mbedtls/tests/suites
Manuel Pégourié-Gonnard f2268d1c17 Reject low-order points on Curve25519 early
We were already rejecting them at the end, due to the fact that with the
usual (x, z) formulas they lead to the result (0, 0) so when we want to
normalize at the end, trying to compute the modular inverse of z will
give an error.

If we wanted to support those points, we'd a special case in
ecp_normalize_mxz(). But it's actually permitted by all sources
(RFC 7748 say we MAY reject 0 as a result) and recommended by some to
reject those points (either to ensure contributory behaviour, or to
protect against timing attack when the underlying field arithmetic is
not constant-time).

Since our field arithmetic is indeed not constant-time, let's reject
those points before they get mixed with sensitive data (in
ecp_mul_mxz()), in order to avoid exploitable leaks caused by the
special cases they would trigger. (See the "May the Fourth" paper
https://eprint.iacr.org/2017/806.pdf)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-25 14:06:45 +01:00
..
helpers.function Make {USE_,}PSA_{INIT,DONE} available in all test suites 2021-02-22 19:08:14 +01:00
host_test.function Fix build error when int32_t is not int 2021-05-18 16:43:00 +02:00
main_test.function Rewrite error addition interface 2021-04-13 15:24:25 +01:00
target_test.function Add documentation and minor style changes 2021-02-03 12:07:01 +00:00
test_suite_aes.cbc.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.cfb.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.ecb.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.function Free context in at the end of aes_crypt_xts_size() 2021-06-17 16:15:31 +01:00
test_suite_aes.ofb.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.rest.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_aes.xts.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_arc4.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_arc4.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_aria.data aria: Remove duplicate test cases 2019-09-20 15:58:27 +02:00
test_suite_aria.function tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE 2020-07-30 14:18:02 +02:00
test_suite_asn1parse.data Merge pull request #350 from gilles-peskine-arm/asn1-tests-parse_prefixes-trailing_garbage 2020-02-05 15:40:22 +00:00
test_suite_asn1parse.function Add documentation and minor style changes 2021-02-03 12:07:01 +00:00
test_suite_asn1write.data Add test cases for ASN.1 ENUMERATED tag 2019-10-31 19:17:36 +02:00
test_suite_asn1write.function Move helper testing functions to tests/src/helpers.c 2021-01-20 15:56:42 +00:00
test_suite_base64.data Fix misnamed base64 test 2021-03-04 14:23:03 +00:00
test_suite_base64.function Prevent false positive CF Test Failures 2021-03-02 22:48:40 +00:00
test_suite_blowfish.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_blowfish.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_camellia.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_camellia.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_ccm.data Merge pull request #3772 from frestr/bugfix/ccm_add_length 2020-10-21 22:31:48 +02:00
test_suite_ccm.function More robust code to set the IV 2021-02-09 12:00:13 +01:00
test_suite_chacha20.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_chacha20.function tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE 2020-07-30 14:18:02 +02:00
test_suite_chachapoly.data chachapoly: add test for state flow 2018-05-24 13:37:31 +02:00
test_suite_chachapoly.function tests: Get rid of mbedtls_test_unhexify() in unit test code 2020-06-26 10:45:16 +02:00
test_suite_cipher.aes.data Increase test coverage by adding AES and CAMELLIA empty buffer tests 2020-03-24 13:18:58 -04:00
test_suite_cipher.arc4.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_cipher.aria.data Add negative tests for empty buffer decoding for certain ciphers 2019-07-29 17:46:29 +02:00
test_suite_cipher.blowfish.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_cipher.camellia.data Increase test coverage by adding AES and CAMELLIA empty buffer tests 2020-03-24 13:18:58 -04:00
test_suite_cipher.ccm.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cipher.chacha20.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cipher.chachapoly.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cipher.des.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_cipher.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_cipher.gcm.data Fix dependency in AES GCM test case 2020-06-26 22:40:58 +02:00
test_suite_cipher.misc.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cipher.nist_kw.data Test data: replace "::" by ":" 2019-09-20 16:01:59 +02:00
test_suite_cipher.null.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_cipher.padding.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cmac.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_cmac.function Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_ctr_drbg.data Remove selftest dependency in the test suite 2019-11-21 13:49:20 +01:00
test_suite_ctr_drbg.function Support set *_drbg reseed interval before seed 2020-11-25 14:25:56 -08:00
test_suite_debug.data Revert "Remove tests that depend on TLS or X.509" 2020-03-19 14:17:54 +01:00
