Skip to content

Support committed generated test data and add PQCP test data#690

Merged
mpg merged 15 commits into
Mbed-TLS:developmentfrom
gilles-peskine-arm:mldsa-pqcp-dispatch
Mar 3, 2026
Merged

Support committed generated test data and add PQCP test data#690
mpg merged 15 commits into
Mbed-TLS:developmentfrom
gilles-peskine-arm:mldsa-pqcp-dispatch

Conversation

@gilles-peskine-arm

@gilles-peskine-arm gilles-peskine-arm commented Feb 11, 2026

Copy link
Copy Markdown
Contributor
  1. Prepare to support more committed generated files.
  2. Prepare to support additional Python requirements from framework/util/requirements.txt.
  3. Generate ML-DSA test data from a new script, in partial fulfillment of Write PSA driver for ML-DSA using mldsa-native #633. Requires steps 1 and 2.

A step towards #633.

Needs preceding PR:

PR checklist

@gilles-peskine-arm gilles-peskine-arm added priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) needs-preceding-pr Requires another PR to be merged first labels Feb 11, 2026
@gilles-peskine-arm gilles-peskine-arm added the needs-ci Needs to pass CI tests label Feb 11, 2026
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review and removed needs-ci Needs to pass CI tests labels Feb 12, 2026
bjwtaylor
bjwtaylor previously approved these changes Feb 14, 2026

@bjwtaylor bjwtaylor left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR looks good, I had one question mainly for interest as to what the plan is for testing code enabled by TF_PSA_CRYPTO_PQCP_MLDSA_87_ENABLED. A quick, but by no means extensive grep for this config didn't produce any results in the tests. Do we have CI tests currently added that will build and test with this config, or is this future planned work? Or have I misunderstood a part of the future architecture?

@gilles-peskine-arm

Copy link
Copy Markdown
Contributor Author

@bjwtaylor A lot of all.sh components, and the Windows-NNNN jobs, are based on the full config, which enables most commented out boolean options in *config.h. So new experimental features such as MLDSA are tested in these components unless explicitly disabled.

You can check which components run a specific test, or with a specific option enabled, in the outcome file. The outcome-analysis job on the CI fails if a test case is never executed.

@valeriosetti valeriosetti self-requested a review February 16, 2026 10:00
@valeriosetti valeriosetti removed the needs-reviewer This PR needs someone to pick it up for review label Feb 16, 2026
@mpg

mpg commented Feb 18, 2026

Copy link
Copy Markdown
Contributor
  • mbedtls 3.6 PR not required because: new features

Well, should we backport the removal of the line length limitation in test data files there? I feel in the future it's going to be annoying if we have some test data that works in crypto/developmnet but then fails when trying to backport to 3.6.

@gilles-peskine-arm

Copy link
Copy Markdown
Contributor Author

should we backport the removal of the line length limitation in test data files there? I feel in the future it's going to be annoying if we have some test data that works in crypto/developmnet but then fails when trying to backport to 3.6.

I get your point. But also, in 3.6, currently, you can run some test suites without a heap, if the library is built without a heap. Granted, few test suites don't use malloc themselves anyway, and few users on constrainted platforms actually run the unit tests. But that's still the sort of requirement change that I'm uncomfortable with in an LTS branch.

valeriosetti
valeriosetti previously approved these changes Feb 20, 2026

@mpg mpg left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking pretty good to me, but a some minor and a few less minor points.

I have been able to reproduce the generated file locally with Python 3.12 (default in Ubuntu 24.04) in a fresh venv after running only scripts/min_requirements.py.

Comment thread tests/suites/host_test.function Outdated
Comment thread tests/suites/host_test.function
Comment thread tests/suites/host_test.function
Comment thread tests/scripts/components-basic-checks.sh Outdated
Comment thread tests/suites/test_suite_pqcp_mldsa.function Outdated
Comment thread tests/suites/test_suite_pqcp_mldsa.function
Comment thread tests/suites/test_suite_pqcp_mldsa.function
Comment thread tests/suites/test_suite_pqcp_mldsa.function
Comment thread tests/scripts/check_committed_generated_files.py Outdated
valeriosetti
valeriosetti previously approved these changes Feb 26, 2026
Check the Python version, not the presence of the package,
because the CI runs `all.sh --list-components` outside of the
venv that has our desired packages. Insisting on the package caused the CI
to find nowhere to run `tf_psa_crypto_check_generated_files`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit adds the test code. A subsequent commit will add test data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This currently consists of test data for direct mldsa-native calls in
nominal conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Tests using randomized signatures were currently randomized. We need the
output of the script to be reproducible, so this won't do.

Force randomized signatures to use a specific RNG which is reset before
constructing each test case. This way, the script's output is reproducible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will probably help when a framework change causes the content of these
files to change. See Mbed-TLS/mbedtls-test#252

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm

Copy link
Copy Markdown
Contributor Author

I've done the obligatory rebase on top of development to resolve the framework conflict. The whole framework update is now in the first commit, otherwise the history remains the same.

