Support committed generated test data and add PQCP test data#690
Conversation
b5dfcf7 to
4548694
Compare
bjwtaylor
left a comment
There was a problem hiding this comment.
The PR looks good, I had one question mainly for interest as to what the plan is for testing code enabled by TF_PSA_CRYPTO_PQCP_MLDSA_87_ENABLED. A quick, but by no means extensive grep for this config didn't produce any results in the tests. Do we have CI tests currently added that will build and test with this config, or is this future planned work? Or have I misunderstood a part of the future architecture?
|
@bjwtaylor A lot of You can check which components run a specific test, or with a specific option enabled, in the outcome file. The outcome-analysis job on the CI fails if a test case is never executed. |
Well, should we backport the removal of the line length limitation in test data files there? I feel in the future it's going to be annoying if we have some test data that works in crypto/developmnet but then fails when trying to backport to 3.6. |
I get your point. But also, in 3.6, currently, you can run some test suites without a heap, if the library is built without a heap. Granted, few test suites don't use malloc themselves anyway, and few users on constrainted platforms actually run the unit tests. But that's still the sort of requirement change that I'm uncomfortable with in an LTS branch. |
3412e90 to
1b0ebf2
Compare
mpg
left a comment
There was a problem hiding this comment.
Looking pretty good to me, but a some minor and a few less minor points.
I have been able to reproduce the generated file locally with Python 3.12 (default in Ubuntu 24.04) in a fresh venv after running only scripts/min_requirements.py.
Check the Python version, not the presence of the package, because the CI runs `all.sh --list-components` outside of the venv that has our desired packages. Insisting on the package caused the CI to find nowhere to run `tf_psa_crypto_check_generated_files`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit adds the test code. A subsequent commit will add test data. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This currently consists of test data for direct mldsa-native calls in nominal conditions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Tests using randomized signatures were currently randomized. We need the output of the script to be reproducible, so this won't do. Force randomized signatures to use a specific RNG which is reset before constructing each test case. This way, the script's output is reproducible. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will probably help when a framework change causes the content of these files to change. See Mbed-TLS/mbedtls-test#252 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
3ddcec5
85b2add to
3ddcec5
Compare
|
I've done the obligatory rebase on top of |
These were previously omitted due an arbitrary line length limitation that has now been lifted: #690 Generated using (successive runs of) the following python script and then manually making the strings fixed-length by adding leading 0s where necessary. (Could fix the script, but since it takes a long time to run, did not feel like it.) p = 0xffffffffffffffffadf85458a2bb4a9aafdc5620273d3cf1d8b9c583ce2d3695a9e13641146433fbcc939dce249b3ef97d2fe363630c75d8f681b202aec4617ad3df1ed5d5fd65612433f51f5f066ed0856365553ded1af3b557135e7f57c935984f0c70e0e68b77e2a689daf3efe8721df158a136ade73530acca4f483a797abc0ab182b324fb61d108a94bb2c8e3fbb96adab760d7f4681d4f42a3de394df4ae56ede76372bb190b07a7c8ee0a6d709e02fce1cdf7e2ecc03404cd28342f619172fe9ce98583ff8e4f1232eef28183c3fe3b1b4c6fad733bb5fcbc2ec22005c58ef1837d1683b2c6f34a26c1b2effa886b4238611fcfdcde355b3b6519035bbc34f4def99c023861b46fc9d6e6c9077ad91d2691f7f7ee598cb0fac186d91caefe130985139270b4130c93bc437944f4fd4452e2d74dd364f2e21e71f54bff5cae82ab9c9df69ee86d2bc522363a0dabc521979b0deada1dbf9a42d5c4484e0abcd06bfa53ddef3c1b20ee3fd59d7c25e41d2b669e1ef16e6f52c3164df4fb7930e9e4e58857b6ac7d5f42d69f6d187763cf1d5503400487f55ba57e31cc7a7135c886efb4318aed6a1e012d9e6832a907600a918130c46dc778f971ad0038092999a333cb8b7a1a1db93d7140003c2a4ecea9f98d0acc0a8291cdcec97dcf8ec9b55a7f88a46b4db5a851f44182e1c68a007e5e0dd9020bfd64b645036c7a4e677d2c38532a3a23ba4442caf53ea63bb454329b7624c8917bdd64b1c0fd4cb38e8c334c701c3acdad0657fccfec719b1f5c3e4e46041f388147fb4cfdb477a52471f7a9a96910b855322edb6340d8a00ef092350511e30abec1fff9e3a26e7fb29f8c183023c3587e38da0077d9b4763e4e4b94b2bbc194c6651e77caf992eeaac0232a281bf6b3a739c1226116820ae8db5847a67cbef9c9091b462d538cd72b03746ae77f5e62292c311562a846505dc82db854338ae49f5235c95b91178ccf2dd5cacef403ec9d1810c6272b045b3b71f9dc6b80d63fdd4a8e9adb1e6962a69526d43161c1a41d570d7938dad4a40e329ccff46aaa36ad004cf600c8381e425a31d951ae64fdb23fcec9509d43687feb69edd1cc5e0b8cc3bdf64b10ef86b63142a3ab8829555b2f747c932665cb2c0f1cc01bd70229388839d2af05e454504ac78b7582822846c0ba35c35f5c59160cc046fd8251541fc68c9c86b022bb7099876a460e7451a8a93109703fee1c217e6c3826e52c51aa691e0e423cfc99e9e31650c1217b624816cdad9a95f9d5b8019488d9c0a0a1fe3075a577e23183f81d4a3f2fa4571efc8ce0ba8a4fe8b6855dfe72b0a66eded2fbabfbe58a30fafabe1c5d71a87e2f741ef8c1fe86fea6bbfde530677f0d97d11d49f7a8443d0822e506a9f4614e011e2a94838ff88cd68c8bb7c5c6424cffffffffffffffff g = 2 import random q = p >> 1 our_key = random.randrange(2, q) peer_prv = random.randrange(2, q) peer_pub = pow(g, peer_prv, p) shared = pow(peer_pub, our_key, p) print(f'key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"{our_key:x}":"{peer_pub:x}":"{shared:x}":PSA_SUCCESS') for i in range(1024): print(i) peer_prv = random.randrange(2, q) peer_pub = pow(g, peer_prv, p) shared = pow(peer_pub, our_key, p) if shared.bit_length() <= p.bit_length() - 8: break print(f'key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"{our_key:x}":"{peer_pub:x}":"{shared:x}":PSA_SUCCESS') Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
framework/util/requirements.txt.A step towards #633.
Needs preceding PR:
PR checklist
check_option_lists.pytocheck_committed_generated_files.py)