This patch adds the test for the method calculating the RR. The input/expected
data are generated manually using the following Python3 snippet:
~~~~~
import math
title="mpi_get_montgomery_constant_unsafe"
tt = title + " #{}"
in_data = [ "0f", ... ]
def limb_no(number, bil=64):
return int(math.ceil(int.bit_length(number)/(bil * 1.0)))
def calc_rr(number, bil=64 ):
return '{:x}'.format(pow(pow(2, limb_no(number, bil) * bil), 2, number))
def calc_rr_str(number, prefix=""):
rr64 = calc_rr(number)
rr32 = calc_rr(number, bil=32)
return '{}:"{:x}":"{}":"{}"'.format(prefix,number, rr32, rr64)
print("\n\n".join(["{}\n{}".format(tt.format(in_data.index(v)+1), calc_rr_str(int(v,base=16), title)) for v in in_data]))
~~~~~
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.
These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface. Make a different module the example.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.
Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.
Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>