@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members and removed approved Design and code approved - may be waiting for CI or backports labels Feb 27, 2026

@mpg mpg left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still LGTM after rebase.

@mpg mpg added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members labels Mar 3, 2026
@mpg mpg added this pull request to the merge queue Mar 3, 2026
Merged via the queue into Mbed-TLS:development with commit e3e31a7 Mar 3, 2026
3 checks passed
@github-project-automation github-project-automation Bot moved this from Has Approval to Done in Roadmap pull requests (new board) Mar 3, 2026
minosgalanakis pushed a commit that referenced this pull request Mar 31, 2026
These were previously omitted due an arbitrary line length limitation
that has now been lifted: #690

Generated using (successive runs of) the following python script and
then manually making the strings fixed-length by adding leading 0s where
necessary. (Could fix the script, but since it takes a long time to run,
did not feel like it.)

p = 0xffffffffffffffffadf85458a2bb4a9aafdc5620273d3cf1d8b9c583ce2d3695a9e13641146433fbcc939dce249b3ef97d2fe363630c75d8f681b202aec4617ad3df1ed5d5fd65612433f51f5f066ed0856365553ded1af3b557135e7f57c935984f0c70e0e68b77e2a689daf3efe8721df158a136ade73530acca4f483a797abc0ab182b324fb61d108a94bb2c8e3fbb96adab760d7f4681d4f42a3de394df4ae56ede76372bb190b07a7c8ee0a6d709e02fce1cdf7e2ecc03404cd28342f619172fe9ce98583ff8e4f1232eef28183c3fe3b1b4c6fad733bb5fcbc2ec22005c58ef1837d1683b2c6f34a26c1b2effa886b4238611fcfdcde355b3b6519035bbc34f4def99c023861b46fc9d6e6c9077ad91d2691f7f7ee598cb0fac186d91caefe130985139270b4130c93bc437944f4fd4452e2d74dd364f2e21e71f54bff5cae82ab9c9df69ee86d2bc522363a0dabc521979b0deada1dbf9a42d5c4484e0abcd06bfa53ddef3c1b20ee3fd59d7c25e41d2b669e1ef16e6f52c3164df4fb7930e9e4e58857b6ac7d5f42d69f6d187763cf1d5503400487f55ba57e31cc7a7135c886efb4318aed6a1e012d9e6832a907600a918130c46dc778f971ad0038092999a333cb8b7a1a1db93d7140003c2a4ecea9f98d0acc0a8291cdcec97dcf8ec9b55a7f88a46b4db5a851f44182e1c68a007e5e0dd9020bfd64b645036c7a4e677d2c38532a3a23ba4442caf53ea63bb454329b7624c8917bdd64b1c0fd4cb38e8c334c701c3acdad0657fccfec719b1f5c3e4e46041f388147fb4cfdb477a52471f7a9a96910b855322edb6340d8a00ef092350511e30abec1fff9e3a26e7fb29f8c183023c3587e38da0077d9b4763e4e4b94b2bbc194c6651e77caf992eeaac0232a281bf6b3a739c1226116820ae8db5847a67cbef9c9091b462d538cd72b03746ae77f5e62292c311562a846505dc82db854338ae49f5235c95b91178ccf2dd5cacef403ec9d1810c6272b045b3b71f9dc6b80d63fdd4a8e9adb1e6962a69526d43161c1a41d570d7938dad4a40e329ccff46aaa36ad004cf600c8381e425a31d951ae64fdb23fcec9509d43687feb69edd1cc5e0b8cc3bdf64b10ef86b63142a3ab8829555b2f747c932665cb2c0f1cc01bd70229388839d2af05e454504ac78b7582822846c0ba35c35f5c59160cc046fd8251541fc68c9c86b022bb7099876a460e7451a8a93109703fee1c217e6c3826e52c51aa691e0e423cfc99e9e31650c1217b624816cdad9a95f9d5b8019488d9c0a0a1fe3075a577e23183f81d4a3f2fa4571efc8ce0ba8a4fe8b6855dfe72b0a66eded2fbabfbe58a30fafabe1c5d71a87e2f741ef8c1fe86fea6bbfde530677f0d97d11d49f7a8443d0822e506a9f4614e011e2a94838ff88cd68c8bb7c5c6424cffffffffffffffff
g = 2

import random

q = p >> 1
our_key = random.randrange(2, q)

peer_prv = random.randrange(2, q)
peer_pub = pow(g, peer_prv, p)
shared = pow(peer_pub, our_key, p)

print(f'key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"{our_key:x}":"{peer_pub:x}":"{shared:x}":PSA_SUCCESS')

for i in range(1024):
    print(i)
    peer_prv = random.randrange(2, q)
    peer_pub = pow(g, peer_prv, p)
    shared = pow(peer_pub, our_key, p)

    if shared.bit_length() <= p.bit_length() - 8:
        break

print(f'key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"{our_key:x}":"{peer_pub:x}":"{shared:x}":PSA_SUCCESS')

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Design and code approved - may be waiting for CI or backports priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)

Development

Successfully merging this pull request may close these issues.

4 participants