muladd() (restartable or not) is only available when at least one short
weirstrass curve is enabled.
Found by depends.py curves (now that restartable is part of full).
Also, document that restartable only work for short weierstrass curves
(actually unrelated, but this made me think of that).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Spec values are now always used for test data, and conversion to
internal representation is done in the test function.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Test cases added to check curve parameters and information for each
curve supported. Expected parameters are taken from references: SEC 2
for NIST, RFC 5639 for Brainpool, and RFC 7748 for curve25519/curve448.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Replace calls to mbedtls_mpi_read_string() with a wrapper
mbedtls_test_read_mpi() when reading test data except for the purpose
of testing mbedtls_mpi_read_string() itself. The wrapper lets the test
data control precisely how many limbs the constructed MPI has.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix trivial faulty calls in ECP test suite and ECP/ECJPAKE self-tests (by
adding a dummy RNG).
Several tests suites are not passing yet, as a couple of library
function do call ecp_mul() with a NULL RNG. The complexity of the fixes
range from "simple refactoring" to "requires API changes", so these will
be addressed in separate commits.
This makes the option MBEDTLS_ECP_NO_INTERNAL_RNG, as well as the whole
"internal RNG" code, obsolete. This will be addressed in a future
commit, after getting the test suites to pass again.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Since mbedtls_mpi_random() is not specific to ECC code, move it from
the ECP module to the bignum module.
This increases the code size in builds without short Weierstrass
curves (including builds without ECC at all) that do not optimize out
unused functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rename mbedtls_ecp_gen_privkey_sw to mbedtls_mpi_random since it has
no particular connection to elliptic curves beyond the fact that its
operation is defined by the deterministic ECDSA specification. This is
a generic function that generates a random MPI between 1 inclusive and
N exclusive.
Slightly generalize the function to accept a different lower bound,
which adds a negligible amount of complexity.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add unit tests for private key generation on short Weierstrass curves.
These tests validate that the result is within the desired range.
Additionally, they validate that after performing many iterations, the
range is covered to an acceptable extent: for tiny ranges, all values
must be reached; for larger ranges, all value bits must reach both 0
and 1.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test the exact output from known RNG input. This is overly
constraining, but ensures that the code has good properties.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove tests related to NULL pointers,
keep tests related to invalid enum values.
Remove test code related to MBEDTLS_CHECK_PARAMS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
Write a simple unit test for mbedtls_ecp_muladd().
Add just one pair of test cases. #2 fails since PR #3512. Thanks to
Philippe Antoine (catenacyber) for the test case, found by ecfuzzer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ecp_write_key is a mirror function to mbedtls_ecp_read_key, which
writes a private key back into a byte buffer in the correct format.
This is a helpful convenience function, since the byte order is defined
differently between Montgomery and Weierstrass curves. Since this difference
is accounted for in mbedtls_ecp_read_key, it made sense to add
mbedtls_ecp_write_key for the purpose of abstracting this away such that
psa_export_key doesn't need to take byte order into account.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:
grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep "\<mbedtls_test_rnd_"
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
