Comments (4)
mpg
commented on May 21, 2024
After a quick glance, I think the test suite is to blame; more specifically, the not_rnd() helper function. So if my analysis is correct, ecdh and ecdsa are probably working properly on big-endian, despite the failing tests. (Experimental support for this hypothesis: the underlying ecp functions pass the test suite, and only the test using not_rnd() fail.) I'll prepare a patch for this shortly.
from mbedtls.
mpg
commented on May 21, 2024
The following patch should work. As I don't have easy access to a big-endian
machine right now, I'd really appreciate if you could test it!
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 881a0ac..b334954 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,6 +2,14 @@
#include "polarssl/memory.h"
#endif
+#if defined(WANT_NOT_RND_MPI)
+#if defined(POLARSSL_BIGNUM_C)
+#include "polarssl/bignum.h"
+#else
+#error "not_rnd_mpi() need bignum.c"
+#endif
+#endif
+
#ifdef _MSC_VER
#include <basetsd.h>
typedef UINT32 uint32_t;
@@ -225,48 +233,36 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
return( 0 );
}
+#if defined(WANT_NOT_RND_MPI)
/**
- * This function returns a buffer given as a hex string.
+ * NOT random function, to match test vectors.
*
- * The buffer is reversed so that the following are equivalent:
- * mpi_fill_random( x, len, not_rnd, str );
+ * The following are equivalent:
+ * mpi_fill_random( x, strlen( str ) / 2, not_rnd, str );
* mpi_read_string( x, 16, str );
- * (So, not random at all. Usefull to match test vectors.)
- * Based on unhexify(), just reversed (changes marked by "sic")
+ * Warning: no other use is supported!
*/
-static int not_rnd( void *in, unsigned char *out, size_t len )
+#define ciL (sizeof(t_uint)) /* chars in limb */
+#define CHARS_TO_LIMBS(i) (((i) + ciL - 1) / ciL)
+static int not_rnd_mpi( void *in, unsigned char *out, size_t len )
{
- unsigned char *obuf;
- const char *ibuf = in;
- unsigned char c, c2;
- assert( len == strlen(ibuf) / 2 );
- assert(!(strlen(ibuf) %1)); // must be even number of bytes
-
- obuf = out + (len - 1); // sic
- while (*ibuf != 0)
- {
- c = *ibuf++;
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- assert( 0 );
-
- c2 = *ibuf++;
- if( c2 >= '0' && c2 <= '9' )
- c2 -= '0';
- else if( c2 >= 'a' && c2 <= 'f' )
- c2 -= 'a' - 10;
- else if( c2 >= 'A' && c2 <= 'F' )
- c2 -= 'A' - 10;
- else
- assert( 0 );
-
- *obuf-- = ( c << 4 ) | c2; // sic
- }
-
- return( 0 );
+ char *str = (char *) in;
+ mpi X;
+
+ /*
+ * The 'in' pointer we get is from an MPI prepared by mpi_fill_random(),
+ * just reconstruct the rest in order to be able to call mpi_read_string()
+ */
+ X.s = 1;
+ X.p = (t_uint *) out;
+ X.n = CHARS_TO_LIMBS( len );
+
+ /*
+ * If str is too long, mpi_read_string() will try to allocate a new buffer
+ * for X.p, which we want to avoid at all costs.
+ */
+ assert( strlen( str ) / 2 == len );
+
+ return( mpi_read_string( &X, 16, str ) );
}
+#endif /* WANT_NOT_RND_MPI */
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index ba35c76..63917d7 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include <polarssl/ecdh.h>
+#define WANT_NOT_RND_MPI
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -57,14 +58,14 @@ void ecdh_primitive_testvec( int id, char *dA_str, char *xA_str, char *yA_str,
TEST_ASSERT( ecp_use_known_dp( &grp, id ) == 0 );
- TEST_ASSERT( ecdh_gen_public( &grp, &dA, &qA, ¬_rnd, dA_str ) == 0 );
+ TEST_ASSERT( ecdh_gen_public( &grp, &dA, &qA, ¬_rnd_mpi, dA_str ) == 0 );
TEST_ASSERT( ! ecp_is_zero( &qA ) );
TEST_ASSERT( mpi_read_string( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qA.X, &check ) == 0 );
TEST_ASSERT( mpi_read_string( &check, 16, yA_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qA.Y, &check ) == 0 );
- TEST_ASSERT( ecdh_gen_public( &grp, &dB, &qB, ¬_rnd, dB_str ) == 0 );
+ TEST_ASSERT( ecdh_gen_public( &grp, &dB, &qB, ¬_rnd_mpi, dB_str ) == 0 );
TEST_ASSERT( ! ecp_is_zero( &qB ) );
TEST_ASSERT( mpi_read_string( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &qB.X, &check ) == 0 );
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 5ccb39d..34307ca 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include <polarssl/ecdsa.h>
+#define WANT_NOT_RND_MPI
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -63,7 +64,7 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
len = unhexify(buf, hash_str);
TEST_ASSERT( ecdsa_sign( &grp, &r, &s, &d, buf, len,
- ¬_rnd, k_str ) == 0 );
+ ¬_rnd_mpi, k_str ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &r, &r_check ) == 0 );
TEST_ASSERT( mpi_cmp_mpi( &s, &s_check ) == 0 );
(I hope github markup doesn't make the patch unusable.)
EDIT: just in case: http://pastebin.com/raw.php?i=UaEf2XXz
from mbedtls.
tcoppi
commented on May 21, 2024
That fixed it! Thanks for responding so quickly :)
from mbedtls.
pjbakker
commented on May 21, 2024
Integrated into development branch and included for 1.3.2 release
from mbedtls.
Related Issues (20)
- Replace `MBEDTLS_MD_CAN_MD5` and `MBEDTLS_MD_CAN_RIPEMD160` macros with its `PSA_WANT` counterpartarts
- Replace `MBEDTLS_MD_CAN_SHA224` with its `PSA_WANT` counterpartart
- Replace `MBEDTLS_MD_CAN_SHA256` with its `PSA_WANT` counterpartart
- Replace `MBEDTLS_MD_CAN_SHA384` with its `PSA_WANT` counterpartart
- Replace `MBEDTLS_MD_CAN_SHA512` with its `PSA_WANT` counterpartart
- Replace `MBEDTLS_MD_CAN_SHA3_*` with its `PSA_WANT` counterpartarts
- Client certificate verify HOT 1
- mbedtls_pk_sign_ext() returned -16000 (-0x3e80) HOT 1
- Do not perform adjustments on legacy crypto from PSA, when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C HOT 2
- Can't disable certificate verification with TLSv1.3 HOT 2
- MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET breaks backwards-compatibility? HOT 1
- Clean up psk_list in ssl-opt.sh
- Support the `crypto_config.h` usage in depends.py
- Update the `cipher_id` domain to use PSA macros in `depends.py`
- Update the `cipher_chaining` domain to use PSA macros in `depends.py`
- Update the `curves` domain to use PSA macros in `depends.py`
- Update the `hashes` domain to use PSA macros in `depends.py`
- Update the `pkalgs` domain to use PSA macros in `depends.py`
- Guidance to remove check_config.h inclusion from mbedtls_config.h
- CMake: Dependency scope HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mbedtls.