test_suite_debug.function Revert "Remove tests that depend on TLS or X.509" 2020-03-19 14:17:54 +01:00
test_suite_des.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_des.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_dhm.data DHM: add test case with x_size < 0 2021-06-02 21:39:31 +02:00
test_suite_dhm.function DHM tests: add some explanations 2021-06-02 21:39:31 +02:00
test_suite_ecdh.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_ecdh.function Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional 2021-06-02 21:31:24 +02:00
test_suite_ecdsa.data Correct the new tests names 2021-04-07 19:19:47 +02:00
test_suite_ecdsa.function Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional 2021-06-02 21:31:24 +02:00
test_suite_ecjpake.data ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that 2021-03-17 11:36:31 +01:00
test_suite_ecjpake.function tests: Reformating due to rnd_* renaming 2020-06-12 14:33:08 +02:00
test_suite_ecp.data Reject low-order points on Curve25519 early 2021-06-25 14:06:45 +01:00
test_suite_ecp.function Check MBEDTLS_ECP_MAX_xxx constants in unit tests 2021-06-11 21:43:26 +02:00
test_suite_entropy.data Merge pull request #3616 from militant-daos/bug_3175 2021-03-30 17:33:08 +02:00
test_suite_entropy.function Merge pull request #3616 from militant-daos/bug_3175 2021-03-30 17:33:08 +02:00
test_suite_error.data The Great Renaming 2015-04-08 13:25:31 +02:00
test_suite_error.function Intermediate hexify out change 2018-08-06 11:40:57 +01:00
test_suite_gcm.aes128_de.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes128_en.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes192_de.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes192_en.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes256_de.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.aes256_en.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_gcm.camellia.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_gcm.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_gcm.misc.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_hkdf.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_hkdf.function tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE 2020-07-30 14:18:02 +02:00
test_suite_hmac_drbg.function Support set *_drbg reseed interval before seed 2020-11-25 14:25:56 -08:00
test_suite_hmac_drbg.misc.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_hmac_drbg.no_reseed.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_hmac_drbg.nopr.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_hmac_drbg.pr.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_md.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_md.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_mdx.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_mdx.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_memory_buffer_alloc.data More accurate test case description 2019-10-31 15:07:35 +01:00
test_suite_memory_buffer_alloc.function Enable more test cases without MBEDTLS_MEMORY_DEBUG 2019-10-31 15:07:45 +01:00
test_suite_mpi.data Fix mistakes in test case descriptions 2021-06-02 22:28:14 +02:00
test_suite_mpi.function Lift function call out of inner loop 2021-06-02 22:28:27 +02:00
test_suite_mps.data Add unit test for integer overflow in mbedtls_mps_reader_reclaim() 2021-03-29 14:20:18 +01:00
test_suite_mps.function Update tests/suites/test_suite_mps.function 2021-03-29 14:20:18 +01:00
test_suite_net.data Add test for mbedtls_net_poll beyond FD_SETSIZE 2021-02-25 15:56:48 +01:00
test_suite_net.function Clarify how a file descriptor could still be more than the limit 2021-03-01 11:43:56 +01:00
test_suite_nist_kw.data Uniquify test case descriptions 2019-09-20 15:59:31 +02:00
test_suite_nist_kw.function tests: Get rid of mbedtls_test_unhexify() in unit test code 2020-06-26 10:45:16 +02:00
test_suite_oid.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_oid.function Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_pem.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_pem.function Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_pk.data Rename ECC Family Macros According to PSA Spec 2020-07-02 16:59:30 +01:00
test_suite_pk.function Make {USE_,}PSA_{INIT,DONE} available in all test suites 2021-02-22 19:08:14 +01:00
test_suite_pkcs1_v15.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_pkcs1_v15.function Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional 2021-06-02 21:31:24 +02:00
test_suite_pkcs1_v21.data Added random material in the pkcs1 v21 salt length = max tests 2021-01-10 16:31:09 +01:00
test_suite_pkcs1_v21.function Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional 2021-06-02 21:31:24 +02:00
test_suite_pkcs5.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_pkcs5.function tests: Reformating due to hexcmp() renaming 2020-06-12 14:33:08 +02:00
test_suite_pkparse.data Remove spurious dependencies on PEM 2021-05-31 20:26:12 +02:00
test_suite_pkparse.function Clean up test function pk_parse_key 2020-02-18 10:18:43 +01:00
test_suite_pkwrite.data pk_write test cases with short/long private key 2019-11-05 15:32:53 +01:00
test_suite_pkwrite.function Remove Extraneous bytes from buffer post pem write 2020-12-07 17:29:42 +00:00
