mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-11 16:13:50 +00:00

Author	SHA1	Message	Date
Valerio Setti	568799fe22	ssl_ciphersuites: fix typo Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-21 07:36:54 +02:00
Gilles Peskine	ead1766b5f	Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL "Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of making an empty salt work. But it didn't fix the case of an empty salt segment followed by a non-empty salt segment, which still invoked memcpy with a potentially null pointer as the source. This commit fixes that case, and also simplifies the logic in the function a little. Test data obtained with: ``` pip3 install cryptodome python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64 ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-20 22:05:16 +02:00
Dave Rodgman	f2249ec905	Rename mbedtls_aesce_has_support macro to satisfy case rules Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	b30adce7fd	Use -1 as uninitialised marker Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	4566132163	Make mbedtls_aesce_has_support more efficient Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-20 20:20:12 +01:00
Dave Rodgman	1fdc884ed8	Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode AES: Add accelerator only mode	2023-08-18 20:55:44 +00:00
David Horstmann	1923c91e15	Add ChangeLog entry for otherName SAN fixes Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-18 19:36:42 +01:00
David Horstmann	cfae6a1ae9	Fix incorrect detection of HardwareModuleName The hardware module name otherName SAN contains 2 OIDs: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING } The first, type-id, is the one that identifies the otherName as a HardwareModuleName. The second, hwType, identifies the type of hardware. This change fixes 2 issues: 1. We were erroneously trying to identify HardwareModuleNames by looking at hwType, not type-id. 2. We accidentally inverted the check so that we were checking that hwType did NOT match HardwareModuleName. This fix ensures that type-id is correctly checked to make sure that it matches the OID for HardwareModuleName. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-18 19:31:39 +01:00
David Horstmann	2ea44d28de	Fix: Set type_id in x509_get_other_name() When parsing a subject alternative name of type otherName, retain the type-id field of the otherName. Previously this was not copied to the mbedtls_x509_san_other_name struct when it should have been. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-08-18 18:36:02 +01:00
Kusumit Ghoderao	8eb55891ad	Add tests in derive_key for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 22:04:31 +05:30
Kusumit Ghoderao	1dd596541b	Add tests in derive_key_type for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 22:04:31 +05:30
Kusumit Ghoderao	1fe806a1a0	Add tests in derive_key_export for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 22:04:31 +05:30
Kusumit Ghoderao	e8f6a0d791	Add tests for derive_key_exercise for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 22:04:31 +05:30
Kusumit Ghoderao	ac7a04ac15	Move parse_binary_string function to psa_crypto_helpers Add test code for pbkdf2 in psa_exercise_key Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 22:04:16 +05:30
Jerry Yu	0a6272d6c9	revert padlock from aesni module Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:35:59 +08:00
Jerry Yu	61fc5ed5f3	improve readability of error message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:28:48 +08:00
Jerry Yu	372f7a04d0	Add missing check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-18 17:26:25 +08:00
Kusumit Ghoderao	5cad47df8a	Modify test description The test data was generated using the python script. PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len> derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-18 12:49:07 +05:30
Bence Szépkúti	505dffd5e3	Merge pull request #7937 from yanrayw/code_size_compare_improvement code_size_compare.py: preparation work to show code size changes in PR comment	2023-08-17 20:59:11 +00:00
Gilles Peskine	eeaad50cd6	Merge pull request #8079 from adeaarm/port_IAR_build_fix Small fixes for IAR support	2023-08-17 19:10:51 +00:00
Gilles Peskine	73936868b8	Merge remote-tracking branch 'development' into psa_crypto_config-in-full Conflicts: * tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed in the development branch.	2023-08-17 19:46:34 +02:00
Kusumit Ghoderao	e4d634cd87	Add tests with higher input costs for pbkdf2 Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-08-17 21:16:14 +05:30
Gilles Peskine	dbd13c3689	Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 15:38:35 +00:00
Antonio de Angelis	8e9d6b927e	Remove the workaround for psa_key_agreement_internal Remove the workaround for psa_key_agreement_internal to have a shared_secret array always non-zero. The spec is recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE is always non-zero Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-17 15:27:56 +01:00
Janos Follath	f2334b7b39	Remove new bignum when not needed New bignum modules are only needed when the new ecp_curves module is present. Remove them when they are not needed to save code size. Signed-off-by: Janos Follath <janos.follath@arm.com>	2023-08-17 14:36:59 +01:00
Agathiyan Bragadeesh	48eae138a5	Fix formatting in changelog Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 14:08:47 +01:00
Agathiyan Bragadeesh	2c018744e5	Add newline at end of changelog Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 14:00:10 +01:00
Gilles Peskine	294be94922	Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation PBKDF2 CMAC implementation	2023-08-17 11:15:16 +00:00
Valerio Setti	d31b28485b	driver-only-builds: update EC and FFDH sections Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-17 12:36:40 +02:00
Jerry Yu	9608447545	replace padlock_c with padlock_have_code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 18:10:45 +08:00
Jerry Yu	3a0f044bde	improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 17:06:21 +08:00
Agathiyan Bragadeesh	9ebfa7f64c	Fix style Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 10:00:45 +01:00
Jerry Yu	6c6b9f602c	Change document to match real status Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 16:53:01 +08:00
Agathiyan Bragadeesh	da8c587531	Add ChangeLog entry Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-17 09:37:46 +01:00
Jerry Yu	e9c6b53e74	remove return-type when runtime detection enabled without plain c This case does not exist Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 13:53:38 +08:00
Jerry Yu	f258d17acd	remove aesni + padlock - plain c tests This test is not valid for padlock depends on plain c Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 12:39:00 +08:00
Jerry Yu	1b4c7eda80	add hardware only check for padlock Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 11:25:17 +08:00
Jerry Yu	9e628621b4	Add via padlock detection macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 11:20:09 +08:00
Jerry Yu	2319af0d64	Change the order of runtime detection If aesni is available, we will use it. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 10:38:57 +08:00
Jerry Yu	35b59d7805	exclude arm64ec mode for aesni AESNI does not work correctly for msvc arm64ec Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-08-17 10:34:15 +08:00
Dave Rodgman	f4efd19dd0	Reduce code size in ccm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 22:37:32 +01:00
Dave Rodgman	2aaf888e0b	Adjust struct layout for small size win Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 22:37:31 +01:00
Dave Rodgman	509b567911	add ifdefs to reduce size of mbedtls_to_psa_error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 22:37:29 +01:00
Dave Rodgman	6f6820345a	add #ifdefs to reduce switch size Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 18:44:32 +01:00
Dave Rodgman	864f594acc	Adjust layout of some stucts Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 18:04:44 +01:00
Dave Rodgman	164614af3d	Reduce code-size to access key slots init flag Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 17:56:28 +01:00
Dave Rodgman	58c8b942d2	Eliminate redundant version of mbedtls_ct_memcmp Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 17:51:04 +01:00
Dave Rodgman	6a9fb932fb	Use MBEDTLS_GET_UINT16_BE in mbedtls_ecp_tls_read_group_id Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-16 17:50:36 +01:00
Agathiyan Bragadeesh	285f85f962	Remove unnecessary const type qualifiers in casts Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-08-16 17:15:48 +01:00
Antonio de Angelis	f1adc2a7a1	Use asm instead of __asm in constant_time.c The original IAR fix submitted to TF-M directly changed asm to __asm. But mbed TLS now has a workaround for such cases hence just remove the original change modification. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2023-08-16 12:48:48 +01:00

... 7 8 9 10 11 ...

27215 Commits