Test some Euler pseudoprimes.
The Miller-Rabin test is an extension of the Fermat test (in addition to
looking for a^(n-1) != 1, it also looks for a non-trivial square root of
unity). It thus seems prudent to sanity-check we indeed reject Fermat
pseudoprimes. Euler pseudoprimes are a stronger constraint, so test
those.
Change-Id: I959769de2da3f8579403621bcf893e7c9247ca33
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37785
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/bn/bn_test.cc b/crypto/fipsmodule/bn/bn_test.cc
index b7427d5..23c7574 100644
--- a/crypto/fipsmodule/bn/bn_test.cc
+++ b/crypto/fipsmodule/bn/bn_test.cc
@@ -2012,10 +2012,10 @@
nullptr /* callback */));
EXPECT_EQ(0, is_probably_prime_2);
- // The following composite numbers come from http://oeis.org/A014233 and are
- // such that the first several primes are not a Miller-Rabin composite
- // witness.
- static const char *kA014233[] = {
+ static const char *kComposites[] = {
+ // The following composite numbers come from http://oeis.org/A014233 and
+ // are such that the first several primes are not a Miller-Rabin composite
+ // witness.
"2047",
"1373653",
"25326001",
@@ -2026,8 +2026,44 @@
"3825123056546413051",
"318665857834031151167461",
"3317044064679887385961981",
+
+ // The following composite numbers come from https://oeis.org/A033181
+ // which lists Euler pseudoprimes. These are false positives for the
+ // Fermat primality
+ // test.
+ "1729",
+ "2465",
+ "15841",
+ "41041",
+ "46657",
+ "75361",
+ "162401",
+ "172081",
+ "399001",
+ "449065",
+ "488881",
+ "530881",
+ "656601",
+ "670033",
+ "838201",
+ "997633",
+ "1050985",
+ "1615681",
+ "1773289",
+ "1857241",
+ "2113921",
+ "2433601",
+ "2455921",
+ "2704801",
+ "3057601",
+ "3224065",
+ "3581761",
+ "3664585",
+ "3828001",
+ "4463641",
+ "4903921",
};
- for (const char *str : kA014233) {
+ for (const char *str : kComposites) {
SCOPED_TRACE(str);
EXPECT_NE(0, DecimalToBIGNUM(&p, str));