test_suite_poly1305.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_poly1305.function tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE 2020-07-30 14:18:02 +02:00
test_suite_psa_crypto.data Fix copypasta in test data 2021-06-14 18:08:26 +02:00
test_suite_psa_crypto.function Add bad-workflow key derivation tests 2021-06-14 18:08:26 +02:00
test_suite_psa_crypto_attributes.data Update PSA crypto test dependencies 2021-03-24 09:26:44 +01:00
test_suite_psa_crypto_attributes.function tests: psa: Test PSA client-only code 2021-02-01 13:17:23 +01:00
test_suite_psa_crypto_driver_wrappers.data Merge pull request #4357 from gabor-mezei-arm/3267_Implement_psa_sign_message_and_verify 2021-05-17 10:14:46 +02:00
test_suite_psa_crypto_driver_wrappers.function Merge pull request #4357 from gabor-mezei-arm/3267_Implement_psa_sign_message_and_verify 2021-05-17 10:14:46 +02:00
test_suite_psa_crypto_entropy.data tests: psa: Change Elliptic curve defines to PSA names 2021-03-10 13:19:45 -07:00
test_suite_psa_crypto_entropy.function Remove some remaining uses of deprecated constants 2021-05-17 22:31:15 +02:00
test_suite_psa_crypto_hash.data Update PSA crypto test dependencies 2021-03-24 09:26:44 +01:00
test_suite_psa_crypto_hash.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_psa_crypto_init.data CTR_DRBG: define a constant for the default entropy nonce length 2019-10-23 19:47:05 +02:00
test_suite_psa_crypto_init.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_psa_crypto_metadata.data Update all uses of old AEAD output size macros 2021-04-15 17:32:06 +02:00
test_suite_psa_crypto_metadata.function Update all uses of old AEAD output size macros 2021-04-15 17:32:06 +02:00
test_suite_psa_crypto_not_supported.function Fix test code under MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 2021-02-17 14:58:29 +01:00
test_suite_psa_crypto_not_supported.generated.data Add key material for twisted Edwards curves 2021-03-29 15:08:10 +02:00
test_suite_psa_crypto_not_supported.misc.data New test suite for not-supported cases: key creation (import, generate) 2021-02-17 14:50:17 +01:00
test_suite_psa_crypto_persistent_key.data tests: psa: Fix expected error code 2021-04-01 14:54:50 +02:00
test_suite_psa_crypto_persistent_key.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_psa_crypto_se_driver_hal.data tests: psa: Fix expected error code 2021-04-01 14:54:50 +02:00
test_suite_psa_crypto_se_driver_hal.function Increment the test step number when invalidating a key 2021-02-23 20:36:07 +01:00
test_suite_psa_crypto_se_driver_hal_mocks.data Update SE support to pass a location when registering a driver 2020-05-11 11:15:26 +02:00
test_suite_psa_crypto_se_driver_hal_mocks.function Include psa_crypto_helpers.h in helpers.function 2021-01-06 18:21:18 +01:00
test_suite_psa_crypto_slot_management.data Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code 2021-04-06 18:46:30 +02:00
test_suite_psa_crypto_slot_management.function Update tests for other invalid key operations. 2021-03-17 16:11:05 +00:00
test_suite_psa_crypto_storage_format.current.data Abbreviate algorithms in test descriptions 2021-05-25 19:35:14 +02:00
test_suite_psa_crypto_storage_format.function key_storage_read: pass exercise as a flag rather than a boolean 2021-05-25 19:35:20 +02:00
test_suite_psa_crypto_storage_format.misc.data Test code for storage format stability 2021-03-10 23:22:35 +01:00
test_suite_psa_crypto_storage_format.v0.data key_storage_read: pass exercise as a flag rather than a boolean 2021-05-25 19:35:20 +02:00
test_suite_psa_its.data Update and add tests 2020-11-26 15:54:35 +01:00
test_suite_psa_its.function Fix potential buffer overflow in printf 2021-03-10 17:00:32 +00:00
test_suite_random.data Explain the "external RNG large" test case 2021-02-16 15:46:06 +01:00
test_suite_random.function Exclude random_twice tests with MBEDTLS_TEST_NULL_ENTROPY 2021-02-16 15:46:06 +01:00
test_suite_rsa.data Add init-free tests for RSA 2021-02-22 19:24:03 +01:00
test_suite_rsa.function Merge pull request #3183 from meuter/development 2021-04-06 21:36:06 +02:00
test_suite_shax.data Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
test_suite_shax.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00
test_suite_ssl.data tests: Fix test arguments separator 2021-05-05 09:02:13 +02:00
test_suite_ssl.function avoid -Wmaybe-uninitialized when buiding with gcc11 2021-05-13 10:26:52 -04:00
test_suite_timing.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_timing.function Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_version.data Bump version to 2.26.0 2021-03-09 16:09:18 +00:00
test_suite_version.function Fix GCC format-signedness warnings 2020-04-22 16:01:48 +02:00
test_suite_x509parse.data Merge pull request #773 from paul-elliott-arm/discrepancy_cert 2020-12-03 12:19:39 +01:00
test_suite_x509parse.function Apply MBEDTLS_ERROR_ADD to library 2021-04-15 11:19:47 +01:00
test_suite_x509write.data Mark basic constraints critical as appropriate. 2020-09-21 18:25:35 -07:00
test_suite_x509write.function Make {USE_,}PSA_{INIT,DONE} available in all test suites 2021-02-22 19:08:14 +01:00
test_suite_xtea.data Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
test_suite_xtea.function tests: suites: Remove hex in name of variables of type data_t 2020-07-01 17:10:15 +02:00