mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-07 06:40:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
25,852 Commits 170 Branches 263 Tags
Commit Graph

25852 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kusumit Ghoderao
5168bd5f0f Add changelog entry 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
7333ed3efa Add max iterations test case for cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a Add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c Add test cases for key and plain inputs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
3fde8feaa9 FIx name of macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
b3042c39fe Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c Add test cases for output validation of pbkdf2 cmac 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1 Add test cases for input validation of pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
4536bb6f2b Change mac_size parameter in driver_mac_compute to output length 
See #7801 for reference

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
a2520a5b7e Add pbkdf2 cmac to key derivation output_bytes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
3d5edb8eef Add input password function for pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
2cd649684a Add pbkdf2_cmac to key derivation setup 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
857cd4b3ee Add AES_CMAC_PRF_128 output size macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
3ab146f99e Add builtin pbkdf2 cmac guard for all the pbkdf2 functions 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
dd45667a18 Define struct for pbkdf2_cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
3cb6e41dfa Add define for builtin pbkdf2_cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Manuel Pégourié-Gonnard
443589ac53
Merge pull request #7870 from valeriosetti/fix-tls13-guards 
tls13: fix guards for PSA error translating function
 2023-07-04 11:21:14 +02:00
Tom Cosgrove
1940e7bae4
Merge pull request #7671 from yanrayw/7360-code-size-improve-format 
code size: improve format of csv file
 2023-07-04 09:15:48 +01:00
Tom Cosgrove
9b20c6fcc1
Merge pull request #7840 from yanrayw/7381_aes_gen_table 
AES: use uint8_t for array of pow and log to save RAM usage
 2023-07-04 08:34:12 +01:00
Valerio Setti
dbd01cb677 tls13: fix guards for PSA error translating function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-04 09:18:52 +02:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes 
Fix AES dependencies - build TF-M config cleanly
 2023-07-03 16:49:00 +01:00
Gilles Peskine
e554f1b9c0
Merge pull request #7853 from lpy4105/issue/7816/add-commands-for-files-in-parse_input 
7831 follow-up: fix wrong dependency name and wrong commands
 2023-07-03 16:00:45 +02:00
Dave Rodgman
0d539c222c
Merge pull request #7702 from silabs-Kusumit/PBKDF2_out_of_range_input_cost 
PBKDF2: Out of range input cost
 2023-07-03 09:58:22 +01:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Manuel Pégourié-Gonnard
45e009aa97
Merge pull request #7814 from valeriosetti/issue7746 
PK: refactor wrappers in the USE_PSA case
 2023-07-03 09:32:31 +02:00
Valerio Setti
f7cd419ade pk: ignore opaque EC keys in pk_setup when they are not supported 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:11:29 +02:00
Valerio Setti
35d1dacd82 pk_wrap: fix: always clear buffer holding private key in eckey_check_pair_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:04:16 +02:00
Valerio Setti
38913c16b0 pk_wrap: do not support opaque EC keys when !PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 16:18:33 +02:00
Tom Cosgrove
c4a760c538
Merge pull request #7849 from davidhorstmann-arm/fix-string-to-names-retcode 
Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:29 +01:00
Andrzej Kurek
78ecf41f22 Change spaces to a tab in a makefile recipe 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-30 08:42:05 -04:00
Andrzej Kurek
03478d2b90
Merge branch 'development' into issue/7816/add-commands-for-files-in-parse_input 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-30 14:38:05 +02:00
Dave Rodgman
c23d2222ea
Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix 
Fix crypt_and_hash decrypt issue when used with stream cipher
 2023-06-30 11:42:35 +01:00
Dave Rodgman
a2c1a387e4
Merge pull request #7630 from daverodgman/prefer-intrinsics 
Prefer intrinsics over asm for AES-NI
 2023-06-30 11:39:38 +01:00
Dave Rodgman
2d07a72b35
Merge pull request #7821 from davidhorstmann-arm/simplify-test-dn-formatting 
Simplify directory name comparison in AuthorityKeyIdentifier tests
 2023-06-30 11:38:03 +01:00
Dave Rodgman
38939f705a
Merge pull request #7822 from gilles-peskine-arm/code-style-since 
code_style.py --since
 2023-06-30 11:37:02 +01:00
Manuel Pégourié-Gonnard
3f2448b75e
Merge pull request #7802 from AndrzejKurek/go-go-der-certs 
Use DER format for x509 SAN tests
 2023-06-30 09:36:08 +02:00
Gilles Peskine
0ca2a1f51b
Merge pull request #7646 from gilles-peskine-arm/psa-driver-transaction-testing-spec 
Storage resilience with stateful secure elements: design document
 2023-06-29 18:25:52 +02:00
Pengyu Lv
18730ddbcf fix fragile way to refer to server1.req.sha256 
The original varible $< is fragile especially
when there are multiple rules for the same
target.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-30 00:23:13 +08:00
Dave Rodgman
1a4936ab86 Remove options not known to older gcc 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-29 14:07:50 +01:00
Valerio Setti
88a3aeed9f pk_wrap: use PK_HAVE_ECC_KEYS as guard for ecdsa_opaque_check_pair_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 15:01:10 +02:00
Valerio Setti
d9d74c285b pk_wrap: guard all ECDSA function with MBEDTLS_PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 15:00:02 +02:00
Valerio Setti
4d1daf8f8d pk_wrap: minor fixes for guards 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
97976e3e4c pk_wrap: always fill all the fields of the pk_info structures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
76d0f9637c pk: uniform naming of functions and structures in pk/pk_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
884c1ec1f5 pk_wrap: share code for selecting the psa_alg in ECDSA sign 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
574a00b576 pk_wrap: minor reorganization for opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
5c26b30d9e pk_wrap: add missing labels to #else and #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
bb7603a28f pk_wrap: optimize eckey_check_pair() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
f69514a7d8 pk_wrap: name all the fields of the pk_info structs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
e77307738d pk_wrap: add support for ECDSA verify for opaque keys 
This commit also add tests to verify the functionality

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00