mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-09 19:14:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
26,797 Commits 174 Branches 263 Tags
Commit Graph

9561 Commits

Author SHA1 Message Date
Przemek Stekiel
85b644262d Add ffdh accel vs reference check to analyze_outcomes.py 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Przemek Stekiel
01c248c00b Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Kusumit Ghoderao
7333ed3efa Add max iterations test case for cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a Add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c Add test cases for key and plain inputs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c Add test cases for output validation of pbkdf2 cmac 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1 Add test cases for input validation of pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Pengyu Lv
b687c03183 Fix the command for server9-sha*.crt 
The new command could generate
parse_input/server9-sha*.crt correctly.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
49c56e651d Add target for parse_input/cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
19e949e644 Fix typo and long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
736d2bb715 Update crl-rsa-pss-*.pem manually 
The rules will be in a seperate PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
59f392cd4d upgrade server9-bad-saltlen.crt 
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
4ad45c01b9 Update server9*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
8c40c573b2 Add server9-bad-{mgfhash,saltlen}.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
b5ac935e44 Add rules to generate server9*.crt 
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
4ca9520582 Update server1-nospace.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
0efdfcbfd3 Update v1 crt files 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
0d545a1815 Update cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
e025cb2096 Add rules to generate cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
d9ba29733e Update server5.[e]ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
1ca5c0eae9 Add rules to generate server5.[e]ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
5b91dc7265 Update server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
0063599e6f Add rules to generate server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
55ee7f8e13 Add rule for server2-badsign.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
0f381fd02f Update test-ca2.ku-*.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv
5a1dbf3d6e Fix the rule for server5-ss-forgeca.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
affc294dfe Add the rule and update server6-ss-child.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu
4d69b29076 Update server5-selfsigned.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes 
Fix AES dependencies - build TF-M config cleanly
 2023-07-03 16:49:00 +01:00
Andrzej Kurek
cf669b058b Add a dummy usage of a pointer in tests 
This way clang with O1 doesn't optimize it.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-03 10:42:27 -04:00
Gilles Peskine
e554f1b9c0
Merge pull request #7853 from lpy4105/issue/7816/add-commands-for-files-in-parse_input 
7831 follow-up: fix wrong dependency name and wrong commands
 2023-07-03 16:00:45 +02:00
Dave Rodgman
0d539c222c
Merge pull request #7702 from silabs-Kusumit/PBKDF2_out_of_range_input_cost 
PBKDF2: Out of range input cost
 2023-07-03 09:58:22 +01:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Manuel Pégourié-Gonnard
45e009aa97
Merge pull request #7814 from valeriosetti/issue7746 
PK: refactor wrappers in the USE_PSA case
 2023-07-03 09:32:31 +02:00
Tom Cosgrove
c4a760c538
Merge pull request #7849 from davidhorstmann-arm/fix-string-to-names-retcode 
Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:29 +01:00
Andrzej Kurek
78ecf41f22 Change spaces to a tab in a makefile recipe 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-30 08:42:05 -04:00
Andrzej Kurek
03478d2b90
Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-30 14:38:05 +02:00
Dave Rodgman
a2c1a387e4
Merge pull request #7630 from daverodgman/prefer-intrinsics 
Prefer intrinsics over asm for AES-NI
 2023-06-30 11:39:38 +01:00
Dave Rodgman
2d07a72b35
Merge pull request #7821 from davidhorstmann-arm/simplify-test-dn-formatting 
Simplify directory name comparison in AuthorityKeyIdentifier tests
 2023-06-30 11:38:03 +01:00
Gabor Mezei
c810707980
Add check for the ecp module variants 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 11:39:21 +02:00
Gabor Mezei
9b6b5a06d5
Enable testing the cloned ecp module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 11:39:20 +02:00
Valerio Setti
eabfef3d1b generate_psa_tests: fix docstring for tweak_key_pair_dependency function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 11:09:43 +02:00
Valerio Setti
0c42c435f1 generate_psa_tests: optimize code for key pair dependencies generation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
c0d2f8417a test: replace all KEY_TYPE_ECC_KEY_PAIR with proper symbols 
Note: the DERIVE option is intentionally skipped from the acceleration
list because this feature is still not supported.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
27c501a10c lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT 
Also the python script for automatic test generation is fixed accordingly

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
072bded588 test: use proper key pair symbols in accelerated list for EC curve test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
7bbd98fad0 generate_psa_tests: minor fixes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
24c64e8b34 generate_psa_tests: improve script to handle all generated files 
For now RSA key pairs' dependencies are kept to LEGACY, but this
is going to be updated in #7772.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
4c0174de2e psa: replace remaining ECC_KEY_PAIR_LEGACY symbols with proper ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
656f5ff23e generate_psa_tests: remove GENPRIME from dependencies of RSA key pair 
This is automatically included by the new RSA_KEY_PAIR_GENERATE
symbol.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00