t, void *arg) {
@@ -686,50 +698,6 @@ static int rand_neg() {
   return sign[(neg++) % 8];
 }
 
-static bool test_exp(FILE *fp, BN_CTX *ctx) {
-  ScopedBIGNUM a(BN_new());
-  ScopedBIGNUM b(BN_new());
-  ScopedBIGNUM d(BN_new());
-  ScopedBIGNUM e(BN_new());
-  if (!a || !b || !d || !e) {
-    return false;
-  }
-
-  for (int i = 0; i < num2; i++) {
-    if (!BN_rand(a.get(), 20 + i * 5, 0, 0) ||
-        !BN_rand(b.get(), 2 + i, 0, 0) ||
-        !BN_exp(d.get(), a.get(), b.get(), ctx)) {
-      return false;
-    }
-
-    if (fp != NULL) {
-      BN_print_fp(fp, a.get());
-      puts_fp(fp, " ^ ");
-      BN_print_fp(fp, b.get());
-      puts_fp(fp, " - ");
-      BN_print_fp(fp, d.get());
-      puts_fp(fp, "\n");
-    }
-    if (!BN_one(e.get())) {
-      return false;
-    }
-    while (!BN_is_zero(b.get())) {
-      if (!BN_mul(e.get(), e.get(), a.get(), ctx) ||
-          !BN_sub(b.get(), b.get(), BN_value_one())) {
-        return false;
-      }
-    }
-    if (!BN_sub(e.get(), e.get(), d.get())) {
-      return false;
-    }
-    if (!BN_is_zero(e.get())) {
-      fprintf(stderr, "Exponentiation test failed!\n");
-      return false;
-    }
-  }
-  return true;
-}
-
 static bool test_mod_sqrt(FILE *fp, BN_CTX *ctx) {
   ScopedBIGNUM a(BN_new());
   ScopedBIGNUM p(BN_new());
diff --git a/crypto/bn/bn_tests.txt b/crypto/bn/bn_tests.txt
index b93e1f92..48678bc6 100644
--- a/crypto/bn/bn_tests.txt
+++ b/crypto/bn/bn_tests.txt
@@ -10178,3 +10178,28 @@ ModExp = ba16d7f3f6e162ce248490d164a13c00e7720d8a667e2d3ebeb13f1663e15ef5408d5b5
 A = 9025e6183706105e948b1b0edf922f9011b9e11887d70adb00b26f272b9e76a38f3099084d9cccf12d04b1a99c0f654f8b9ed90c6dff9478c60bf05d58d734ab60eaefa14a22230ec60c90dc1f0704b61eef0bef345785ae0e6a9af7db069cf6bd2b4e0fe58a0ade83c7e46a04b9fe1d24cb9b65c6f80de713e61d70eae5b286
 E = d7e6df5d755284929b986cd9b61c9c2c8843f24c711fbdbae1a468edcae159400943725570726cdc92b3ea94f9f206729516fdda83e31d815b0c7720e7598a91d992273e3bd8ac413b441d8f1dfe5aa7c3bf3ef573adc38292676217467731e6cf440a59611b8110af88d3e62f60209b513b01fbb69a097458ad02096b5e38f0
 M = e4e784aa1fa88625a43ba0185a153a929663920be7fe674a4d33c943d3b898cff051482e7050a070cede53be5e89f31515772c7aea637576f99f82708f89d9e244f6ad3a24a02cbe5c0ff7bcf2dad5491f53db7c3f2698a7c41b44f086652f17bb05fe4c5c0a92433c34086b49d7e1825b28bab6c5a9bd0bc95b53d659afa0d7
+
+
+# Exp tests.
+#
+# These test vectors satisfy A ^ E = Exp.
+
+Exp = aa6d7ac431
+A = d0e07
+E = 2
+
+Exp = 12d416b110dbb4e467ff0c89a22122f4da8240
+A = 1a18cf6
+E = 6
+
+Exp = 49a3b33e23d84f1ce0d5d83f5dcb651d50cf3920f0143da2310d0512a90a06cd8f38977df8a756c30883de38df092000
+A = 2a3acbd2
+E = d
+
+Exp = 5b4a0d5a956f885f275712b194459980f24708bfb6393d71bd37dce852ce455724f5ee5030775fb86b4295edc98afaafc097e4d82a97c0078ec0eac763db16549c5145c4cf2d3124f88cf9a5c71da0625afb99b26801786fe49a778415dc025954021753d08691947a208b613f0be5c1
+A = 54b3ae461
+E = 1a
+
+Exp = a0ea5f6a4de49beb8fb7f0dab280d6a32c5a3814c9a5153a7944cec0a9028497846a8a89044348721a0bb5f0c3ded3e980574ea321b0cdb0ead4f4e93841ea7478a7f15d9729b646a8165813a0750e8124f5465dda9b105e1bbeff18fd09c09a2e26610d9176d253b877c3a8908a6be521cbe1e472a7a1b7820e4e890f8f28aacd34609c686e76e15b01bd9324a71290812724ea564d11c874a6765b262c3e57d479da0287a76026a1e8fe53da0b02405da1d379eaa30fc65f
+A = fccec0f6df
+E = 25
diff --git a/crypto/bn/check_bn_tests.go b/crypto/bn/check_bn_tests.go
index d49c2b76..96411667 100644
--- a/crypto/bn/check_bn_tests.go
+++ b/crypto/bn/check_bn_tests.go
@@ -222,6 +222,11 @@ func main() {
 				r := new(big.Int).Exp(test.Values["A"], test.Values["E"], test.Values["M"])
 				checkResult(test, "A ^ E (mod M)", "ModExp", r)
 			}
+		case "Exp":
+			if checkKeys(test, "A", "E", "Exp") {
+				r := new(big.Int).Exp(test.Values["A"], test.Values["E"], nil)
+				checkResult(test, "A ^ E", "Exp", r)
+			}
 		default:
 			fmt.Fprintf(os.Stderr, "Line %d: unknown test type %q.\n", test.LineNumber, test.Type)
 		}